...
| Code Block |
|---|
|
<security-constraint>
<web-resource-collection>
<url-pattern>/Authn/RemoteUser</url-pattern>
<url-pattern>/profile/SAML2/SOAP/ECP</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>**</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ShibUserPassAuth</realm-name>
</login-config> |
Then, modify your IdP's idp.properties file to include the following change:
| Code Block |
|---|
|
# Regular expression matching login flows to enable, e.g. IPAddress|Password
idp.authn.flows=Password|RemoteUserInternal |
Jetty
Modify your jetty.xml file to include the following change:
...
| Code Block |
|---|
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<!-- Adjust the following per your deployment -->
<Set name="war">/opt/shibboleth-idp/war/idp.war</Set>
<Set name="contextPath">/idp</Set>
<Set name="extractWAR">false</Set>
<Set name="copyWebDir">false</Set>
<Set name="copyWebInf">true</Set>
<Get name="securityHandler">
<Set name="realmName">ShibUserPassAuth</Set>
</Get>
</Configure> |
Then, create a jaas.ini file in the "start.d" directory of your JETTY_BASE to match the following:
...
| Code Block |
|---|
|
$JRE_HOME/bin/java -jar jetty/start.jar --add-to-startd=https,deploy,annotations,jstl,logging,requestlog,ext,jaas |
Related articles
| Filter by label (Content by label) |
|---|
| showLabels | false |
|---|
| max | 5 |
|---|
| spaces | IDP30 |
|---|
| showSpace | false |
|---|
| sort | modified |
|---|
| reverse | true |
|---|
| type | page |
|---|
| cql | label = "ecp" and type = "page" and space = "IDP30" |
|---|
| labels | ECP |
|---|
|