Changes between Version 24 and Version 25 of ConnectorsSetup


Ignore:
Timestamp:
07/30/13 10:02:01 (11 years ago)
Author:
dabantz@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • ConnectorsSetup

    v24 v25  
    4343(2) Configure the IdP to directly trust these certificates: (2.1) for authN and (2.2) for retrieving attributes from the LDAP directory [these are independent]: 
    4444 
    45  (2.1) Configure the authentication module to trust the AD certificate by adding to the configuration in ''$IDP_HOME''/conf/login.config a line like (per Daniel Fisher <dfisher@vt.edu> 2013-04-24): 
     45 (2.1) Configure the authentication module to trust the AD certificate by adding to the configuration in ''$IDP_HOME''/conf/login.config a line like (per Daniel Fisher <dfisher@vt.edu> 2013-04-24 and 2013-07-30): 
    4646 
    4747  {{{ 
    48   sslSocketFactory="{trustCertificates=file:/path/to/my/trust.crt}" 
     48// UA AD Auth 
     49   edu.vt.middleware.ldap.jaas.LdapLoginModule sufficient 
     50      ldapUrl="ldap://fbk-adua02.ua.ad.alaska.edu:3268" 
     51      baseDn="dc=ua,dc=ad,dc=alaska,dc=edu" 
     52      bindDn="cn=uashib,ou=uaf_service,ou=uaf,dc=ua,dc=ad,dc=alaska,dc=edu" 
     53      bindCredential="••••••••••" 
     54      subtreeSearch="true" 
     55// Directly reference imported server certificate for TLS on 3268 rather than SSL on 3269 
     56      sslSocketFactory="{trustCertificates=file:/opt/shibboleth-idp/trustedservercerts/Fbk-Adua02.ua.ad.alaska.edu.pem}" 
     57      ssl="false" 
     58      tls="true" 
     59      userField="sAMAccountName,uaIdentifier"; 
     60 
    4961  }}} 
    5062 (2.2) Configure the Data Connectors in '$IDP_HOME''/conf/attribute-resolver.xml to use StartTLSTrustCredential.  https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverLDAPDataConnector