2 Active Directory Domains configured in Shibboleth v3
MRochford at STARKSTATE.EDU
Fri Sep 14 11:44:50 EDT 2018
We have 2 Microsoft Active Directory domains that we need to use for Shibboleth authentication. Individually I can authenticate against either domain, but when I've attempted to configure both domains to be used at the same time I run into multiple errors.
I've attempted to follow the example provided here: https://wiki.shibboleth.net/confluence/display/IDP30/LDAPAuthnConfiguration#LDAPAuthnConfiguration-MultipleDirectories under the example for Two Active Directories with two DN Resolvers for each.
This is basically what I'm attempting to do but with only a single DN Resolver for each. It seems like I'm missing something that connects the ldap.properties, attribute-resolver.xml and ldap-authn-config.xml file together. When I copy and paste the example from above I get an error for the attribute-resolver.xml file that prevent Shibboleth from starting. The only modification to the example code I've done is to remove the second DN Resolvers for each domain since I don't need those.
In the example provided it doesn't show adding anything to the attribute.xml file, it only shows modifying the ldap-authn-config.xml file. Is there something that needs modified in the attribute-resolver.xml file for multiple domains to be allowed? I have not been able to find an example of the attribute-resolver.xml or ldap.properties files that are configured for multiple domains.
Stark State College
mrochford at starkstate.edu<mailto:mrochford at starkstate.edu>
330-494-6170 x 4244
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users