Standalone discovery » History » Version 3
Ondrej Kosarko, 01/11/2017 10:47 AM
| 1 | 1 | Redmine Admin | h1. Standalone discovery (shibboleth) |
|---|---|---|---|
| 2 | |||
| 3 | We need to use a standalone idp discovery in our setup. If you don't have any specific requirements (like edugain in our case) you can use the one provided by clarin (http://clarin.eu/content/clarin-discovery-service). |
||
| 4 | |||
| 5 | h2. Deploy and setup idpdiscovery.js |
||
| 6 | |||
| 7 | 3 | Ondrej Kosarko | https://github.com/ufal/lindat-aai-discovery/wiki/Idp_discovery |
| 8 | 2 | Redmine Admin | |
| 9 | 1 | Redmine Admin | |
| 10 | h2. Set shibboleth |
||
| 11 | |||
| 12 | The important part in shibboleth2.xml |
||
| 13 | |||
| 14 | <pre> |
||
| 15 | <!-- |
||
| 16 | Configures SSO for a default IdP. To allow for >1 IdP, remove |
||
| 17 | entityID property and adjust discoveryURL to point to discovery service. |
||
| 18 | (Set discoveryProtocol to "WAYF" for legacy Shibboleth WAYF support.) |
||
| 19 | You can also override entityID on /Login query string, or in RequestMap/htaccess. |
||
| 20 | --> |
||
| 21 | <SSO discoveryProtocol="SAMLDS" discoveryURL="https://lindat.mff.cuni.cz/idpdiscovery/discovery.html" relayState="cookie"> |
||
| 22 | SAML2 SAML1 |
||
| 23 | </SSO> |
||
| 24 | |||
| 25 | </pre> |
||
| 26 | |||
| 27 | see https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPServiceSSO or https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessionInitiator if more details/complex configuration is needed |