Standalone discovery » History » Version 1
Redmine Admin, 01/10/2017 09:31 AM
| 1 | 1 | Redmine Admin | h1. Standalone discovery (shibboleth) |
|---|---|---|---|
| 2 | |||
| 3 | We need to use a standalone idp discovery in our setup. If you don't have any specific requirements (like edugain in our case) you can use the one provided by clarin (http://clarin.eu/content/clarin-discovery-service). |
||
| 4 | |||
| 5 | h2. Deploy and setup idpdiscovery.js |
||
| 6 | |||
| 7 | https://redmine.ms.mff.cuni.cz/projects/lindat-aai/wiki/Idp_discovery |
||
| 8 | |||
| 9 | h2. Set shibboleth |
||
| 10 | |||
| 11 | The important part in shibboleth2.xml |
||
| 12 | |||
| 13 | <pre> |
||
| 14 | <!-- |
||
| 15 | Configures SSO for a default IdP. To allow for >1 IdP, remove |
||
| 16 | entityID property and adjust discoveryURL to point to discovery service. |
||
| 17 | (Set discoveryProtocol to "WAYF" for legacy Shibboleth WAYF support.) |
||
| 18 | You can also override entityID on /Login query string, or in RequestMap/htaccess. |
||
| 19 | --> |
||
| 20 | <SSO discoveryProtocol="SAMLDS" discoveryURL="https://lindat.mff.cuni.cz/idpdiscovery/discovery.html" relayState="cookie"> |
||
| 21 | SAML2 SAML1 |
||
| 22 | </SSO> |
||
| 23 | |||
| 24 | </pre> |
||
| 25 | |||
| 26 | see https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPServiceSSO or https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessionInitiator if more details/complex configuration is needed |