Changes between Version 11 and Version 12 of IdPSetup


Ignore:
Timestamp:
04/01/13 16:54:18 (12 years ago)
Author:
dabantz@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • IdPSetup

    v11 v12  
    2424 
    2525==== Local !DataConnectors ==== 
    26 UA IdP is configured to use both the DSEE enterprise LDAP directory ("EDIR") and UA Domain AD for attribute resolution.  The edir LDAP directories are behind a hardware equalizer, providing redundancy; the cluster is addressed by: 
     26UA IdP is configured to use both the DSEE enterprise LDAP directory ("EDIR") and UA Domain AD for attribute resolution.   
     27 
     28The edir LDAP directories are behind a hardware equalizer, providing redundancy; the cluster is addressed by: 
    2729{{{ 
    2830<resolver:DataConnector id="myLDAP" xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc" 
    29         ldapURL="ldaps://edir.alaska.edu:636" baseDN="ou=people,dc=alaska,dc=edu" principal="uid=shibboleth03,ou=resource,dc=alaska,dc=edu" 
    30         principalCredential="shibboleth+20090303"> 
     31        ldapURL="ldaps://edir.alaska.edu:636" baseDN="ou=people,dc=alaska,dc=edu"  
     32        principal="uid=shibboleth03,ou=resource,dc=alaska,dc=edu" 
     33        principalCredential="•••••••••"> 
    3134        <FilterTemplate> 
    3235            <![CDATA[ 
     
    3437            ]]> 
    3538        </FilterTemplate> 
    36     </resolver:DataConnector> 
     39</resolver:DataConnector> 
    3740 
    3841}}} 
    39 The !FilterTemplate supports user login with their UA Username or their ID #. 
     42The !FilterTemplate supports user login with their UA Username (in uasystemid) or their ID # (in bannerid) or their edir UID. 
     43 
     44The UA Domain AD as of 2013-04 is defined as a single node connection: 
     45{{{ 
     46<resolver:DataConnector id="uaADLDAP" xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc" 
     47        ldapURL="ldaps://fbk-adua02.ua.ad.alaska.edu:3269" baseDN="ou=useraccounts,dc=ua,dc=ad,dc=alaska,dc=edu"   
     48        principal="cn=uashib,ou=uaf_service,ou=uaf,dc=ua,dc=ad,dc=alaska,dc=edu" principalCredential="•••••••••"> 
     49        <FilterTemplate> 
     50            <![CDATA[ 
     51                (|(sAMAccountName=$requestContext.principalName)(uaIdentifier=$requestContext.principalName)) 
     52            ]]> 
     53        </FilterTemplate> 
     54</resolver:DataConnector> 
     55}}} 
     56The !FilterTemplate supports user login with their UA Username (in sAMAcountName) or their UA ID# (in uaidentifier). 
     57 
     58In the future, a subset of the UA AD servers might be put into a equalizer cluster, providing redundancy similar to edir. 
     59As a fall-back, this !DataConnector might be configured with failover (see below). 
    4060==== Customize login.jsp ==== 
    41612012: IdP distribution is at howkan:/home/sxjpm/Shib/shibboleth-identityprovider-2.3.0/src...