2 Active Directory Domains configured in Shibboleth v3

Cantor, Scott cantor.2 at osu.edu
Fri Sep 14 13:11:06 EDT 2018

> In the example provided it doesn’t show adding anything to the attribute.xml file, it only shows modifying the ldap-
> authn-config.xml file.  Is there something that needs modified in the attribute-resolver.xml file for multiple domains to
> be allowed?  I have not been able to find an example of the attribute-resolver.xml or ldap.properties files that are
> configured for multiple domains.

Attributes and authentication have nothing to do with each other, they're different subsystems doing different things with different code and share no inherent configuration unless you deliberately use properties to try and do so. Nothing documented for one has any necessary relevance to the other, for the most part.

The attribute resolver is designed to talk to any number of data sources, LDAP or otherwise, and you should not be trying to do two at once in one LDAPConnector if they're not mirrored redundant systems. If you are, I would imagine that's a good chunk of the problem.

-- Scott

More information about the users mailing list