13 | | |
| 16 | 1. Open the shibboleth2.xml file in the etc directory of the Shibboleth SP installation and edit the ISAP tag, RequestMap tag, ApplicationDefaults tag, SSO tag, and MetadataProvider tag as follows and save the file. The site id comes from the value in the IIS control panel associated with the web site that is configure to work with the Shibboleth SP. The name and hostname should be the outwardly listening IIS interface that the web browser will be connecting to. The entityID in the ApplicationDefaults tag should looks something like: https://thefullhostname/shibboleth . The entityID in the SSO tag should be the entityID copied from the idp-metadata.xml file. The file name in the MetadataProvider should point to the idp-metadata.xml file saved in the etc directory of the Shibboleth SP installation. It should not include any directory components, just the filename. |
| 17 | {{{ |
| 18 | ... |
| 19 | <ISAPI normalizeRequest="true" safeHeaderNames="true"> |
| 20 | <!-- |
| 21 | Maps IIS Instance ID values to the host scheme/name/port. The name is |
| 22 | required so that the proper <Host> in the request map above is found without |
| 23 | having to cover every possible DNS/IP combination the user might enter. |
| 24 | --> |
| 25 | <Site id="1" name="uafparktest.uaf.edu"/> |
| 26 | <!-- |
| 27 | When the port and scheme are omitted, the HTTP request's port and scheme are used. |
| 28 | If these are wrong because of virtualization, they can be explicitly set here to |
| 29 | ensure proper redirect generation. |
| 30 | --> |
| 31 | <!-- |
| 32 | <Site id="42" name="virtual.example.org" scheme="https" port="443"/> |
| 33 | --> |
| 34 | </ISAPI> |
| 35 | ... |
| 36 | <RequestMap> |
| 37 | <!-- |
| 38 | The example requires a session for documents in /secure on the containing host with http and |
| 39 | https on the default ports. Note that the name and port in the <Host> elements MUST match |
| 40 | Apache's ServerName and Port directives or the IIS Site name in the <ISAPI> element above. |
| 41 | --> |
| 42 | <Host name="uafparktest.uaf.edu" authType="shibboleth"/> |
| 43 | <!-- Example of a second vhost mapped to a different applicationId. --> |
| 44 | <!-- |
| 45 | <Host name="admin.example.org" applicationId="admin" authType="shibboleth" requireSession="true"/> |
| 46 | --> |
| 47 | </RequestMap> |
| 48 | ... |
| 49 | <ApplicationDefaults entityID="https://uafparktest.uaf.edu/shibboleth" |
| 50 | REMOTE_USER="eppn persistent-id targeted-id"> |
| 51 | ... |
| 52 | <SSO entityID="urn:mace:incommon:alaska.edu" |
| 53 | discoveryProtocol="SAMLDS" discoveryURL="https://ds.example.org/DS/WAYF"> |
| 54 | SAML2 SAML1 |
| 55 | </SSO> |
| 56 | ... |
| 57 | <MetadataProvider type="XML" file="idp-metadata.xml"/> |
| 58 | ... |
| 59 | }}} |
| 60 | 1. Open the attribute-map.xml file in the etc directory of the Shibboleth SP installation. Add the following tag to the file and save it. |
| 61 | {{{ |
| 62 | ... |
| 63 | <Attribute name="urn:mace:alaska.edu:attributes:bannerid" id="bannerid"/> |
| 64 | ... |
| 65 | }}} |
| 66 | 1. Restart IIS and the shibd service. This step may require a reboot to finish the process on some installations. |
| 67 | 1. Browse to the following URL and email the downloaded XML file to iam@alaska.edu. [[br]] https://thefullhostname/Shibboleth.sso/Metadata |