Shibboleth IdP v3.2.1 & LDAP+AD Authentication
Marco Malavolti
marco.malavolti at garr.it
Tue May 31 11:06:04 EDT 2016
Good evening at all,
I have successfully installed and configured the new Shibboleth IdP
v3.2.1, but I have a problem: I don't know how can I change the
"*ldap-authn-config.xml*" to use both openLDAP and ActiveDirectory to
authenticate my users.
I have tried to follow this page:
https://wiki.shibboleth.net/confluence/display/IDP30/LDAPAuthnConfiguration
But I think I need a sort of aggreate authenticators to be able to join
the "*aggregateAuthenticator*" (openLDAP) and
"*adAggregateAuthenticator*" (Active Directory) on only one
Authenticator that I can use and configure on my ldap.properties file:
*openLDAP beans:*
|<||bean| |name||=||"*aggregateAuthenticator*"|
|class||=||"org.ldaptive.auth.Authenticator"||>|
|||<||constructor-arg| |index||=||"0"| |ref||=||"aggregateDnResolver"| |/>|
|||<||constructor-arg| |index||=||"1"| |ref||=||"aggregateAuthHandler"| |/>|
|</||bean||>|
|<||bean| |id||=||"aggregateDnResolver"|
|class||=||"org.ldaptive.auth.AggregateDnResolver"||>|
|||<||constructor-arg| |index||=||"0"| |ref||=||"dnResolvers"| |/>|
|</||bean||>|
|<||bean| |id||=||"aggregateAuthHandler"|
|class||=||"org.ldaptive.auth.AggregateDnResolver$AuthenticationHandler"|
|p:authenticationHandlers-ref||=||"authHandlers"| |/>|
|<||util:map| |id||=||"dnResolvers"||>|
|||<||entry| |key||=||"directory1"| |value-ref||=||"dnResolver1"| |/>|
|||<||entry| |key||=||"directory2"| |value-ref||=||"dnResolver2"| |/>|
|</||util:map||>|
|<||util:map| |id||=||"authHandlers"||>|
|||<||entry| |key||=||"directory1"| |value-ref||=||"authHandler1"| |/>|
|||<||entry| |key||=||"directory2"| |value-ref||=||"authHandler2"| |/>|
|</||util:map||>
|
|<!-- define DN resolvers and authentication handlers for each
directory... -->|
*Active Directory beans:*
|||||<!-- ldap.properties "idp.authn.LDAP.authenticator =
adAggregateAuthenticator" -->|
|||<||bean| |id||=||"*adAggregateAuthenticator*"|
|class||=||"org.ldaptive.auth.Authenticator"|
|||p:authenticationResponseHandlers-ref||=||"adAuthenticationResponseHandler"||>|
|||<||constructor-arg| |index||=||"0"| |ref||=||"adAggregateDnResolver"|
|/>|
|||<||constructor-arg| |index||=||"1"|
|ref||=||"adAggregateAuthHandler"| |/>|
|||</||bean||>|
|||<||bean| |id||=||"adAuthenticationResponseHandler"|
|class||=||"org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler"|
|/>|
|||<||bean| |id||=||"adAggregateDnResolver"|
|class||=||"org.ldaptive.auth.AggregateDnResolver"||>|
|||<||constructor-arg| |index||=||"0"| |ref||=||"adDnResolvers"| |/>|
|||</||bean||>|
|||<||bean| |id||=||"adAggregateAuthHandler"|
|class||=||"org.ldaptive.auth.AggregateDnResolver$AuthenticationHandler"|
|||p:authenticationHandlers-ref||=||"adAuthHandlers"| |/>|
|||<||util:map| |id||=||"adDnResolvers"||>|
|||<||entry| |key||=||"directory1_filter1"|
|value-ref||=||"adDnResolver1"| |/>|
|||<||entry| |key||=||"directory2_filter3"|
|value-ref||=||"adDnResolver2"| |/>|
|||</||util:map||>|
|<!-- define DN resolvers and authentication handlers for each
directory... -->|
Someone of you already know a solution for this use case? What I need to
do to solve this situation and authenticate the users provided by both
directories?
I didn't find a class on ldaptive javadocs that can help me...
Can you help me, please?
Thank you very much for all help that you can give to me.
Best Regards,
--
Marco Malavolti
Consortium GARR - Servizio IDEM GARR AAI
Via dei Tizii, 6 - I-00185 (ROMA)
CF: 37284570583 - PI:07577141000
Skype: marco.mala
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160531/cce16246/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3608 bytes
Desc: Firma crittografica S/MIME
URL: <http://shibboleth.net/pipermail/users/attachments/20160531/cce16246/attachment-0001.p7s>
More information about the users
mailing list