This module implements an authentication flow for Shibboleth Identity Provider v3 that interacts with a [Wilma] (https://help.starsoft.fi/?q=node/106) instance. The module can be used for outsourcing the authentication to a Wilma instance instead of for instance prompting and validating the user credentials locally.
- Java 17+
- Apache Maven 3
mvn package
After successful compilation, the target directory contains shibboleth-idp-authn-wilma-.zip.
After compilation, the module's JAR-files must be deployed to the IdP Web application. Also, the module's authentication flow and its bean definitions must be deployed to the IdP. Depending on the IdP installation, the module deployment may be achieved for instance with the following sequence:
unzip target/shibboleth-idp-authn-wilma-<version>.zip
cp shibboleth-idp-authn-wilma-<version>/edit-webapp/WEB-INF/lib/* /opt/shibboleth-idp/edit-webapp/WEB-INF/lib
cp -r shibboleth-idp-authn-wilma-<version>/flows/* /opt/shibboleth-idp/flows
cp shibboleth-idp-authn-wilma-<version>/conf/* /opt/shibboleth-idp/conf/authn
cd /opt/shibboleth-idp
sh bin/build.sh
The final command will rebuild the war-package for the IdP application.
The remote Wilma instance's MPASS endpoint and the shared secret must be configured in the file /opt/shibboleth-idp/flows/authn/Wilma/wilme-beans.xml.
Finally, you will need to add the new authentication flow definition(s) to /opt/shibboleth-idp/conf/authn/general-authn.xml:
<bean id="authn/Wilma" parent="shibboleth.AuthenticationFlow"
p:nonBrowserSupported="false" p:forcedAuthenticationSupported="true"/>
The flow definition must also be enabled via idp.authn.flows variable in /opt/shibboleth-idp/conf/idp.properties.