Below is an example bootstrap-v4.ini file. The file contains three sections, [main], [ldap] and [advanced] that indicate the type of information that is required. In the advanced section, please consider carefully before changing any of the default values.


The following is only an example, do NOT use, please use the latest version from the AAF GitHub repository.
https://github.com/ausaccessfed/shibboleth-idp4-installer



[main]
############################ BOOTSTRAP CONFIGURATION ###########################
#
# MANDATORY SECTION - YOU MUST REVIEW AND SET EACH VALUE
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# Specify the entity ID (technical name) of the IdP. This value is options and
# can be left unset. If usent, the entity ID will be created based on the HOST_NAME 
# value below.

ENTITY_ID=https://idp.example.edu/idp/shibboleth

# Specify the externally facing address for this IdP. Typically you would have
# a DNS entry for this. Do *NOT* use 'localhost' or any other local address.
HOST_NAME=idp.example.edu
 
# The federation environment
# Allowable values: {test, production} (case-sensitive)
ENVIRONMENT=test

# Your Organisation's name
ORGANISATION_NAME="The University of Example"

# The base domain for your organisation
ORGANISATION_BASE_DOMAIN=example.edu

# Your schacHomeOrganizationType.
# See http://www.terena.org/activities/tf-emc2/schacreleases.html
# Relevant values are:
# urn:mace:terena.org:schac:homeOrganizationType:au:university
# urn:mace:terena.org:schac:homeOrganizationType:au:research-institution
# urn:mace:terena.org:schac:homeOrganizationType:au:other
HOME_ORG_TYPE=urn:mace:terena.org:schac:homeOrganizationType:au:university

# The attribute used for AuEduPersonSharedToken, eduPersonTargetedId and
# the persistent Name ID value generation.
#
# IMPORTANT: The generation of AuEduPersonSharedToken and EduPersonTargetedId
# require the value from the specified source attribute. If the value changes,
# it will change the AuEduPersonSharedToken and EduPersonTargetedId. This will
# cause the user to lose access in the federation. It is *critical* that you
# specify an attribute that will never change.
#
#
# Generally use uid for most LDAP servers and sAMAccountName for MS Active
# Directoy. In some situations the directory will use cn (commonName) to hold
# the users unique login name.
#
# The attribute choose MUST provide a unique single value for ALL user. If
# this is not the case no value will be provide for the auEduPersonSharedToken.
#
SOURCE_ATTRIBUTE_ID=uid

# Perform a yum update as part of the bootstrap and every time you run
# the update-idp script to ensure all of your operating system software is
# patched and up to date. Setting this value to "true" is recommended.
# Valid values are either "true" or "false".
YUM_UPDATE=true

[ldap]
# OPTIONAL SECTION
# ~~~~~~~~~~~~~~~~

#  LDAP URL the Shibboleth IdP will connect to. The URL can only contain  the scheme,
#  address, and port. If a secure (recommended) connection is being make to the LDAP 
# server additional configuration will be required.
LDAP_URL=ldap://ldap.example.edu:389

# Point from where LDAP will search for users
LDAP_BASE_DN="ou=Users,dc=example,dc=edu"

# The administrator's bind dn
LDAP_BIND_DN="cn=Manager,dc=example,dc=edu"

# The administrator's password
# Note: If any of the following special characters appear in your
# password you must add an escape "\" before each one.
# The special characters are
# - $ (Dollars),
# - " (Double quote),
# - / (Forward Slash)
# Back Slash MUST never be used!
# The password: 'ReQ$-"/xxp4' would be entered as 'ReQ\$-\"\/xxp4'
#
LDAP_BIND_DN_PASSWORD="p@ssw0rd"

# Specify the attribute for user queries
#
# Generally use uid for most LDAP servers and sAMAccountName for MS Active
# Directory. In some situations the directory will use cn (commonName) to hold
# the users unique login name.
#
LDAP_USER_FILTER_ATTRIBUTE="uid"

[advanced]
# ADVANCED SECTION
# ~~~~~~~~~~~~~~~~

# The base path for Shibboleth and the IdP Installer configuration.
# Changing the base path MUST only occur here, do not attempt to change
# the base after the initial install.
INSTALL_BASE=/opt

# Select the local Firewall that will be running on your server. The default
# is firewalld which is the default for CentOS and RHEL 7. You can also select to
# not have the installer maintain your local firewall but this is NOT recommended.
# Relevant values are:
# firewalld (default)
# Adds ports 433 (https) and 8443 (IdP backchannel) ports to the
# firewalld config. All other configuration remains unchanged
# none.
# You are responsible for the maintenance of the servers firewall. No
# changes to the local firewall are made in this mode.
#
FIREWALL=firewalld

#

# The Shibboleth IdP can provide a back channel for Service Providers to
# communicate directly with the Identity Provider. This has been used for
# attribute release, transmission of messages via SAML Artifact and more recently
# for backchannel SLO. The AAF have identified that none of the use cases for
# the backchannel are relevant to operation within the AAF, and therefor
# recommend it no longer be enable be default. If it is required, for example
# for a standalone Attribute Authority service, then setting the following to true
# will enable configuration for the backchannel.
#
ENABLE_BACKCHANNEL=false

#

# Enable your IdP to participate in eduGAIN (https://aaf.edu.au/edugain/). Your
# organisation must be enable at the federation before being enabled to use
# eduGAIN services. Setting the following values to true will only technically
# enable your IdP. You MUST complete the steps described AAF eduGAIN web site in
# addition to making the technical changes.
#
ENABLE_EDUGAIN=false