...
Then run the gen-shib2.sh script, and answer the prompts, to generate shibboleth2.xml. For example:
| No Format |
|---|
# cd /etc/shibboleth
# cp /mit/touchstone/config/shibboleth2-sp/* .
# sh gen-shib2.sh
|
Note that any changes to the shibboleth2.xml, attribute-map.xml, and attribute-policy.xml files will be detected automatically, i.e. without requiring a restart of shibd.
Also, note that Shibboleth 2.x can check for and reload metadata automatically, obviating the need for a separate cron job to do so. The Touchstone-supplied shibboleth2.xml template is configured to do so for the MIT metadata, so, once 2.x is deployed, the cron job required in 1.3 can be removed.
| Anchor | ||||
|---|---|---|---|---|
|
Test the SP software
...
Adapt the web application and server configurations as necessary
The names of the environment variables mapped to Shibboleth attributes have changed in 2.x, to non-Shibboleth-specific names. For example the user's display (i.e. full) name is now passed via the displayName variable, whereas in 1.3 it was passed via HTTP_SHIB_INETORGPERSON_DISPLAYNAME.
Note that, by default, the Shibboleth-related headers are not passed to the application in 2.x; this is to avoid any problems with header spoofing. If you do need to use these headers in your application, add the following directive to your Apache configuration:
| Code Block |
|---|
ShibUseHeaders On
|
| Anchor | ||||
|---|---|---|---|---|
|