Differences

This shows you the differences between two versions of the page.

--- docpublic:systemes:shibboleth:idpv4xc8 [2021/06/03 13:16]
adminjp [Delegation d'authentification a CAS]
+++ docpublic:systemes:shibboleth:idpv4xc8 [2021/06/30 17:48] (current)
adminjp [personnaliser la page de login interne]
@@ Line 325: / Line 325: @@
 <code>
-[root@idpx opt]# mkdir shibidp-src-4.1.0
+[root@idpx opt]# mkdir shibidp-src-4.1.2
-[root@idpx opt]# cd shibidp-src-4.1.0/
+[root@idpx opt]# cd shibidp-src-4.1.2/
-[root@idpx shibidp-src-4.1.0]# wget https://shibboleth.net/downloads/identity-provider/4.1.0/shibboleth-identity-provider-4.1.0.tar.gz
+[root@idpx shibidp-src-4.1.2]# wget https://shibboleth.net/downloads/identity-provider/4.1.2/shibboleth-identity-provider-4.1.2.tar.gz
---2021-05-10 21:32:12--  https://shibboleth.net/downloads/identity-provider/4.1.0/shibboleth-identity-provider-4.1.0.tar.gz
-[root@idpx shibidp-src]# tar xvfz shibboleth-identity-provider-4.1.0.tar.gz
+[root@idpx shibidp-src]# tar xvfz shibboleth-identity-provider-4.1.2.tar.gz
-[root@idpx shibidp-src]# cd shibboleth-identity-provider-4.1.0
+[root@idpx shibidp-src]# cd shibboleth-identity-provider-4.1.2
-[root@idpx shibboleth-identity-provider-4.1.0]# ls
+[root@idpx shibboleth-identity-provider-4.1.2]# ls
 bin  conf  credentials  doc  flows  LICENSE.txt  logs  messages  metadata  system  views  webapp
 </code>
@@ Line 342: / Line 342: @@
 <code>
-[root@idpx shibboleth-identity-provider-4.1.0]# ./bin/install.sh
+[root@idpx shibboleth-identity-provider-4.1.2]# ./bin/install.sh
-Buildfile: /opt/shibidp-src/shibboleth-identity-provider-4.0.1/bin/build.xml
+Buildfile: /opt/shibidp-src/shibboleth-identity-provider-4.1.2/bin/build.xml
 install:
-Source (Distribution) Directory (press <enter> to accept default): [/opt/shibidp-src/shibboleth-identity-provider-4.1.0] ?
+Source (Distribution) Directory (press <enter> to accept default): [/opt/shibidp-src/shibboleth-identity-provider-4.1.2] ?
 Installation Directory: [/opt/shibboleth-idp] ?
-INFO [net.shibboleth.idp.installer.V4Install:151] - New Install.  Version: 4.1.0
+INFO [net.shibboleth.idp.installer.V4Install:151] - New Install.  Version: 4.1.2
 Host Name: [idpx.intbstsp.fr] ?
 idpex.imtbstsp.eu
@@ Line 369: / Line 369: @@
 INFO [net.shibboleth.idp.installer.V4Install:433] - Creating Metadata to /opt/shibboleth-idp/metadata/idp-metadata.xml
-INFO [net.shibboleth.idp.installer.BuildWar:72] - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.1.0
+INFO [net.shibboleth.idp.installer.BuildWar:72] - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.1.2
 INFO [net.shibboleth.idp.installer.BuildWar:81] - Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
 INFO [net.shibboleth.idp.installer.BuildWar:90] - Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
@@ Line 382: / Line 382: @@
 <code>
-[root@idpx shibboleth-identity-provider-4.0.1]# ls -l /opt/shibboleth-idp/credentials/
+[root@idpx shibboleth-identity-provider-4.1.2]# ls -l /opt/shibboleth-idp/credentials/
 total 36
--rw------- 1 root root 1525 10 mai   22:16 idp-backchannel.crt
+-rw------- 1 root root 1517 11 juin  15:18 idp-backchannel.crt
--rw------- 1 root root 3409 10 mai   22:16 idp-backchannel.p12
+-rw------- 1 root root 3399 11 juin  15:18 idp-backchannel.p12
--rw------- 1 root root 1525 10 mai   22:15 idp-encryption.crt
+-rw------- 1 root root 1517 11 juin  15:18 idp-encryption.crt
--rw------- 1 root root 2455 10 mai   22:15 idp-encryption.key
+-rw------- 1 root root 2459 11 juin  15:18 idp-encryption.key
--rw------- 1 root root 1525 10 mai   22:15 idp-signing.crt
+-rw------- 1 root root 1517 11 juin  15:18 idp-signing.crt
--rw------- 1 root root 2459 10 mai   22:15 idp-signing.key
+-rw------- 1 root root 2455 11 juin  15:18 idp-signing.key
--rw------- 1 root root  502 10 mai   22:17 sealer.jks
+-rw------- 1 root root  502 11 juin  15:19 sealer.jks
--rw------- 1 root root   53 10 mai   22:17 sealer.kver
+-rw------- 1 root root   53 11 juin  15:19 sealer.kver
--rw------- 1 root root  581 10 mai   22:17 secrets.properties
+-rw------- 1 root root  581 11 juin  15:19 secrets.properties
 </code>
@@ Line 398: / Line 398: @@
 <code>
-[root@idpx shibboleth-identity-provider-4.0.1]# chown -R tomcat /opt/shibboleth-idp/
+[root@idpx shibboleth-identity-provider-4.1.2]# chown -R tomcat /opt/shibboleth-idp/
 </code>
@@ Line 466: / Line 466: @@
 [root@idpx war]# cd /opt/shibboleth-idp/edit-webapp/WEB-INF/lib/
 [root@idpx lib]# wget https://build.shibboleth.net/nexus/service/local/repositories/thirdparty/content/javax/servlet/jstl/1.2/jstl-1.2.jar
---2020-07-05 11:33:02--  https://build.shibboleth.net/nexus/service/local/repositories/thirdparty/content/javax/servlet/jstl/1.2/jstl-1.2.jar
 </code>
@@ Line 475: / Line 474: @@
 <code>
-[root@idpx]# cd /opt/shibidp-src-4.1.0/shibboleth-identity-provider-4.1.0/
+[root@idpx]# cd /opt/shibboleth-identity-provider-4.1.2/
 [root@idpx] cd webapp/
 [root@idpx webapp]# ls
-css  images  index.jsp  js  META-INF  WEB-INF  x509-prompt.jsp
+css  images  index.jsp  js  META-INF  WEB-INF
 [root@idpx webapp]# cd WEB-INF/
 [root@idpx WEB-INF]# ls
@@ Line 489: / Line 488: @@
 <code>
-[root@idpx shibboleth-identity-provider-4.1.0]# ./bin/install.sh
+[root@idpx shibboleth-identity-provider-4.1.2]# ./bin/install.sh
-Buildfile: /opt/shibidp-src/shibboleth-identity-provider-4.1.0/bin/build.xml
+Buildfile: /opt/shibboleth-identity-provider-4.1.2/bin/build.xml
 install:
-Source (Distribution) Directory (press <enter> to accept default): [/opt/shibidp-src/shibboleth-identity-provider-4.1.0] ?
+Source (Distribution) Directory (press <enter> to accept default): [/opt/shibboleth-identity-provider-4.1.2] ?
 Installation Directory: [/opt/shibboleth-idp] ?
-INFO [net.shibboleth.idp.installer.V4Install:162] - Update from version 4.1.0 to version 4.1.0
+INFO [net.shibboleth.idp.installer.V4Install:162] - Update from version 4.1.2 to version 4.1.2
-INFO [net.shibboleth.idp.installer.BuildWar:103] - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.1.0
+INFO [net.shibboleth.idp.installer.BuildWar:103] - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.1.2
 INFO [net.shibboleth.idp.installer.BuildWar:113] - Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
 INFO [net.shibboleth.idp.installer.BuildWar:92] - Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
@@ Line 504: / Line 503: @@
 BUILD SUCCESSFUL
-Total time: 15 seconds
+Total time: 7 seconds
 </code>
@@ Line 529: / Line 529: @@
 <code>
-[root@idpx ~]# /opt/shibboleth-idp/bin/status.sh
+[root@idpx shibboleth-idp]#  /opt/shibboleth-idp/bin/status.sh
 ### Operating Environment Information
 operating_system: Linux
 operating_system_version: 4.18.0
 operating_system_architecture: amd64
-jdk_version: 11.0.9.1
+jdk_version: 11.0.11
-available_cores: 12
+available_cores: 32
-used_memory: 139 MB
+used_memory: 144 MB
 maximum_memory: 910 MB
 ### Identity Provider Information
-idp_version: 4.1.0
+idp_version: 4.1.2
-start_time: 2021-05-10T20:42:12.417Z
+start_time: 2021-06-11T13:36:01.576Z
-current_time: 2021-05-10T20:42:13.870791Z
+current_time: 2021-06-11T13:36:37.322735Z
-uptime: PT1.453S
+uptime: PT35.746S
 enabled modules:
 	idp.authn.Password (Password Authentication)
 	idp.admin.Hello (Hello World)
+installed plugins:
+service: shibboleth.LoggingService
+last successful reload attempt: 2021-06-11T13:35:43.310718Z
+last reload attempt: 2021-06-11T13:35:43.310718Z
+service: shibboleth.AttributeFilterService
+last successful reload attempt: 2021-06-11T13:35:45.623677Z
+last reload attempt: 2021-06-11T13:35:45.623677Z
 ...
+service: shibboleth.ManagedBeanService
+last successful reload attempt: 2021-06-11T13:35:46.160136Z
+last reload attempt: 2021-06-11T13:35:46.160136Z
 </code>
@@ Line 743: / Line 758: @@
 ==== personnaliser la page de login interne ====
-il est possible de personnaliser la page de login intégré a l'IDP cf:
+Avant de passer a une delagation d'authN via CAS, il est possible de personnaliser la page de login intégré a l'IDP cf:
   * https://wiki.shibboleth.net/confluence/display/IDP30/PasswordAuthnConfiguration
@@ Line 766: / Line 781: @@
-en IDP v4 , mettre l'image du logo dans les sources , permet apres un install.sh d'assurer son deploiement dans le webapps de tomcat et donc le rend bien operationnel
+en IDP v4 , lors du deploiement initial mettre l'image du logo dans les sources , permet apres un install.sh d'assurer son deploiement dans le webapps de tomcat et donc le rend bien operationnel
 <code>
@@ Line 774: / Line 789: @@
 idp.logo=/images/IMT_logo_RVB.jpg
+</code>
+==== Logo sur views / messages ====
+ref : https://wiki.shibboleth.net/confluence/display/IDP4/ErrorHandlingConfiguration
+en IDP v 4.1.2 pour afficher le logo de l'etablissement dans les views (ecran d'interception) , il faut :
+  - deposer le fichier de logo dans le repertoire
+  - editer le fichier de porpertis des message pour y definir le parametre idp.logo
+  - relancer le buid + stop-start de tomcat
+=== 1) deposer le fichier logo ===
+<code>
+[root@idp4t shibboleth-idp]# ls -l edit-webapp/images/logo-imtbs-tsp.png
+-rw-r--r-- 1 root root 13640 30 juin  07:53 edit-webapp/images/logo-oursite.png
+</code>
+=== 2) messages.properties ====
+<code>
+[root@idp4t shibboleth-idp]# cat messages/messages.properties
+# You can define message properties here to override messages defined in
+# the system-supplied message file or to add your own messages.
+idp.logo = /images/logo-oursite.png
+</code>
+=== 3) re-build ===
+on rebuild le war afin qu'il soit redeployer dans le webapps de tomcat
+<code>
+[root@idp4t shibboleth-idp]# ./bin/build.sh
+Buildfile: /opt/shibboleth-idp/bin/build.xml
+build-war:
+Installation Directory: [/opt/shibboleth-idp] ?
+INFO [net.shibboleth.idp.installer.BuildWar:103] - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.1.2
+INFO [net.shibboleth.idp.installer.BuildWar:113] - Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
+INFO [net.shibboleth.idp.installer.BuildWar:92] - Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
+INFO [net.shibboleth.idp.installer.BuildWar:125] - Creating war file /opt/shibboleth-idp/war/idp.war
+BUILD SUCCESSFUL
+Total time: 7 seconds
 </code>
 ===== Attribute Resolver v4 =====
@@ Line 1062: / Line 1124: @@
 }
 </code>
+===== modules =====
+==== liste ====
+lister les modules et leur etat d'activation
+<code>
+[root@idpx bin]# ./module.sh --list
+Module: idp.authn.Duo [DISABLED]
+Module: idp.authn.External [ENABLED]
+Module: idp.authn.Function [DISABLED]
+Module: idp.authn.IPAddress [DISABLED]
+Module: idp.authn.MFA [DISABLED]
+Module: idp.authn.Password [ENABLED]
+Module: idp.authn.RemoteUser [DISABLED]
+Module: idp.authn.RemoteUserInternal [DISABLED]
+Module: idp.authn.SPNEGO [DISABLED]
+Module: idp.authn.X509 [DISABLED]
+Module: idp.authn.Demo [DISABLED]
+Module: idp.admin.Hello [ENABLED]
+Module: idp.admin.UnlockKeys [DISABLED]
+Module: idp.intercept.Consent [DISABLED]
+Module: idp.intercept.ContextCheck [DISABLED]
+Module: idp.intercept.ExpiringPassword [DISABLED]
+Module: idp.intercept.Impersonate [DISABLED]
+Module: idp.intercept.Warning [DISABLED]
+Module: idp.profile.CAS [DISABLED]
+</code>
+==== activation consent ====
+activer le module de consentement :
+  * https://wiki.shibboleth.net/confluence/display/IDP4/ConsentConfiguration
+  * https://doku.tid.dfn.de/de:shibidp:config-tou
+<code>
+[root@idpx bin]# ./module.sh -t idp.intercept.Consent || ./module.sh -e idp.intercept.Consent
+Enabling idp.intercept.Consent...
+	conf/intercept/consent-intercept-config.xml created
+	views/intercept/attribute-release.vm created
+	views/intercept/terms-of-use.vm created
+[OK]
+</code>
+Depuis 4.1.x
+<code>
+<!-- Insert bean that references the static terms-of-use from consent-messages.properties -->
+<bean id="shibboleth.consent.terms-of-use.Key" class="com.google.common.base.Functions" factory-method="constant">
+        <constructor-arg value="my-terms"/>
+    </bean>
+</code>
+===== Upgrade =====
+https://wiki.shibboleth.net/confluence/display/IDP4/Upgrading
+Exemple ici du passage d'une 4.1.0 en 4.1.2
+recuperer les sources
+<code>
+[root@idpx opt]# wget https://shibboleth.net/downloads/identity-provider/4.1.2/shibboleth-identity-provider-4.1.2.tar.gz
+</code>
+sauver / backup de l'existant
+<code>
+[root@idpx opt]# cp -a shibboleth-idp shibboleth-idp-prod-4.1.0
+</code>
+desarchiver et se deplacer dans l'arborescence des sources de cette nouvelle version
+<code>
+[root@idpx opt]# tar xvfz shibboleth-identity-provider-4.1.2.tar.gz
+[root@idpx opt]# cd shibboleth-identity-provider-4.1.2
+</code>
+Lancer l'installation vers la destination de production actuelle (ici /opt/shibboleth-idp) , ainsi il sera fait un upgrade (cela garde la configuration !)
+<code>
+[root@idpx shibboleth-identity-provider-4.1.2]#  ./bin/install.sh
+Buildfile: /opt/shibboleth-identity-provider-4.1.2/bin/build.xml
+install:
+Source (Distribution) Directory (press <enter> to accept default): [/opt/shibboleth-identity-provider-4.1.2] ?
+Installation Directory: [/opt/shibboleth-idp] ?
+INFO [net.shibboleth.idp.installer.V4Install:162] - Update from version 4.1.0 to version 4.1.2
+INFO [net.shibboleth.idp.installer.BuildWar:103] - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.1.2
+INFO [net.shibboleth.idp.installer.BuildWar:113] - Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
+INFO [net.shibboleth.idp.installer.BuildWar:92] - Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
+INFO [net.shibboleth.idp.installer.BuildWar:125] - Creating war file /opt/shibboleth-idp/war/idp.war
+BUILD SUCCESSFUL
+Total time: 31 seconds
+</code>
+rebuild du war
+<code>
+[root@idpx shibboleth-idp]# ./bin/build.sh
+Buildfile: /opt/shibboleth-idp/bin/build.xml
+build-war:
+Installation Directory: [/opt/shibboleth-idp] ?
+INFO [net.shibboleth.idp.installer.BuildWar:103] - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.1.2
+INFO [net.shibboleth.idp.installer.BuildWar:113] - Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
+INFO [net.shibboleth.idp.installer.BuildWar:92] - Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
+INFO [net.shibboleth.idp.installer.BuildWar:125] - Creating war file /opt/shibboleth-idp/war/idp.war
+BUILD SUCCESSFUL
+Total time: 6 seconds
+</code>
+puis stop/start de tomcat afin de redeployer ce nouveau war .
@@ Line 1092: / Line 1277: @@
 [root@idpx shibboleth-idp]# cp dist/webapp/WEB-INF/web.xml edit-webapp/WEB-INF/
 </code>
+==== shib-cas-authn jar ====
+recuperer les deux fichier .jar
+<code>
+[root@idpx lib]# pwd
+/opt/shibboleth-idp/edit-webapp/WEB-INF/lib
+/opt/shibboleth-idp/edit-webapp/WEB-INF/lib
+[root@idpx lib]# wget https://github.com/Unicon/shib-cas-authn/releases/download/4.0.0/cas-client-core-3.6.0.jar
+[root@idpx lib]# wget https://github.com/Unicon/shib-cas-authn/releases/download/4.0.0/shib-cas-authenticator-4.0.0.jar
+</code>
+==== web.xml ====
 on ajoute un element //<servlet>// pour le traitement "ShibCas Auth Servlet"
@@ Line 1108: / Line 1309: @@
 -        <servlet-name>ShibCas Auth Servlet</servlet-name>
 -        <servlet-class>net.unicon.idp.externalauth.ShibcasAuthServlet</servlet-class>
--        <load-on-startup>2</load-on-startup>
+-        <load-on-startup>4</load-on-startup>
 -    </servlet>
 -    <servlet-mapping>
@@ Line 1119: / Line 1320: @@
 </code>
+ :!: on a changé le <load-on-startup> à l'index 4 , car il y a en a deja 3 avant !
+==== activer le module external ====
+si ce n'est pas deja fait, il faut activer l'usag de module "external"
+  * https://wiki.shibboleth.net/confluence/display/IDP4/ExternalAuthnConfiguration
+<code>
+[root@idpx shibboleth-idp]# bin/module.sh -t idp.authn.External || bin/module.sh -e idp.authn.External
+Enabling idp.authn.External...
+	conf/authn/external-authn-config.xml created
+[OK]
+</code>
 ==== parametrage idp.authn.flows=External ====
@@ Line 1126: / Line 1340: @@
 <code>
-[root@idp4mt shibboleth-idp]# diff -ur conf/authn/authn.properties conf/authn/authn.properties.dist
+[root@idp4mt shibboleth-idp]#  diff -ur authn.properties.dist authn.properties
---- conf/authn/authn.properties	2021-06-02 22:51:41.125696958 +0200
+--- authn.properties.dist	2021-06-02 22:50:05.807379051 +0200
-+++ conf/authn/authn.properties.dist	2021-06-02 22:50:05.807379051 +0200
++++ authn.properties	2021-06-03 15:43:27.972786269 +0200
-@@ -3,9 +3,6 @@
+@@ -3,6 +3,9 @@
  # Regular expression matching login flows to enable, e.g. IPAddress|Password
  #idp.authn.flows = Password
--#begin JP
++#begin JP
--# Regular expression matching login flows to enable, e.g. IPAddress|Password
++# Regular expression matching login flows to enable, e.g. IPAddress|Password
--#idp.authn.flows=Password
++#idp.authn.flows=Password
  idp.authn.flows=External
  # CAS Client properties (usage loosely matches that of the Java CAS Client)
-@@ -13,39 +10,6 @@
+@@ -10,6 +13,39 @@
  shibcas.casServerUrlPrefix = https://ssocas6.domain.fr/cas
  shibcas.casServerLoginUrl = ${shibcas.casServerUrlPrefix}/login
--## Shibboleth Server Properties
++## Shibboleth Server Properties
--shibcas.serverName = https://ssocas6.domain.fr
++shibcas.serverName = https://ourIDP.domain.fr
--
++
--# By default you always get the AuthenticatedNameTranslator, add additional code to cover your custom needs.
++# By default you always get the AuthenticatedNameTranslator, add additional code to cover your custom needs.
--# Takes a comma separated list of fully qualified class names
++# Takes a comma separated list of fully qualified class names
--# shibcas.casToShibTranslators = com.your.institution.MyCustomNamedTranslatorClass
++# shibcas.casToShibTranslators = com.your.institution.MyCustomNamedTranslatorClass
--# shibcas.parameterBuilders = com.your.institution.MyParameterBuilderClass
++# shibcas.parameterBuilders = com.your.institution.MyParameterBuilderClass
--
++
--# Specify CAS validator to use - either 'cas10', 'cas20' or 'cas30' (default)
++# Specify CAS validator to use - either 'cas10', 'cas20' or 'cas30' (default)
--# shibcas.ticketValidatorName = cas30
++# shibcas.ticketValidatorName = cas30
--
++
--
++
--# Specify if the Relying Party/Service Provider entityId should be appended as a separate entityId query string parameter
++# Specify if the Relying Party/Service Provider entityId should be appended as a separate entityId query string parameter
--# or embedded in the "service" querystring parameter - `append` (default) or `embed`
++# or embedded in the "service" querystring parameter - `append` (default) or `embed`
--# shibcas.entityIdLocation = append
++# shibcas.entityIdLocation = append
--
++
--# Default lifetime and timeout of various authentication methods
++# Default lifetime and timeout of various authentication methods
--#idp.authn.defaultLifetime = PT60M
++#idp.authn.defaultLifetime = PT60M
--#idp.authn.defaultTimeout = PT30M
++#idp.authn.defaultTimeout = PT30M
--
++
--# Whether to populate relying party user interface information for display
++# Whether to populate relying party user interface information for display
--# during authentication, consent, terms-of-use.
++# during authentication, consent, terms-of-use.
--#idp.authn.rpui = true
++#idp.authn.rpui = true
--
++
--# Whether to prioritize "active" results when an SP requests more than
++# Whether to prioritize "active" results when an SP requests more than
--# one possible matching login method (V2 behavior was to favor them)
++# one possible matching login method (V2 behavior was to favor them)
--#idp.authn.favorSSO = false
++#idp.authn.favorSSO = false
--
++
--# Whether to fail requests when a user identity after authentication
++# Whether to fail requests when a user identity after authentication
--# doesn't match the identity in a pre-existing session.
++# doesn't match the identity in a pre-existing session.
--#idp.authn.identitySwitchIsError = false
++#idp.authn.identitySwitchIsError = false
--#end JP
++#end JP
--
++
  # Default settings for most authentication methods.
  #idp.authn.defaultLifetime = PT1H
  #idp.authn.defaultTimeout = PT30M
+@@ -88,7 +124,8 @@
-@@ -124,8 +88,7 @@
  # Unset if you plan to return full Java Subject from external source
  #idp.authn.External.addDefaultPrincipals = true
  # Servlet context-relative path to wherever your implementation lives
--#idp.authn.External.externalAuthnPath = contextRelative:external.jsp
+-idp.authn.External.externalAuthnPath = contextRelative:external.jsp
--idp.authn.External.externalAuthnPath = contextRelative:Authn/External
++#idp.authn.External.externalAuthnPath = contextRelative:external.jsp
-+idp.authn.External.externalAuthnPath = contextRelative:external.jsp
++idp.authn.External.externalAuthnPath = contextRelative:Authn/External
 </code>
-copie de no-conversation-state.jsp
+copie de no-conversation-state.jsp (utile ?)
 <code>

docpublic/systemes/shibboleth/idpv4xc8.1622726219.txt.gz · Last modified: 2021/06/03 13:16 by adminjp

Show page Old revisions

[unknown link type]Back to top