IDP 2.4.1 ECP

MA Lanxin ma at
Tue May 19 22:27:08 EDT 2015


I am trying to get ECP working with IDP 2.4.1 based on SL6.5 and Apache. I need to use LDAP authentication.

I have copied the web.xml file from /$IDP_INSTALL_HOME/shibboleth-identityprovider-2.4.1/src/main/webapp/WEB-INF/web.xml
to /opt/shibboleth-idp/conf/web.xml, I added the lines to web.xml

      <display-name>Shibboleth IdP</display-name>
<!-- Depending on the version of tomcat in use, you may also need this - a list of security roles referenced by this web application -->
    <description>The role that is required to access the ECP area</description>

I have made “RemoteUser” work successfully.  I added the lines in httpd.conf

 <Location /idp/profile/SAML2/SOAP/ECP>
  #AuthType kerberos
  #AuthName "SAML2 ECP"
  #require valid-user
    AuthzLDAPAuthoritative Off
    AuthBasicProvider ldap
    AuthLDAPURL ldap://,dc=ihep,dc=ac,dc=cn?cn
    AuthLDAPBindDN "cn=root,dc=ihep,dc=ac,dc=cn"
    AuthLDAPBindPassword "passwd"
    Require valid-user

I also added the  line in my idp metadata by hand
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location=""/>

Restart tomcat and apache

But ECP does not work.  I link to
I get an server error.
Here is the log in apache ssl_error_log
[Wed May 20 10:00:12 2015] [crit] [client] configuration error:  couldn't perform authentication. AuthType not set!: /idp/profile/SAML2/SOAP/ECP

Do I miss some configuration ?  Please help.

Thanks a lot,

More information about the users mailing list