Changes between Version 14 and Version 15 of ConnectorsSetup

Timestamp:

06/04/13 09:28:58 (11 years ago)

Author:

dabantz@…

Comment:

--

ConnectorsSetup

@@ -43 +43 @@
 (2) Configure the IdP to directly trust these certificates: (2.1) for authN and (2.2) for retrieving attributes from the LDAP directory [these are independent]:
 
- (2.1) Configure the authentication module to trust the AD certificate by adding to the configuration in ''$IDP_HOME''/login.config a line like
+ (2.1) Configure the authentication module to trust the AD certificate by adding to the configuration in ''$IDP_HOME''/conf/login.config a line like
 
   {{{
@@ -49 +49 @@
   }}}
  (2.2) Configure the Data Connectors in attribute-resolver.xml to use StartTLSTrustCredential.  https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverLDAPDataConnector
+{{{ <resolver:DataConnector id="uaADLDAP" xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
+                                            ldapURL="ldaps://fbk-adua01.ua.ad.alaska.edu:3269"    
+                                            baseDN="ou=useraccounts,dc=ua,dc=ad,dc=alaska,dc=edu" 
+                                            principal="cn=uashib,ou=uaf_service,ou=uaf,dc=ua,dc=ad,dc=alaska,dc=edu"  
+                                            principalCredential="•••••••••••"
+                                            useStartTLS="true">
+    <!FilterTemplate>....<!/FilterTemplate>
+
+    <StartTLSTrustCredential xsi:type="security:X509Inline" xmlns:security="urn:mace:shibboleth:2.0:security" id="uaADuao1Certificate">
+        <security:Certificate>
+            <!-- Some DER or PEM encoded cert -->
+        </security:Certificate>
+    </StartTLSTrustCredential>
+}}}
+
 
 === [[IdPSetup|Failover connectors]] ===