Домен Blitz Identity Provider#
Изменение домена Blitz Identity Provider осуществляется путем
редактирования в блоке настроек blitz.prod.local.idp.net
конфигурационного файла настройки domain.
Пример настройки:
"net" : {
"domain" : "demo.identityblitz.com"
}
При необходимости изменить в blitz.prod.local.idp.lang в блоке portal-lang-cookie значение настройки domain.
Пример фрагмента конфигурационного файла:
"lang" : {
…
"portal-lang-cookie" : {
"domain" : "identityblitz.com",
…
}
}
При необходимости можно изменить путь до приложений (по умолчанию
приложения доступны с использованием пути /blitz). Отредактировать
путь можно в конфигурационном файле play.conf. Нужно изменить
параметр context в блоке play.http:
"http" : {
"context" : "/blitz",
...
}
Изменить домен и путь Blitz Identity Provider в файлах
/blitz-config/saml/conf/relying-party.xml,
/blitz-config/saml/metadata/idp-metadata.xml.
Пример изменения настроек в relying-party.xml:
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<ns18:RelyingPartyGroup …>
<ns18:AnonymousRelyingParty
provider="https://demo.identityblitz.com/blitz/saml"
defaultSigningCredentialRef="IdPCredential"/>
<ns18:DefaultRelyingParty
provider="https://demo.identityblitz.com/blitz/saml"
defaultSigningCredentialRef="IdPCredential">
…
</ns18:DefaultRelyingParty>
…
</ns18:RelyingPartyGroup>
Пример изменения настроек в idp-metadata.xml:
<?xml version="1.0" encoding="UTF-8"?>
<EntityDescriptor … entityID="https://demo.identityblitz.com/blitz/saml">
<IDPSSODescriptor …>
…
<ArtifactResolutionService
Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
Location="https://demo.identityblitz.com/blitz/saml/profile/SAML1/SOAP/ArtifactResolution"
index="1"/>
<ArtifactResolutionService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://demo.identityblitz.com/blitz/saml/profile/SAML2/SOAP/ArtifactResolution"
index="2"/>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://demo.identityblitz.com/blitz/saml/profile/SAML2/Redirect/SLO"
ResponseLocation="https://demo.identityblitz.com/blitz/saml/profile/SAML2/Redirect/SLO"/>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Plain-Redirect"
Location="https://demo.identityblitz.com/blitz/saml/profile/SAML2/Redirect/Plain/SLO"
ResponseLocation=
"https://demo.identityblitz.com/blitz/saml/profile/SAML2/Redirect/Plain/SLO"/>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://demo.identityblitz.com/blitz/saml/profile/SAML2/SOAP/SLO" />
…
<SingleSignOnService
Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
Location="https://demo.identityblitz.com/blitz/saml/profile/Shibboleth/SSO"/>
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://demo.identityblitz.com/blitz/saml/profile/SAML2/POST/SSO"/>
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
Location="https://demo.identityblitz.com/blitz/saml/profile/SAML2/POST-SimpleSign/SSO"/>
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://demo.identityblitz.com/blitz/saml/profile/SAML2/Redirect/SSO"/>
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Plain-Redirect"
Location="https://demo.identityblitz.com/blitz/saml/profile/SAML2/Redirect/Plain/SSO"/>
</IDPSSODescriptor>
<AttributeAuthorityDescriptor …>
…
<AttributeService
Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
Location="https://demo.identityblitz.com/blitz/saml/profile/SAML1/SOAP/AttributeQuery"/>
<AttributeService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://demo.identityblitz.com/blitz/saml/profile/SAML2/SOAP/AttributeQuery"/>
…
</AttributeAuthorityDescriptor>
</EntityDescriptor>