The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

IdPQuickIInstallUserInput

Owned by Rod Widdowson
Last updated: Sept 24, 2010Version comment
2 min read

Input required from the user during instalation

During Installation The user is prompted for the following information:

  1. Installation Directory
    This is the root of the installation and will usually be \Program Files or \Program Files (x86) on the system drive. The user can override this to be wherever is appropriate.

  2. DNS Name of Host
    This is used to name the IdP endpoints in the generated metadata. It is populated from the environment variable USERDOMAIN.

  3. Ports
    These are the ports used by the IdP for user interaction ("Browser facing port") and for the backchannel connection ("Shibboleth facing port"). These values are used to configure Tomcat and to populate the IdP endpoints in the metadata. These default to the usual values of 443 and 8443

  4. Active Directory Name
    This is the name of the Domain from which the IdP will serve authentication and attributes. It is populated from the environment variable USERDNSDOMAIN.
    This value is primarily used to limit the search scope for LDAP lookups.

  5. Scope
    This is the scope that will be associated with eduPersonScopedAffiliation, eduPersonPrincipalName and the SAML1 variant of eduPersonTargetedID. Scope is often related to the Active Directory name or the DNS Name of the host, but there is never an algorithmic relation and so no default is provided. Values in US or UK academia often take the form orgname.edu or orgname.ac.uk .

    This is used to configure the attribute generation in the IdP and to populate the metadata.

  6. AD Server/Port
    These are used to generate the connection string for the LDAP connection. These are the parameters which select whether to run against a specific domain or a Global Catalog. If you specify the GC (port 3268 then the LDAP search path with be amended suitably.

  7. Username/Password
    This pair is used to provide access for the authentication and the attribute generation. The domain account associated with this pair should have only those permissions that are required to gain access to the AD LDAP.