Shibboleth 2 Identity Provider Configuration
The Shibboleth 2 IdP uses the following configuration files to control various aspects of its operation:
- attribute-filter.xml: Configures the release of attributes to SP's.
- attribute-resolver.xml: Configures attribute collection, transformation, and encoding.
- handler.xml: Configures how the IdP receives and responds to various message types.
- relying-party.xml: Configures how the IdP processes messages that are received.
- logging.xml: Configuration of the IdP's logging system. You might want to use this to debug problems.
- login.config: Configuration for the Username/Password authentication mechanism.
- service.xml: Configuration for coarse grained IdP components. Most people will never edit this.
- internal.xml: Low-level IdP configuration file. Most people will never edit this.
- tc_config.xml: Terracotta clustering configuration. Added in 2.1.
It also relies on configuration of the web environment for some features.
Basic Configuration Tasks
The following tasks are basic configuration operations performed by most deployers.
The following tasks are usually not necessary for many IdP deployments and are more complicated than the basic configuration tasks and as such should not be done without a good understanding of how the IdP operates.
Advanced Configuration Tasks
The following tasks are rarely needed for an IdP deployment. They can be quite complicated and should not be attempted without an excellent understanding on how the operation operates. Mistakes in these configurations can leave the IdP inoperable or insecure.
Configure a new Trust Engine
Describes how to configure a new trust engine that may be used to validate signatures and client certificates.
Customize IdP Configuration Loading
Describes how to customize the manner in which the IdP loads its configuration information. This includes loading configuration from URLs, enabling configuration reloading, etc.
Deployer Contributed Tasks
The following tasks are descriptions contributed by IdP deployers. The are generally tasks that span multiple configuration locations (i.e. authentication and attribute management). The content of these documents are not watched as closely by the Shibboleth development team and may fall out of date as new releases are made. If this occurs please contact the development on the user's mailing list