Reputation: 120
shibboleth 5 with slapd integration login
I have spent 2+ weeks trying to get a Shibboleth 5 IdP stood up for our dev environment.
The players:
- Shibboleth 5 IdP configured to run inside Jetty 11 servlet (no apache)
- openldap (on same server)
- mod_auth_mellon SP on various dev servers
I have gotten the IdP itself working. I received a 401 unauthorized error trying to navigate to a SAML managed location on a dev server. This proves the SAML handshake between SP and IdP is working.
My question is: What Shibboleth 5 configuration do I need to make to have the IdP display a LDAP login page when the SP redirects back to the IdP for authentication?
Further background:
I began by following the Shibboleth 5 wiki for installation. It is not nearly complete.
I have spent, as I said earlier, 2+ weeks scouring the web for Shibboleth and LDAP tutorials.
None exist for Shibboleth 5.
I found a couple sites working with Shibboleth 3 and slowly cobbled together and modified the old instructions to work with the new v5.
The Shibboleth 5 physical installation does not have a login.jsp page anywhere, nor have I found any mention anywhere of how to get Shib 5 to do a redirect to anything, let alone a local LDAP implementation.
Please help.
I'm not sure which config files will be relevant, so I'll include them as they are asked for.
Upvotes: 1
Views: 156
Answers (1)
Reputation: 666
You should configure the IDP to use an LDAP authentication backend, see: https://shibboleth.atlassian.net/wiki/spaces/IDP5/pages/3199505688/LDAPAuthnConfiguration
This is ultimately a set of configuration parameters within idp.properties that tell Shibboleth IDP what LDAP server to authenticate against (e.g. ldap://localhost:369 if that's on the same server as the IDP).
The IDP will show a login screen and validate the LDAP user's authentication credential via an attempt at binding to the LDAP server.
Here is a good starter article from the Consortium GARR (an Italian Federation operator) on the basics of setting up Shib IDP with LDAP (note: the article is for IDPv4, but AFAIK is all still applicable with IDP v5).
Upvotes: 0
Related Questions
- Unable to get the Shibboleth IDP login page
- Shibboleth 2.4.5 Not Releasing Needed Attributes
- Shibboleth return username as HTTP Header instead of SAML attribute
- Shibboleth Password with LDAP - no login screen
- How do I configure Shibboleth v3 IdP for WSO2 Identity Server?
- Howto quickly configure some users for Shibboleth IdP
- Shibboleth not appending any nameid to SAML response
- How to Install and configure shibboleth SP in windows8?
- How do I set up a Shibboleth 3 identity provider?
- Authorization using shibboleth sso