Another day, another attribute
Rod Widdowson
rdw at steadingsoftware.com
Wed Nov 21 10:03:15 EST 2012
> Don't really want to use a depreciated method.
I hear you, but in the space in which you are working it is very common.
Although I cannot predict the future, I would say that it is unlikely that
the deprecated status of this connector will cause you too much pain going
forward (precisely because of the number of people using this).
>
https://www.edugate.ie/workshop-guides/shibboleth-2-identity-provider-instal
lation-linux-debian-or-ubuntu
>
> I can set this up but is this the way to go ?
Unless you are in the edugate federation I would say not. In general you
should look at the Shibboleth.net documentation as the primary source and
then the documentation for your federation as you secondary source.
In your case http://www.ukfederation.org.uk/content/Documents/Setup2IdP
seems apposite. Note in particular that it recommends using computed ID
connector. Also note the need to release the old, hideous, and nasty on the
wire format for eptid.
> Where is the commonname ? in my Microsoft AD entry I have a cn, is that
what I should use ?
I wouldn't use that. You need to use a seed which is guaranteed against
reuse. objectSid is a really good candidate (but note that it is binary).
Finally I suggest that you look at
http://svn.shibboleth.net/view/extensions/w2k3-installer/trunk/Shib2Resposit
ory/ShibConfig/conf-tmlp/ This is the overall configuration which is fed
into the Windows quick installer, which is specifically targeted against
active directory.
Rod
More information about the users
mailing list