During Installation The user is prompted for the following information:
#Installation Directory
This is the root of the installation and will usually be \Program Files or \Program Files (x86) on the system drive.
The user can override this to be wherever is appropriate.
Note that installing into \Program Files (x86 will generate an error in the logging package used by the IdP. This is because of the parentheses in the name, see https://spaces.internet2.edu/display/SHIB2/IdPLogging. Fixing this involves modifying the logging.xml configuration file such that the logs point to a directory without brackets (for example, to \ProgramData\Internet2\IdP\Logs).
- DNS Name of Host
This is used to name the IdP endpoints in the generated metadata. It is populated from the environment variable USERDOMAIN. - Ports
These are the ports used by the IdP for user interaction ("Browser facing port") and for the backchannel connection ("Shibboleth facing port").
These values are used to configure Tomcat and to populate the IdP endpoints in the metadata. - Active Directory Name
This is the name of the Domain from which the IdP will serve authentication and attributes. It is populated from the environment variable UserDNSDomain.
This value is primarily used to limit the search scope for LDAP lookups. - Scope
This is the scope that will be associated with eduPersonScopedAffiliation, eduPersonPrincipalName and the SAML1 variant of eduPersonTargetedID. Scope is often related to the Active Directory name or the DNS Name of the host, but there is never an algorithmic relation and so no default is provided. Values in US or UK academia often take the form orgname.edu or orgname.ac.uk .
This is used to configure the attribute generation in the IdP and to populate the metadata. - AD Server/Port
These are used to generate the connection string for the LDAP connection. These are the parameters which select whether to run against a specific domain or a Global Catalog. - Username/Password
This pair is used to provide access for the authentication and the attribute generation. The domain account associated with this pair should have only those permissions that are required to gain access to the AD LDAP.