Shibboleth Identity Provider Reconfiguration

back to main?

Adding configuration files

Download  Configuration File and  Configuration File Schema and place them both in you application [IDP_HOME]/conf/ directory (along with other Shibboleth configuration XMLs)

Adding .jar-s

Unpack your .war file and add following .jar-s to [war]/WEB-INF/lib folder.

  • idp-facebook-login-1.1.jar (ready to download from this site)
  • gson-1.7.1.jar
  • guava-10.0.1.jar
  • and all JDBC connectors neccesary i.e.:
    • mysql-connector-java-5.1.18-bin.jar
    • postgresql-9.1-901.jdbc4.jar

Pack you .war file and deploy it.

web.xml

Add servlet definition to your web.xml file

<servlet>

<servlet-name>FacebookLoginServlet</servlet-name>
<servlet-class>pl.psnc.synat.idp.FacebookLoginServlet</servlet-class>

</servlet>

<servlet-mapping>

<servlet-name>FacebookLoginServlet</servlet-name>
<url-pattern>/Authn/fb</url-pattern>

</servlet-mapping>

Add path to Configuration File by defining new servlet context parameter in web.xml

<context-param>

<param-name>facebookServletConfig</param-name>
<param-value>[IDP_HOME]/conf/fb_psnc.xml</param-value>

</context-param>

handlers.xml

Add to your file

<ph:LoginHandler xsi:type="ph:ExternalAuthn" externalAuthnPath="/Authn/fb"> <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
</ph:LoginHandler>

Remember that LoginHandler type=PreviousSession must be active in order to maintain SSO connetions

Register your application in Facebook

see more at IdpFbRegistration

Customize your fb_psnc.xml configuration file

see more at IdpConfFile

attribute-resolver.xml

When FLS finishes processing user request artificial attribute Principal will be generated. This "fake" attribute have following syntax

FbAttribute1, FbAttribute2, ... , FbAttributeN, SqlAttribute1, SqlAttribute2, ... , SqlAttributeM

And it can be described by following regular expression

(.+), (.+), (.+), (.+), (.+), (.+), (.+) .... (n+m times)

Now 'Principal' can be easily mapped on actual attributes values. (For n+m=6)

<resolver:AttributeDefinition xsi:type="ad:Mapped" id="MY_ATTR_NAME" xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="principal">

<resolver:Dependency ref="principal" />
<resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="urn:mace:dir:attribute-def:MY_ATTR_NAME" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="urn:oid:0.9.2342.19200300.200.1.1" friendlyName="MY_ATTR_NAME" />

<ad:DefaultValue passThru="true" />

<ad:ValueMap>

<ad:ReturnValue>$2</ad:ReturnValue>
<ad:SourceValue>(.+), (.+), (.+), (.+), (.+), (.+), (.+)</ad:SourceValue>

</ad:ValueMap>

</resolver:AttributeDefinition>

If <SourceValue> element contains wrong number of (.*) all final attributes will be assigned with full value of Principal

All Data Connectors in attribute-resolver.xml should be commented out.

Attachments

  • fb_psnc.xsd Download (17.8 KB) - added by jaftowicz 7 years ago. XML Schema for FLS configuration file
  • fb_psnc.xml Download (3.4 KB) - added by jaftowicz 7 years ago. Sample configuration file for FLS