2 Active Directory Domains configured in Shibboleth v3

Rochford, Mike MRochford at STARKSTATE.EDU
Fri Sep 14 11:44:50 EDT 2018

We have 2 Microsoft Active Directory domains that we need to use for Shibboleth authentication.  Individually I can authenticate against either domain, but when I've attempted to configure both domains to be used at the same time I run into multiple errors.

I've attempted to follow the example provided here: https://wiki.shibboleth.net/confluence/display/IDP30/LDAPAuthnConfiguration#LDAPAuthnConfiguration-MultipleDirectories under the example for Two Active Directories with two DN Resolvers for each.

This is basically what I'm attempting to do but with only a single DN Resolver for each.  It seems like I'm missing something that connects the ldap.properties, attribute-resolver.xml and ldap-authn-config.xml file together.  When I copy and paste the example from above I get an error for the attribute-resolver.xml file that prevent Shibboleth from starting.  The only modification to the example code I've done is to remove the second DN Resolvers for each domain since I don't need those.

In the example provided it doesn't show adding anything to the attribute.xml file, it only shows modifying the ldap-authn-config.xml file.  Is there something that needs modified in the attribute-resolver.xml file for multiple domains to be allowed?  I have not been able to find an example of the attribute-resolver.xml or ldap.properties files that are configured for multiple domains.

Mike Rochford
IT Manager
Stark State College
mrochford at starkstate.edu<mailto:mrochford at starkstate.edu>
330-494-6170 x 4244

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180914/1f7752a2/attachment.html>

More information about the users mailing list