...
- No firewall between IdP and Active Directory
- Windows 2008 R2 preferred (if Windows)
- 4 GB RAM, modern proccessor, ~24GB storage should be enough for: logging, OS, Apps
- No failover needs
- Commercial SSL cert availability for IdP (and DNS resolution for the selected name)
- Remote access (RDP for Windows, SSH for Linux)
| Info | ||
|---|---|---|
| ||
Note: It's okay if the 'afp:' prefix is left alone, but leaving in the 'metadata:' prefix would not be recognized, and you'd need to add the following to the other xmlns entries in the '<MetadataProvider ' element at the top of the metadata-providers.xml file: xmlns:metadata="urn:mace:shibboleth:2.0:metadata" |
To customize a working Shibboleth IdP to work with the OpenCCC Account Creation, CCCApply applications, and BOG Fee Waiver applications, the following changes are required to Shibboleth configuration files:
1. Define any custom attributes that will be needed (there may only be a single attribute) in attribute-resolver.xml
| Code Block | ||
|---|---|---|
| ||
<!-- cccEduID - only needed if LDAP contains this attribute, edit sourceAttributeID as appropriate --> <!-- <resolver:AttributeDefinition xsi:type="ad:Simple" id="cccEduId" sourceAttributeID="cccEduId"> <resolver:Dependency ref="myLDAP" /> <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:cccEduId" /> <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:mace:dir:attribute-def:cccEduId" /> </resolver:AttributeDefinition> --> |
...