Tuakiri
Child pages
  • Configuring a Shibboleth Identity Provider to join the Tuakiri Federation

Versions Compared

Old Version 2

changes.mady.by.user Vladimir Mencl

Saved on

compared with

New Version 3

changes.mady.by.user Daniela Dunn

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

There will be two federations available:

  • Tuakiri TEST/Dev (operational as of March 4, 2011work in progress)
  • Tuakiri Prod/Pilot (to be live by April 15, 2011release date TBA)
Table of Contents
outlinetrue
indent20px

...

  • Configure attribute release/filtering through the federation: add
    • Contact the federation administrators and request a URL for the Attribute Filter for your IdP. The attribute filter may have to be manually added to the list of attribute filters published. The URL would look like:
      No Format
      http://directory.test.tuakiri.ac.nz/attribute-filter/<institution-domain>.xml
    • Add the following entry into <srv:Service id="shibboleth.AttributeFilterEngine" in $IDP_HOME/conf/service.xml (note that the URL varies for each IdP and has to be obtained from the
    Federation Registry
    • federation administrators):
      Code Block
      xml
      xml
      
        <srv:ConfigurationResource xsi:type="resource:FileBackedHttpResource"
                              url="
    https
    • http://
    registry
    • directory.test.tuakiri.ac.nz/
    federationregistry/attributefilter/generate/YOUR-IDP-ID
    • attribute-filter/<institution-domain>.xml"
                              file="/opt/shibboleth-idp/conf/tuakiri-test-attribute-filter.xml" />
      Note

      Note: if your $IDP_HOME is different from /opt/shibboleth-idp, change the file path in the above snippet accordingly.

  • We also strongly recommend you configure your IdP to periodically reload this file - we recommend at 2 hour interval. This is documented in detail in the IdP Install Manual: Reloading configuration section and Load AAF Atribute Filter sections. The simple step is to add the configurationResourcePollingFrequency="PT2H0M0.000S" and configurationResourcePollingRetryAttempts="10" attributes to the <srv:Service id="shibboleth.AttributeFilterEngine" element.
    No Format
    
    <srv:Service id="shibboleth.AttributeFilterEngine"
+             configurationResourcePollingFrequency="PT2H0M0.000S" configurationResourcePollingRetryAttempts="10"
             xsi:type="attribute-afp:ShibbolethAttributeFilteringEngine">

Now your IdP should be able to access service provides within the Tuakiri (Test/Dev) federation.