Shibboleth SP Configuration
ActiveShareFS integrates Shibboleth SP with SharePoint. The integration between Shibboleth SP and an identity provider is out of scope for this documentation. However, we will try to cover a basic example here.
Most likely, you will want to download the x64 bit edition of Shibboleth SP. Please refer to the documentation for further information on Shibboleth SP. After installing it, you will modify two files:
shibboleth2.xml
Add a site with the id corresponding to the Site ID in IIS:
<InProcess logger="native.logger">
<ISAPI normalizeRequest="true" safeHeaderNames="true">
<Site id="1293871823" name="mysp.example.com"/>
</ISAPI>
</InProcess>
Add a host in the RequestMap corresponding to the above. Make sure that requireSession is set to false. We will rely on SharePoint and ASFS to trigger the session initiation:
<Host name="mysp.example.com" authType="shibboleth" requireSession="false"/>
Set the entityID of the Shibboleth SP:
<ApplicationDefaults entityID="https://mysp.example.org/shibboleth"
REMOTE_USER="eppn persistent-id targeted-id">
Configure the SP’s default IdP:
<SSO entityID="https://someidp.example.org/idp/shibboleth">
SAML2 SAML1
</SSO>
Add the IdP metadata:
<MetadataProvider type="XML" file="someidp-metadata.xml"/>
attribute-map.xml
The identity provider will release SAML attributes to Shibboleth SP. Configure the attribute-map.xml to map these attributes:
<Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="email"/>
<Attribute name="urn:oid:2.5.4.3" id="cn"/>
<Attribute name="urn:oid:2.5.4.4" id="sn"/>
<Attribute name="uidattributename" id="uid"/>
<Attribute name="urn:oid:2.16.840.1.113730.3.1.241" id="displayname"/>
Next, you will need to configure the identity provider to trust this service provider. To do that, the identity provider must be configured with the SP metadata. You can obtain a generated one by going to http(s)://mysp.example.com/Shibboleth.sso/Metadata. Next, we are ready to install ActiveShareFS.