Skip to content

Commit

Permalink
Update shibM.adoc
Browse files Browse the repository at this point in the history
  • Loading branch information
@khazelton
khazelton authored Jul 2, 2021
1 parent 4a10f07 commit 0378148
Showing 1 changed file with 4 additions and 10 deletions.
14 changes: 4 additions & 10 deletions shibM.adoc
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
### Protecting midPoint with Shibboleth: Proper configuration

All that’s needful

* Protect the admin GUI with shib
** Edit .../midpoint.conf.auth.shibboleth to match this
** Edit ...container_files/httpd/conf/midpoint.conf.auth.shibbolethmidpoint.conf.auth.shibboleth to match this
[source,xml]
----
Timeout 2400
Expand All @@ -28,7 +26,7 @@ ProxyPass /midpoint ajp://localhost:9090/midpoint secret=s3cr3t timeout=2400 ret
</Location>
----

** Set the user name header to REMOTE_USER: Edit .../SecurityPolicy.xml
** Set the user name header to REMOTE_USER: Edit .../midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
[source,xml]
----
<modules>
Expand All @@ -41,7 +39,7 @@ ProxyPass /midpoint ajp://localhost:9090/midpoint secret=s3cr3t timeout=2400 ret
</modules>...
----

** Set Shibboleth as the authentication method for the midPoint admin GUI. Include the following in the list of <sequence> statements that follow after </modules> in the flexible authentication section of SecurityPolicy.xml.
** Set Shibboleth as the authentication method for the midPoint admin GUI. Include the following in the list of <sequence> statements that follow after </modules> in the flexible authentication section of the above file.

[source,xml]
----
Expand All @@ -64,7 +62,7 @@ ProxyPass /midpoint ajp://localhost:9090/midpoint secret=s3cr3t timeout=2400 ret
----


### Links to documentation
### Links to related documentation

https://docs.evolveum.com/midpoint/reference/security/authentication/flexible-authentication <= Flexible AuthN

Expand All @@ -75,7 +73,3 @@ https://spaces.at.internet2.edu/display/MID/Shibboleth+demo <= Shibboleth Demo
https://spaces.at.internet2.edu/display/MID/Grouper+integration+demo#Grouperintegrationdemo-SwitchingmidPointauthenticationtoShibboleth(optional) <= Switching midPoint authentication to Shibboleth (optional)

https://docs.evolveum.com/midpoint/reference/security/authentication/flexible-authentication/configuration/ <= Security Policy Example from Evolveum

Another crucial file: https://github.internet2.edu/docker/midPoint_container/blob/master/container_files/httpd/conf/midpoint.conf.auth.shibboleth

This file seems questionable: https://docs.evolveum.com/midpoint/devel/design/shibboleth-integration/

0 comments on commit 0378148

Please sign in to comment.