Configuring multiple IdP or SP in shibboleth2.xml
Application Overrides are used to provide multiple applications on a system via Shibboleth registration.
These will be explained with an example of a test and productive environment.
On the one hand it should be guaranteed that the to be linked application on Shibboleth is supplied both, as test and as productiv application.
Furthermore, you should setup an own Vhost in Apache (or suchlike) for each application, under which the application can be reached. https://httpd.apache.org/docs/2.4/vhosts/
Now the intersting part for us is following. The specific settings in the shibboleth2.xml.
<!-- To customize behavior, map hostnames and path components to applicationId and other settings. --> <RequestMapper type="Native"> <RequestMap applicationId="default"> <!-- The example requires a session for documents in /secure on the containing host with http and https on the default ports. Note that the name and port in the <Host> elements MUST match Apache's ServerName and Port directives or the IIS Site name in the <ISAPI> element below. --> <Host name="test.rwth-aachen.de">
<Path name="anwendungtest" authType="shibboleth" requireSession="true" applicationId="anwendungtest" /> </Host> <Host name="produktiv.rwth-aachen.de">
<Path name="anwendungprod" authType="shibboleth" requireSession="true" applicationId="anwendungprod" /> </Host> </RequestMap> </RequestMapper> <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. Resource requests are mapped by the RequestMapper to an applicationId that points into to this section. --> <ApplicationDefaults id="default" policyId="default" entityID="https://produktiv.rwth-aachen.de/shibboleth2" REMOTE_USER="eppn persistent-id targeted-id" signing="false" encryption="false"> ... <ApplicationOverride id="anwendungtest" entityID="https://test.rwth-aachen.de/anwendungtest/shibboleth" homeURL="https://test.rwth-aachen.de/anwendungtest"> <Sessions lifetime="28800" timeout="3600" checkAddress="false" consistentAddress="false" handlerURL="/anendungtest/Shibboleth.sso" handlerSSL="true" exportLocation="http://localhost/Shibboleth.sso/GetAssertion" exportACL="127.0.0.1" idpHistory="false" idpHistoryDays="7" cookieProps="https" redirectLimit="exact"> <!-- SSO verfügbar ab Shibboleth Service Provider (shibd) Version 2.4, ansonsten hier weiterhin <SessionInitiator> </Sessions> <MetadataProvider type="XML" uri="https://sso-test.rwth-aachen.de/metadata/rwth.metadata.xml" <SSO entityID="https://login.rz.rwth-aachen.de/shibboleth"> </Sessions> <MetadataProvider type="XML" uri="https://sso.rwth-aachen.de/metadata/rwth.metadata.xml" ... |
In addition you can find the official documentation here: https://wiki.shibboleth.net/confluence/x/fIBC, https://wiki.shibboleth.net/confluence/x/yYBC
