...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<resolver:DataConnector xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
id="UNIQUE_ID"
ldapURL="LDAP_URL"
baseDN="BASE_DN"
principal="PRINCIPAL_NAME"
principalCredential="PRINCIPAL_CREDENTIAL"
useStartTLS="true">
<resolver:Dependency ref="DEFINITION_ID_1" />
<resolver:Dependency ref="DEFINITION_ID_2" />
<resolver:Dependency ref="CONNECTOR_ID_3" />
<resolver:Dependency ref="CONNECTOR_ID_4" />
<FilterTemplate>
<![CDATA[
(uid=${requestContext.principalName})
]]>
</FilterTemplate>
<StartTLSTrustCredential xsi:type="security:X509Inline" xmlns:security="urn:mace:shibboleth:2.0:security" id="LDAPtoIdPCredential">
<security:Certificate>
<!-- PEM-encoded certificate goes here -->
</security:Certificate>
</StartTLSTrustCredential>
</resolver:DataConnector>
|
Data Connector Trusting Private CA's Certificate in File System
| Code Block | ||
|---|---|---|
| ||
<resolver:DataConnector xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
id="UNIQUE_ID"
ldapURL="LDAP_URL"
baseDN="BASE_DN"
principal="PRINCIPAL_NAME"
principalCredential="••••••••"
useStartTLS="true">
<FilterTemplate>
<![CDATA[
(|(sAMAccountName=$requestContext.principalName)(uaIdentifier=$requestContext.principalName))
]]>
</FilterTemplate>
<StartTLSTrustCredential xsi:type="security:X509Filesystem"
xmlns:security="urn:mace:shibboleth:2.0:security"
id="UA_AD_CA_Certificate">
<security:Certificate>/opt/shibboleth-idp/trustedservercerts/UA_AD_CA.pem</security:Certificate>
</StartTLSTrustCredential>
</resolver:DataConnector>
|
Client Certificate Authentication to the LDAP directory
...