1 260
szerkesztés
Módosítások
→Setting Shibboleth parameters for the module
=== Setting Shibboleth parameters for the module ===
==== Handler settings ====
If you are using lazy sessions, you have to define the Shibboleth SessionInitiator to which the user should be directed when she clicks on "Login with Shibboleth". SessionInitiator URL is constituted of the following:
* protocol scheme (<code>http://</code> or <code>https://</code>)
* host name
* shibboleth handler URL (usually: <code>/Shibboleth.sso</code>)
* 'location' part of the SessionInitiator definition
'''/etc/shibboleth/shibboleth2.xml snippet''':
<source lang="xml">
<Sessions lifetime="28800" timeout="3600" checkAddress="false"
handlerURL="/Shibboleth.sso" handlerSSL="false"
exportLocation="http://localhost/Shibboleth.sso/GetAssertion"
idpHistory="false" idpHistoryDays="7">
<SessionInitiator type="Chaining" Location="/Login" isDefault="true" id="Intranet" relayState="cookie" entityID="https://idp.example.org/shibboleth">
<SessionInitiator type="SAML2" defaultACSIndex="1" template="bindingTemplate.html"/>
<SessionInitiator type="Shib1" defaultACSIndex="5"/>
</SessionInitiator>
<!-- other things -->
</Sessions>
</source>
For this example, you should have:
* '''<code>/Shibboleth.sso</code>''' for ''Handler URL''
* '''HTTPS''' or '''HTTP''' for ''scheme'', depending on whether you are using SSL or not
* '''/Login''' for ''WAYF location''
==== Attribute settings ====
Specify here the '''$_SERVER''' headers to look up the user's username and e-mail address. Please check '''DEBUG''' mode to look for the available headers. If you can not find the desired attribute, then something is wrong with your IdP-SP attribute release flow.
:: <small>It is possible that some users have a specific attribute while others don't. Such is life. Check your Shibboleth settings.</small>
Both fields can have the same value, if you wish.
=== Automatic role assignment ===
