...
- shibboleth2.xml (main SP configuration file)
- attribute-map.xml (defines our attribute mappings)
- native.logger (configures Apache module logging – we modify the stock configuration to log under /var/log/shibboleth instead of /var/log/httpd, because the apache user must have write access to the directory)
Create the directory for the native logger, and make it writable by the Apache user:
| No Format |
|---|
# mkdir /var/log/shibboleth/httpd
# chown apache /var/log/shibboleth/httpd
|
The Apache module will log to the native.log file in this directory.
Note: SELinux must be set to permissive mode in order for the SP to function properly; otherwise (without modifying policy) its Apache module will be unable to connect to shibd's Unix socket (which lives in /var/run/shibboleth/). Edit /etc/selinux/config accordingly.