ilias-lt4el-m30
-
2.
As ILIAS admin, go to the 'Administration >> Authentication and Registration'
options and click on the link for the 'Shibboleth' settings.
3. Activate the "Enable Shibboleth Support" checkbox on the top.
After defining the default user role for new users registering via Shibboleth
and the name of the Shibboleth federation this service is part of,
you have to define whether the Shibboleth users shall select their home
organization directly on the ILIAS login page or on an external page.
If you have chosen to use the ILIAS WAYF, you have to make sure that
Shibboleth is configured to have a default applicationId for the
element and that the default Shibboleth handlerURL is configured to be
"/Shibboleth.sso", which usually is the default setting for Shibboleth.
To check that, open the shibboleth.xml configuration file and lookg for the
element, which must have an attribute 'applicationId', e.g.
applicationId="default".
If you don't want to use the default session initiator (for example because
your ILIAS installation is part of several federation), you can specify
a location of a session initiator for a Identity Provider as a third
argument.
The session inititors can be found in the shibboleth.xml
configuration file as well.
If you chose to use an external WAYF, fill in an URL to an image that is to
be used for the login button.
Default ist 'images/shib_login_button.gif'
The login instructions can be used to place a message for Shibboleth users
on the login page.
These instructions are independent from the current
language the user has chosen.
Read below what you can use the data manipulation file for.
4. Fill in the fields of the form for the attribute mapping.
You need to provide
the names of the environment variables that contain the Shibboleth attributes
for the unique ID, firstname, surname, etc. This e.g. could be
'HTTP_SHIB_PERSON_SURNAME' for the person's last name.
Refer to
the Shibboleth documentation or the documentation of your Shibboleth
federation for information on which attributes are available.
Especially the field for the 'unique Shibboleth attribute' is of great
importance because this attribute is used for the user mapping between ILIAS
and Shibboleth users.
#############################################################################
Shibboleth Attributes needed by ILIAS:
For ILIAS to work properly Shibboleth should at least provide the attributes
that are used as firstname, lastname and email in ILIAS.
Furthermore, you have to provide an attribute that contains a unique
value for each use.
This could e.g. also be the users emailaddress.
This unique attribute is needed to map the ILIAS user name to a certain
Shibboleth user.