© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
Hi Jane,
Yes, that is basically correct. You will need shibd running and the shib2 apache module, however each IdP will have its own metadata XML file and those are described in the main config file using MetadataProvider tags in the main Shibboleth config XML.
The documentation includes example configuration files for Shibboleth that show how to set things up so that different hostnames hosted by one Apache instance can use different IdPs, one for each. There's also a simpler one where there is only one hostname.
Shibboleth configuration can range very simple to extremely complex depending on the IdP requirements, but the two examples should cover most cases. Of note is the RequestMapper section of the (only slightly more) complex example XML, which tells shibd which IdP to use based on the Evergreen hostname that the request is coming from. That, in turn, sets the EntityID for the request, which will then match the appropriate EntityID on the MetadataProvider.
The attribute mapping will likely need to be adjusted, and that is described in the documentation as well.
There are some documented Apache settings that help Evergreen and shibd coordinate which IdP to use, as well.
And, finally, library settings can help Evergreen tell shibd which IdP to use based on the Shibboleth EntityID property in the shibd config file. Settings also tell Evergreen what the attributes are called on both the shibd and Evergreen sides of the conversation.
Does that help?