testbed config mods

conf/authn/krb5-authn-config.xml

@@ -21,10 +21,10 @@
     The keytab bean must be an absolute file pathname and not a reference to a classpath resource,
     so if idp.home is not a path, don't use it in the value.
     -->
-    <!--
+
     <bean id="shibboleth.authn.Krb5.ServicePrincipal" class="java.lang.String" c:_0="HTTP/idp.testbed.tier.internet2.edu@TESTBED.TIER.INTERNET2.EDU" />
     <bean id="shibboleth.authn.Krb5.Keytab" class="java.lang.String" c:_0="%{idp.home}/credentials/http.keytab" />
-    -->
+
 
     <alias name="ValidateUsernamePasswordAgainstKerberos" alias="ValidateUsernamePassword"/>
 

conf/authn/password-authn-config.xml

@@ -14,8 +14,8 @@
 
     <!-- Choose an import based on the back-end you want to use. -->
     <!-- <import resource="jaas-authn-config.xml" /> -->
-    <!--<import resource="krb5-authn-config.xml" />-->
-    <import resource="ldap-authn-config.xml" />
+    <import resource="krb5-authn-config.xml" />
+    <!--<import resource="ldap-authn-config.xml" />-->
 
 
     <!-- Names of form fields to pull username and password from. -->

conf/idp.properties

@@ -2,10 +2,10 @@
 idp.additionalProperties= /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/authn/duo.properties
 
 # Set the entityID of the IdP
-idp.entityID= https://example.org/idp/shibboleth
+idp.entityID= https://idp.testbed.tier.internet2.edu/idp/shibboleth
 
 # Set the scope used in the attribute resolver for scoped attributes
-idp.scope= example.org
+idp.scope= testbed.tier.internet2.edu
 
 # General cookie properties (maxAge only applies to persistent cookies)
 #idp.cookie.secure = false

conf/ldap.properties

@@ -5,7 +5,7 @@
 #idp.authn.LDAP.authenticator                   = anonSearchAuthenticator
 
 ## Connection properties ##
-idp.authn.LDAP.ldapURL                          = ldap://localhost:10389
+idp.authn.LDAP.ldapURL                          = ldap://testbed.tier.internet2.edu
 idp.authn.LDAP.useStartTLS                     = false
 idp.authn.LDAP.useSSL                          = false
 # Time in milliseconds that connects will block
@@ -27,13 +27,13 @@ idp.authn.LDAP.returnAttributes                 = passwordExpirationTime,loginGr
 
 # Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator
 # for AD: CN=Users,DC=example,DC=org
-idp.authn.LDAP.baseDN                           = ou=people,dc=example,dc=org
+idp.authn.LDAP.baseDN                           = ou=People,dc=testbed,dc=tier,dc=internet2,dc=edu
 #idp.authn.LDAP.subtreeSearch                   = false
 idp.authn.LDAP.userFilter                       = (uid={user})
 # bind search configuration
 # for AD: idp.authn.LDAP.bindDN=adminuser@domain.com
-idp.authn.LDAP.bindDN                           = uid=myservice,ou=system
-idp.authn.LDAP.bindDNCredential                 = myServicePassword
+idp.authn.LDAP.bindDN                           = 
+idp.authn.LDAP.bindDNCredential                 = 
 
 # Format DN resolution, used by directAuthenticator, adAuthenticator
 # for AD use idp.authn.LDAP.dnFormat=%s@domain.com

conf/metadata-providers.xml

@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- This file is an EXAMPLE metadata configuration file. -->
 <MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider"
     xmlns="urn:mace:shibboleth:2.0:metadata"
     xmlns:resource="urn:mace:shibboleth:2.0:resource"
@@ -80,5 +79,8 @@
 
     </MetadataProvider>
 
+    <MetadataProvider id="testbed.tier" xsi:type="FilesystemMetadataProvider" metadataFile="/opt/shibboleth-idp/metadata/testbed-tier-metadata.xml"/>
+	<MetadataProvider id="sp.testbed.tier" xsi:type="FilesystemMetadataProvider" metadataFile="/opt/shibboleth-idp/metadata/sp-testbed-tier-metadata.xml"/>
+
 
 </MetadataProvider>