to Homepage
You are located in service Identity Management
General information
RWTH Single Sign-On (via Shibboleth)
IT Center Help

You are located in service: Identity Management

Configuring multiple IdP or SP in shibboleth2.xml
Print page

Configuring multiple IdP or SP in shibboleth2.xml

 Detailinformation

Application Overrides are used to provide multiple applications on a system via Shibboleth registration.
These will be explained with an example of a test and productive environment.

On the one hand it should be guaranteed that the to be linked application on Shibboleth is supplied both, as test and as productiv application.
Furthermore, you should setup an own Vhost in Apache (or suchlike) for each application, under which the application can be reached. https://httpd.apache.org/docs/2.4/vhosts/

Now the intersting part for us is following. The specific settings in the shibboleth2.xml.

 

Version 2.4, ansonsten hier weiterhin  <SessionInitiator> 
verwenden --> 
            <SSO entityID="https://login-test.rz.rwth-aachen.de/shibboleth">
                SAML2
            </SSO>

         </Sessions>

         <MetadataProvider type="XML" uri="https://sso-test.rwth-aachen.de/metadata/rwth.metadata.xml"
            backingFilePath="sso-test.rwth.metadata.xml" reloadInterval="7200">
            <MetadataFilter type="Signature" certificate="/Pfad/zum/sso.pem"/>
         </MetadataProvider>
        </ApplicationOverride>

  
      <!-- produktiv ist jetzt eigentlich nicht nötig, da als Default
 definiert. Aber hier nochmal um den Unterschied darzustellen: -->
        <ApplicationOverride id="anwendungprod" entityID="https://produktiv.rwth-aachen.de/anwendungprod/shibboleth" homeURL="https://produktiv.rwth-aachen.de/anwendungprod">
         <Sessions lifetime="28800" timeout="3600" checkAddress="false" consistentAddress="false"
            handlerURL="/anendungprod/Shibboleth.sso" handlerSSL="true"
            exportLocation="http://localhost/Shibboleth.sso/GetAssertion" exportACL="127.0.0.1"
            idpHistory="false" idpHistoryDays="7" cookieProps="https">

            <SSO entityID="https://login.rz.rwth-aachen.de/shibboleth">
                SAML2
            </SSO>

         </Sessions>

         <MetadataProvider type="XML" uri="https://sso.rwth-aachen.de/metadata/rwth.metadata.xml"
            backingFilePath="sso.rwth.metadata.xml" reloadInterval="7200">
            <MetadataFilter type="Signature" certificate="/Pfad/zum/sso.pem"/>
         </MetadataProvider>
        </ApplicationOverride>

        ...

 

In addition you can find the official documentation here: https://wiki.shibboleth.net/confluence/x/fIBChttps://wiki.shibboleth.net/confluence/x/yYBC

last changed on 03/27/2023

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License
Chat