| Warning |
|---|
This is a draft.Please do not follow this (yet) |
IdP software upgrade
If you are running IdP v1.3 or lower consider the following before upgrading to IdP software.
...
Did you customize IdP 1.3 in any way? Most istallers installers have customized to some degree. If you did, do the same i 2.x
Post jsp, Error pages
IdP 1.3 used a used idppost.jsp to post authn assertion to SP's, where as 2.x uses velocity templates. If you customized the post jsp, you will have to customize the velocity templates as well.
You will find the templates at ...
Customize ad and copy them to $IDP/webapps/WEB-INF/classes/templates. This will override the default templates that is bundled in the jar.
...
It s different for each school. UCLA uses custom authentication service hosted by at a different domaingroup in the campus. We used RemoteUSerAuthetication handler. If you are using LDAP auth cosilt or some other authn consult Shibboleth wiki/forum.
handler.xml* Upgrade the software
* Integrate with UCLA SSO
* Convert ARP
h3 Convert ARP
in 2.x AFP replaces ARP. Schema is completely different. Handcoding/converting ARP to AFP is an arduous tasks if you have many AFPs. UCLA had 200+ custom release policies.
We developed a tool to convert the ARP to AFP.
h3 ePTID
Is any of your relying party dependent on ePTID? Implementation may be different in 2.x. Make sure same algorithm is used to generate ePTID.
At UCLA we took a chance and implemented new. Our 1.3 implem,entation was buggy. No one complained so far.
ePTID may be stored in a database. You don't eed to generate on the fly. WE thought it is an additioanl dependency. We chose to generate on the fly, at the expense of run time performace (which is negligible now a days)
* Discovery Service
* Session Clustering using Terracotta
...