...
| Tip |
|---|
Again: this all OPTIONAL. The point of upgrades is to be safe and simple. You don't have to totally rework everything just to do it. |
| Table of Contents |
|---|
Module Cleanup
The first thing to do is to use the new module system to check for modules that are enabled (which is likely most of them) and that you may want to disable. DIsabling them will remove some files and rename others with ".idpsave" extensions, after which it's a simple matter to remove them since you shouldn't need them if you're disabling a feature you're not using.
...
So combining that one small thing with the principal settings, my (relevant) uncommented authn.properties values needed (for now) are:
...
Initial authn.properties Changes
| collapse | true
|---|
| Code Block |
idp.authn.Password.supportedPrincipals = \
saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport, \
saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password, \
saml1/urn:oasis:names:tc:SAML:1.0:am:password, \
saml2/urn:mace:osu.edu:shibboleth:ac:classes:basic, \
saml1/urn:mace:osu.edu:shibboleth:ac:classes:basic
idp.authn.Duo.nonBrowserSupported = true
idp.authn.Duo.supportedPrincipals = \
saml2/urn:mace:osu.edu:shibboleth:ac:classes:mfa, \
saml1/urn:mace:osu.edu:shibboleth:ac:classes:mfa, \
saml2/https://refeds.org/profile/mfa, \
saml1/https://refeds.org/profile/mfa
idp.authn.MFA.supportedPrincipals = \
saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport, \
saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password, \
saml1/urn:oasis:names:tc:SAML:1.0:am:password, \
saml2/urn:mace:osu.edu:shibboleth:ac:classes:basic, \
saml1/urn:mace:osu.edu:shibboleth:ac:classes:basic, \
saml2/urn:mace:osu.edu:shibboleth:ac:classes:mfa, \
saml1/urn:mace:osu.edu:shibboleth:ac:classes:mfa, \
saml2/https://refeds.org/profile/mfa, \
saml1/https://refeds.org/profile/mfa |
...