vi /etc/environment
JAVA_HOME="/usr/lib/jvm/java-8-openjdk-amd64/"
JRE_HOME="/usr/lib/jvm/java-8-openjdk-amd64/jre"
cd /opt/shibboleth-idp/metadata/
wget --no-check-certificate -O sp1-metadata.xml https://sp1.local/Shibboleth.sso/Metadata
wget --no-check-certificate -O sp2-metadata.xml https://sp2.local/Shibboleth.sso/Metadata
chown tomcat8:tomcat8 *.xml
vi /opt/shibboleth-idp/conf/metadata-providers.xml
vi /opt/shibboleth-idp/conf/ldap.properties
idp.authn.LDAP.authenticator = bindSearchAuthenticator
idp.authn.LDAP.ldapURL = ldap://idp.local:389
idp.authn.LDAP.useStartTLS = false
idp.authn.LDAP.baseDN = dc=users,dc=nodomain
idp.authn.LDAP.userFilter = (uid={user})
idp.authn.LDAP.bindDN = cn=admin,dc=nodomain
idp.authn.LDAP.bindDNCredential = shibboleth
idp.attribute.resolver.LDAP.returnAttributes = *
vi /opt/shibboleth-idp/conf/access-control.xml
cd /opt/shibboleth-idp/conf/
cp attribute-resolver-full.xml attribute-resolver.xml
... alle Attribute aktivieren
... LDAP-DC ohne TLS
vi /opt/shibboleth-idp/conf/attribute-filter.xml