Page Comparison

...

Expand

title	password-authn-config.xml

Code Block

language	xml

<util:list id="shibboleth.authn.Password.Validators">
	<!-- Default bean uses the settings defined in authn/authn.properties -->
    <ref bean="custom.KerberosValidatorFoo" />
    <ref bean="custom.KerberosValidatorBar" />
</util:list>

<bean id="custom.KerberosValidatorFoo" parent="shibboleth.KerberosValidator"
		p:keytabPath="%{idp.home}/credentials/foo.keytab" p:servicePrincipal="HTTP/idp.example.org">
    <property name="transforms">
    	<list>
        	<bean parent="shibboleth.Pair" p:first="^(.+)@example\.org$" p:second="$1" />
        	<bean parent="shibboleth.Pair" p:first="^(.+)$" p:second="$1@FOO.EXAMPLE.ORG" />
    	</list>
    </property>
</bean>

<bean id="custom.KerberosValidatorBar" parent="shibboleth.KerberosValidator"
		p:keytabPath="%{idp.home}/credentials/bar.keytab" p:servicePrincipal="HTTP/idp.example.org">
    <property name="transforms">
    	<list>
        	<bean parent="shibboleth.Pair" p:first="^(.+)@example\.org$" p:second="$1" />
        	<bean parent="shibboleth.Pair" p:first="^(.+)$" p:second="$1@BAR.EXAMPLE.ORG" />
    	</list>
    </property>
</bean>

Code Block

language	xml

<util:list id="shibboleth.authn.Password.Validators">
	<!-- Default bean uses the settings defined in authn/authn.properties -->
    <ref bean="custom.KerberosValidatorFoo" />
    <ref bean="custom.KerberosValidatorBar" />
</util:list>

<bean id="custom.KerberosValidatorFoo" parent="shibboleth.KerberosValidator"
		p:keytabPath="%{idp.home}/credentials/foo.keytab" p:servicePrincipal="HTTP/idp.example.org">
    <property name="transforms">
    	<list>
        	<bean parent="shibboleth.Pair" p:first="^(.+)@example\.org$" p:second="$1" />
        	<bean parent="shibboleth.Pair" p:first="^(.+)$" p:second="$1@FOO.EXAMPLE.ORG" />
    	</list>
    </property>
</bean>

<bean id="custom.KerberosValidatorBar" parent="shibboleth.KerberosValidator"
		p:keytabPath="%{idp.home}/credentials/bar.keytab" p:servicePrincipal="HTTP/idp.example.org">
    <property name="transforms">
    	<list>
        	<bean parent="shibboleth.Pair" p:first="^(.+)@example\.org$" p:second="$1" />
        	<bean parent="shibboleth.Pair" p:first="^(.+)$" p:second="$1@BAR.EXAMPLE.ORG" />
    	</list>
    </property>
</bean>

Reference

Localtabgroup

Localtab live

title	Beans (V4.0)

The beans defined in authn/krb5-authn-config.xml follow. These are defaults that can be overridden per-validator in whole or in part.

Bean ID	Type	Default	Description
shibboleth.authn.Krb5.RefreshConfig	Boolean	False	Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt
shibboleth.authn.Krb5.PreserveTicket	Boolean	False	Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set
shibboleth.authn.Krb5.ServicePrincipal	String		Name of a service principal to use to verify the KDC supplying the TGT, by requesting and verifying a service ticket issued for it
shibboleth.authn.Krb5.Keytab	Path		Path to a keytab file containing keys belonging to the service principal defined above

Localtab live

active	true
title	Properties (V4.1+)

The following properties are usable in authn/authn.properties to control Kerberos use. These are defaults that can be overridden per-validator in whole or in part.

Name	Default	Description
idp.authn.Krb5.refreshConfig	false	Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt
idp.authn.Krb5.preserveTicket	false	Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set
idp.authn.Krb5.servicePrincipal		Name of a service principal to use to verify the KDC supplying the TGT, by requesting and verifying a service ticket issued for it
idp.authn.Krb5.keytab		Path to a keytab file containing keys belonging to the service principal defined above

...

Versions Compared

Old Version 15

New Version 16

Key

Reference