...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<resolver:DataConnector xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc" id="UNIQUE_ID" ldapURL="LDAP_URL" baseDN="BASE_DN" principal="PRINCIPAL_NAME" principalCredential="PRINCIPAL_CREDENTIAL" useStartTLS="true"> <resolver:Dependency ref="DEFINITION_ID_1" /> <resolver:Dependency ref="DEFINITION_ID_2" /> <resolver:Dependency ref="CONNECTOR_ID_3" /> <resolver:Dependency ref="CONNECTOR_ID_4" /> <FilterTemplate> <![CDATA[ (uid=${requestContext.principalName}) ]]> </FilterTemplate> <StartTLSTrustCredential xsi:type="security:X509Inline" xmlns:security="urn:mace:shibboleth:2.0:security" id="LDAPtoIdPCredential"> <security:Certificate> <!-- PEM-encoded certificate goes here --> </security:Certificate> </StartTLSTrustCredential> </resolver:DataConnector> |
Data Connector Trusting Private CA's Certificate in File System
Code Block | ||
---|---|---|
| ||
<resolver:DataConnector xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
id="UNIQUE_ID"
ldapURL="LDAP_URL"
baseDN="BASE_DN"
principal="PRINCIPAL_NAME"
principalCredential="••••••••"
useStartTLS="true">
<FilterTemplate>
<![CDATA[
(|(sAMAccountName=$requestContext.principalName)(uaIdentifier=$requestContext.principalName))
]]>
</FilterTemplate>
<StartTLSTrustCredential xsi:type="security:X509Filesystem"
xmlns:security="urn:mace:shibboleth:2.0:security"
id="UA_AD_CA_Certificate">
<security:Certificate>/opt/shibboleth-idp/trustedservercerts/UA_AD_CA.pem</security:Certificate>
</StartTLSTrustCredential>
</resolver:DataConnector>
|
Client Certificate Authentication to the LDAP directory
...