Externalizing parameters in attribute-resolver.xml to a propertiesfile

Leonard Kroll Leonard.Kroll at umb.edu
Mon Aug 27 14:53:15 EDT 2012 

Henry, 
 
Thank you  :-) 
 
 
 
 
Leonard Kroll
UNIX / GIS Administrator
Univ. Massachusetts Boston
Leonard(dot)Kroll(at)umb.edu
Phone: 617-287-5048
fax:      617-287-5224
 
-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On
Behalf Of Christopher Bongaarts
Sent: Monday, August 27, 2012 12:13 PM
To: users at shibboleth.net
Subject: Re: Externalizing parameters in attribute-resolver.xml to a
propertiesfile
 
On 8/27/2012 10:51 AM, Smith, Matthew J. wrote:
 
> I'd like to store Shib IdP configs in our git VCS, but do not want to
> check in files with sensitive information.  Is it possible to
> externalize parameters, such as the principalCredential of the LDAP
> DataConnector, to an external properties file which can be referenced
> by attribute-resolver.xml?  I have search the wiki to no avail, but
> if documentation for this already does exist, please feel free to
> just hit me over the head with it.
 
   https://wiki.shibboleth.net/confluence/display/SHIB2/IdPConfigResource
 
As an example, our services.xml:
 
     <srv:Service id="shibboleth.AttributeResolver"
              xsi:type="attribute-resolver:ShibbolethAttributeResolver"
              configurationResourcePollingFrequency="PT3M"
              configurationResourcePollingRetryAttempts="5">
         <srv:ConfigurationResource 
file="/.../idp/conf/attribute-resolver.xml" 
xsi:type="resource:FilesystemResource">
       <ResourceFilter xsi:type="PropertyReplacement"
                         xmlns="urn:mace:shibboleth:2.0:resource"
 
propertyFile="/.../idp/conf/attribute-resolver.xml.properties"/>
         </srv:ConfigurationResource>
     </srv:Service>
 
Then in attribute-resolver.xml:
 
     <resolver:DataConnector id="umnLDAP" xsi:type="LDAPDirectory" 
xmlns="urn:mace:shibboleth:2.0:resolver:dc"
         ldapURL="${ldap.url}"
         baseDN="o=university of minnesota,c=us"
         principal="cn=Shibboleth Manager,ou=Application 
Services,o=University of Minnesota,c=US"
         principalCredential="${ldap.password}">
 
Then in attribute-resolver.xml.properties:
 
ldap.url = ldap://ldap1.umn.edu ldap://ldap2.umn.edu ldap://ldap3.umn.edu
ldap.password = yeah_you_wish
 
-- 
%%  Christopher A. Bongaarts   %%  cab at umn.edu          %%
%%  OIT - Identity Management  %%  http://umn.edu/~cab  %%
%%  University of Minnesota    %%  +1 (612) 625-1809    %%
--
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120827/1f6139b0/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5995 bytes
Desc: not available
Url : http://shibboleth.net/pipermail/users/attachments/20120827/1f6139b0/attachment-0001.bin

More information about the users mailing list