Versions Compared

Old Version 1

changes.mady.by.user Vivien Wu

Saved on

compared with

New Version Current

changes.mady.by.user Vivien Wu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Configuration differences between v3  and v4

idp/configv3.4.xv4.0.x
jaas.confcom.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt="true"
principal="service/shibboleth-xyz@foo.org"
useKeyTab="true"
debug="true"
refreshKrb5Config="true"
keyTab="/opt/shibboleth-idp/credentials/keytabs/your-keytab";
};		GSSAPIBindRequest {
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt="true"
principal="service/shibboleth-xyz@foo.org"
useKeyTab="true"
debug="true"
refreshKrb5Config="true"
keyTab="/opt/shibboleth-idp/credentials/keytabs/your-keytab";
};
attribute-resolver.xml      <DataConnector id="suLDAP" xsi:type="LDAPDirectory"
        ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
        baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
        connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
        responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}"
        maxResultSize="0"
        principal="UNUSED" principalCredential="UNUSED" authenticationType="GSSAPI">
        <FilterTemplate>
            <![CDATA[
                (uid=$requestContext.principalName.replace("@foo.org", ""))
            ]]>
        </FilterTemplate>

        <LDAPProperty name="javax.security.sasl.qop"
            value="auth-conf" />
        <ConnectionPool
            minPoolSize="%{idp.pool.LDAP.minSize:3}"
            maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
            blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
            validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
            validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
            expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"
            failFastInitialize="%{idp.pool.LDAP.failFastInitialize:false}" />
    </DataConnector>

  <DataConnector id="suLDAP" xsi:type="LDAPDirectory"
        ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
        baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
        connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
        responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}"
        maxResultSize="0" 
failFastInitialize="true"
        principal="UNUSED" principalCredential="UNUSED" >
        <FilterTemplate>
            <![CDATA[
                (uid=$requestContext.principalName.replace("@stanford.edu", ""))
            ]]>
        </FilterTemplate>

       

<SaslConfig

<SASLConfig mechanism="GSSAPI" >
             <SASLProperty name="javax.security.sasl.qop" value="auth-conf"/>
         </

SaslConfig>

SASLConfig>
        <ConnectionPool
            minPoolSize="%{idp.pool.LDAP.minSize:3}"
            maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
            blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
            validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
            validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
            expirationTime




References

...