vi /etc/environment JAVA_HOME="/usr/lib/jvm/java-8-openjdk-amd64/" JRE_HOME="/usr/lib/jvm/java-8-openjdk-amd64/jre" cd /opt/shibboleth-idp/metadata/ wget --no-check-certificate -O sp1-metadata.xml https://sp1.local/Shibboleth.sso/Metadata wget --no-check-certificate -O sp2-metadata.xml https://sp2.local/Shibboleth.sso/Metadata chown tomcat8:tomcat8 *.xml vi /opt/shibboleth-idp/conf/metadata-providers.xml vi /opt/shibboleth-idp/conf/ldap.properties idp.authn.LDAP.authenticator = bindSearchAuthenticator idp.authn.LDAP.ldapURL = ldap://idp.local:389 idp.authn.LDAP.useStartTLS = false idp.authn.LDAP.baseDN = dc=users,dc=nodomain idp.authn.LDAP.userFilter = (uid={user}) idp.authn.LDAP.bindDN = cn=admin,dc=nodomain idp.authn.LDAP.bindDNCredential = shibboleth idp.attribute.resolver.LDAP.returnAttributes = * vi /opt/shibboleth-idp/conf/access-control.xml cd /opt/shibboleth-idp/conf/ cp attribute-resolver-full.xml attribute-resolver.xml ... alle Attribute aktivieren ... LDAP-DC ohne TLS vi /opt/shibboleth-idp/conf/attribute-filter.xml