Page tree

The Shibboleth 2.x software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP30 and SP3 wiki spaces for current documentation on the supported versions.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 38 Next »

Shibboleth 2 Identity Provider Configuration

The Shibboleth 2.0 IdP uses the following configuration files to control various aspects of its operation:

  • attribute-filter.xml: Configures the release of attributes to SP's.
  • attribute-resolver.xml: Configures attribute collection, transformation, and encoding.
  • handler.xml: Configures how the IdP receives messages various message types.
  • relying-party.xml: Configures how the IdP processes messages that are received.
  • logging.xml: Configuration of the IdP's logging system. You might want to use this to debug problems.
  • login.config: Configuration for the Username/Password authentication mechanism.
  • service.xml: Configuration for coarse grained IdP components. Most people will never edit this.
  • internal.xml: Low-level IdP configuration file. Most people will never edit this.
  • tc_config.xml: Terracotta clustering configuration. Added in 2.1.

It also relies on configuration of the web environment for some features.

Configuration by Task

Talk to a New Service Provider

Describes how to communicate with a new service provider.

Define and Release a New Attribute

Describes how to configure the attribute resolver and filter engine to create and release attributes to a service provider.

Define a New Attribute Filter

Describes how to define a new attribute filter policy in order to control the release of a configured attribute.

Customize User Authentication

Describes how to change the IdP's default authentication mechanism and how to configure per service provider authentication mechanisms.

Support a new Name Identifier

Describes how to add support for a new name identifier type either for the entire IdP or for a given service provider.

Define a New Metadata Source

Describes how to read a new source of metadata information and how to apply filters to a source.

Define a New Cryptographic Credential

Describes how to read in new cryptographic credentials (e.g. private keys, certificates) and make them available for cryptographic operations.

Configure XML Signature & Encryption

Describes how to enable configure XML signing and encryption support.

Configure a new Trust Engine

Describes how to configure a new trust engine that may be used to validate signatures and client certificates.

Customize the IdP Logs

Describes how to customize the IdP's logging files and describes the format of the Audit and Access logs.

Customize IdP Configuration Loading

Describes how to customize the manner in which the IdP loads its configuration information. This includes loading configuration from URLs, enabling configuration reloading, etc.

Enable IdP Clustering Support

Describes how to configure multiple running instances of an IdP to share state.

Determine IdP Version

Describes how to determine the IdP version number.

Use Two or More LDAP Directories

Use multiple separate LDAP directories and user bases with a single IdP.

Active Directory Configuration Issues

Issues that arise when configuring the Identity Provider to communicate with an Active Directory server.

  • No labels