...
After installation Shibboleth configuration files are placed at /etc/shibboleth/. Necessary Apache configuration in /etc/httpd/conf.d/shib.conf (Redhat/Centos), /etc/apache2/conf-available/shib2.conf (Ubuntu). Make sure shib.conf is included in your Apache configuration file. If you are converting CUWebAuth to Shibboleth on a production server, make sure you set "ShibCompatValidUser" to "On" in shib.conf to avoid interruption to your website's authentication. Set it back to "Off" after you finish the conversion.
| Expand | ||
|---|---|---|
| ||
Download our sample attribute-map.xml and replace your /etc/shibboleth/attribute-map.xml with downloaded file. Our attribute-map.xml defines all commonly used attributes. All attributes except groups defined in attribute-map.xml are released by default to all SP. Attribute "groups" is released on demand. Please specify your group names in Shibboleth Integration Request form. Shibboleth IDP doesn't support nested groups( for example group B is a member of group A, user C is a member of group B, IDP doesn't know user C is a member of group A) . If you have to use nested group, you need to convert nested group to dynamic group. |
...