You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Identity Providers based on ADFS has in their metadata normally extensions that by default are note validated by Shibboleth Service Provider. This means that SWAMID metadata will not automatically be validated by Shibboleth SP unless you add support for some schemas used by Microsoft.

Add ws-* extensions validation to Shibboleth SP

  1. Download all schema files starting with "ws-" from https://git.swamid.se/?p=swamid-metadata.git;a=tree;f=schema;hb=HEAD and put them in the folder ${install_prefix}/share/xml/shibboleth/. The ws-* files are 2017-09-18
    • ws-addr.xsd
    • ws-authorization.xsd
    • ws-federation.xsd
    • ws-securitypolicy-1.2.xsd

  2. Add configuration in ${install_prefix}/share/xml/shibboleth/catalog.xml for downloaded schemas.

    Example ws-* schemas in catalog.xml
        <system systemId="http://www.w3.org/2005/08/addressing" uri="@-PKGXMLDIR-@/ws-addr.xsd"/>
    <system systemId="http://docs.oasis-open.org/wsfed/authorization/200706" uri="@-PKGXMLDIR-@/ws-authorization.xsd"/>
    <system systemId="http://docs.oasis-open.org/wsfed/federation/200706" uri="@-PKGXMLDIR-@/ws-federation.xsd"/>
    <system systemId="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" uri="@-PKGXMLDIR-@/ws-securitypolicy-1.2.xsd"/>
  3. Restart Shibboleth SP toactivate the new schemas.

 

  • No labels