Shibboleth Identity Provider Reconfiguration

back to main?

Adding configuration files

Download  Configuration File and  Configuration File Schema and place them both in you application [IDP_HOME]/conf/ directory (along with other Shibboleth configuration XMLs)

Adding .jar-s

Unpack your .war file and add following .jar-s to [war]/WEB-INF/lib folder.

  • idp-facebook-login-1.1.jar (ready to download from this site)
  • gson-1.7.1.jar
  • guava-10.0.1.jar
  • and all JDBC connectors neccesary i.e.:
    • mysql-connector-java-5.1.18-bin.jar
    • postgresql-9.1-901.jdbc4.jar

Pack you .war file and deploy it.


Add servlet definition to your web.xml file







Add path to Configuration File by defining new servlet context parameter in web.xml





Add to your file

<ph:LoginHandler xsi:type="ph:ExternalAuthn" externalAuthnPath="/Authn/fb"> <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>

Remember that LoginHandler type=PreviousSession must be active in order to maintain SSO connetions

Register your application in Facebook

see more at IdpFbRegistration

Customize your fb_psnc.xml configuration file

see more at IdpConfFile


When FLS finishes processing user request artificial attribute Principal will be generated. This "fake" attribute have following syntax

FbAttribute1, FbAttribute2, ... , FbAttributeN, SqlAttribute1, SqlAttribute2, ... , SqlAttributeM

And it can be described by following regular expression

(.+), (.+), (.+), (.+), (.+), (.+), (.+) .... (n+m times)

Now 'Principal' can be easily mapped on actual attributes values. (For n+m=6)

<resolver:AttributeDefinition xsi:type="ad:Mapped" id="MY_ATTR_NAME" xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="principal">

<resolver:Dependency ref="principal" />
<resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="urn:mace:dir:attribute-def:MY_ATTR_NAME" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="urn:oid:0.9.2342.19200300.200.1.1" friendlyName="MY_ATTR_NAME" />

<ad:DefaultValue passThru="true" />


<ad:SourceValue>(.+), (.+), (.+), (.+), (.+), (.+), (.+)</ad:SourceValue>



If <SourceValue> element contains wrong number of (.*) all final attributes will be assigned with full value of Principal

All Data Connectors in attribute-resolver.xml should be commented out.


  • fb_psnc.xsd Download (17.8 KB) - added by jaftowicz 8 years ago. XML Schema for FLS configuration file
  • fb_psnc.xml Download (3.4 KB) - added by jaftowicz 8 years ago. Sample configuration file for FLS