Shibboleth for Adobe.com

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Shibboleth for Adobe.com

Smith, Michael

We are running Shibboleth V2 and trying to authenticate to Adobe.com. The instructions provided seem to be in a different format that what we are using. One section states to add the following to our relying-party but it doesn’t match our formatting. It specifically states add the line with the nameIDFormatPrecedence.

How would I add this in Shibboleth V2 that does not use bean formatting.

 

<bean id="shibboleth.DefaultRelyingParty" parent="RelyingParty">

    <property name="profileConfigurations">

        <list>

            <bean parent="Shibboleth.SSO" p:postAuthenticationFlows="attribute-release" />

            <ref bean="SAML1.AttributeQuery" />

            <ref bean="SAML1.ArtifactResolution" />

            <bean parent="SAML2.SSO" p:nameIDFormatPrecedence="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" p:postAuthenticationFlows="attribute-release" />

            <ref bean="SAML2.ECP" />

            <ref bean="SAML2.Logout" />

            <ref bean="SAML2.AttributeQuery" />

            <ref bean="SAML2.ArtifactResolution" />

            <ref bean="Liberty.SSOS" />

        </list>

    </property>

</bean>

 

Michael Smith

System Admin

Office 281-283-2930

Mobile 832-731-7764

 


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Shibboleth for Adobe.com

Peter Schober
* Smith, Michael <[hidden email]> [2018-06-13 20:45]:
> We are running Shibboleth V2 and trying to authenticate to
> Adobe.com. The instructions provided seem to be in a different
> format that what we are using. One section states to add the
> following to our relying-party but it doesn't match our
> formatting. It specifically states add the line with the
> nameIDFormatPrecedence.

Since you'll have to manage local SAML Metadata for that SP anyway
(they don't seem to be part of any federation) it's easier to just add
the required NameID format in a NameIDFormat element there (after any
SingleLogoutService and before AssertionConsumerService elements).

> How would I add this in Shibboleth V2 that does not use bean formatting.

You wouldn't, IDPv2 is EOL for years now.

Other than that the documentation is here:
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPNameIdentifier
and here:
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPRelyingParty

-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Shibboleth for Adobe.com

David Huebner
In reply to this post by Smith, Michael
Basically follow https://wiki.shibboleth.net/confluence/display/SHIB2/IdPRelyingParty, however you really should not use V2 anymore.

On 13.06.2018 20:44, Smith, Michael wrote:

We are running Shibboleth V2 and trying to authenticate to Adobe.com. The instructions provided seem to be in a different format that what we are using. One section states to add the following to our relying-party but it doesn’t match our formatting. It specifically states add the line with the nameIDFormatPrecedence.

How would I add this in Shibboleth V2 that does not use bean formatting.

 

<bean id="shibboleth.DefaultRelyingParty" parent="RelyingParty">

    <property name="profileConfigurations">

        <list>

            <bean parent="Shibboleth.SSO" p:postAuthenticationFlows="attribute-release" />

            <ref bean="SAML1.AttributeQuery" />

            <ref bean="SAML1.ArtifactResolution" />

            <bean parent="SAML2.SSO" p:nameIDFormatPrecedence="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" p:postAuthenticationFlows="attribute-release" />

            <ref bean="SAML2.ECP" />

            <ref bean="SAML2.Logout" />

            <ref bean="SAML2.AttributeQuery" />

            <ref bean="SAML2.ArtifactResolution" />

            <ref bean="Liberty.SSOS" />

        </list>

    </property>

</bean>

 

Michael Smith

System Admin

Office 281-283-2930

Mobile 832-731-7764

 





--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]

smime.p7s (3K) Download Attachment