8-37
UserGuide for Cisco Digital Media Manager5.4.x
OL-15762-05
Chapter8 Authentication and Fe derated Identity
Procedures
Step2
Export SP
metadata from
CiscoDMS.
Export metadata from each SP that will participate in your Shibboleth CoT.
Tip
For CiscoDMS, see the “Export SP Me tadata from DMM” topic.
Step3
Import SP
metadata from
CiscoDMS.
Use SFTP or another method to save imported metadata where Shibboleth will accessit:
/opt/shibboleth-idp/metadata/
.
Step4
Log in remotely. Use SSH, remote desktop, VNC, or a direct console connection to log in remotely to the system
where you installed Shibboleth.
Step5
Edit the attribute
filter file.
a.
Open /opt/shibboleth-idp/conf/attribute-filter.xml for editing.
b.
Change the attributeID value (at or near line24) to uid.
<afp:AttributeRule attributeID="uid">
Step6
Edit the attribute
resolver file.
a.
Open /opt/shibboleth-idp/conf/attribute-resolver.xml for editing.
b.
Find this section:
<!- ========================================== ->
<!- Attribute Definitions ->
<!- ========================================== ->
c.
Enter these lines after the Attribute Definitions section heading, at or near line29.
<resolver:AttributeDefinition xsi:type="ad:Simple" id="uid"
sourceAttributeID="sAMAccountName">
<resolver:Dependency ref="myLDAP" />
<resolver:AttributeEncoder xsi:type="enc:SAML2String"
name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" />
<resolver:AttributeEncoder xsi:type="enc:SAML2StringNameID"
nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
</resolver:AttributeDefinition>
d.
Find this section:
<!- ========================================== ->
<!- Data Connectors ->
<!- ========================================== ->
e.
Enter these lines after the Data Connectors section heading, at or near line 288.
<resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
xmlns="urn:mace:shibboleth:2.0:resolver:dc"
ldapURL="ldap://<YOUR_ACTIVE_DIRECTORY_SERVER_IP>"
baseDN="cn=<USERBASE>, dc=<HOSTNAME>, dc=<EXAMPLE>, dc=<COM>"
principal="cn=<ADMINISTRATOR_CN>, cn=<USERBASE>, dc=<HOSTNAME>,
dc=<EXAMPLE>, dc=<COM>"
principalCredential="<ADMINISTTRATOR_PASSWORD>">
<dc:FilterTemplate>
<![CDATA[
(sAMAccountName=$requestContext.principalName)
]]>
</dc:FilterTemplate>
<LDAPProperty name="java.naming.referral" value="follow"/>
</resolver:DataConnector>