Shibboleth SSO flow
èBoth Shibboleth SP (shibboleth-sp-2.3.1) and Shibboleth IDP (shibboleth-identityprovider-2.2.0-bin)on WIN M/C and local DB.
1) C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf
Listen 8443 https
UseCanonicalName on
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
ServerName servername-- for WIN check the mycomputer name and for Linux check /ect/host
#By siddhu for Shiboleth
Include C:/opt/shibboleth-sp/etc/shibboleth/apache22.config
#By siddhu for shibboleth
ProxyPass /idp/ ajp://localhost:8009/idp/
AuthType Basic
AuthName "My Identity Provider"
AuthUserFile C:/opt/shibboleth-idp/credentials/user.db
require valid-user
2) C:\apache-tomcat-5.5.28\conf\server.xml
enableLookups="false" redirectPort="8443" protocol="AJP/1.3" request.tomcatAuthentication="false" address="127.0.0.1"/>
3) C:\opt\shibboleth-idp\conf\relying-party.xml
defaultSigningCredentialRef="IdPCredential">
metadataURL="http://ipaddressofSP:8080/metadata/testshib-providers.xml"
backingFile="C:\opt\shibboleth-idp/metadata/local_testshib.xml">
4) C:\opt\shibboleth-sp\etc\shibboleth\shibboleth2.xml
5) C:\opt\shibboleth-idp\conf\handler.xml
-- Uncommented this line
jaasConfigurationLocation="file://C:\opt\shibboleth-idp/conf/login.config">
7) C:\opt\shibboleth-sp\var\run\shibboleth\local_testshib-two-idp-metadata.xml
8) New :Copy the certificate value from C:\opt\shibboleth-sp\var\run\shibboleth\local_testshib-two-idp-metadata.xml to
C:\opt\shibboleth-idp\credentials\idp.crt
8) Old : Copied the idp.cert value
C:\opt\shibboleth-idp\credentials\idp.crt
check the changes has came to C:\opt\shibboleth-idp\metadata\local_testshib.xml
9) Create a secure folder inside Apache Server and put your first page.
C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\secure
i.e. C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\secure\index.html
==For Log -- Check this
C:\Program Files\Apache Software Foundation\Apache2.2\logs\error.log
C:\opt\shibboleth-sp\var\log\shibboleth\native.log
C:\opt\shibboleth-idp\logs\idp-process.log
è Both Shibboleth SP (shibboleth-sp-2.3.1) and Shibboleth IDP (shibboleth-identityprovider-2.2.0-bin)on WIN M/C and LDAP DB.
1) C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf
Listen 8443 https
UseCanonicalName on
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
ServerName servername-- for WIN check the mycomputer name and for Linux check /ect/host
#By siddhu for Shiboleth
Include C:/opt/shibboleth-sp/etc/shibboleth/apache22.config
#By siddhu for shibboleth
ProxyPass /idp/ ajp://localhost:8009/idp/
AuthType Basic
AuthName "My Identity Provider"
AuthUserFile C:/opt/shibboleth-idp/credentials/user.db
require valid-user
2) C:\apache-tomcat-5.5.28\conf\server.xml
enableLookups="false" redirectPort="8443" protocol="AJP/1.3" request.tomcatAuthentication="false" address="127.0.0.1"/>
3) C:\opt\shibboleth-idp\conf\relying-party.xml
defaultSigningCredentialRef="IdPCredential">
metadataURL="http://ipaddressofSP:8080/metadata/testshib-providers.xml"
backingFile="C:\opt\shibboleth-idp/metadata/local_testshib.xml">
4) C:\opt\shibboleth-sp\etc\shibboleth\shibboleth2.xml
5) C:\opt\shibboleth-idp\conf\handler.xml
-- Uncommented this line
jaasConfigurationLocation="file://C:\opt\shibboleth-idp/conf/login.config">
6) C:\opt\shibboleth-sp\var\run\shibboleth\local_testshib-two-idp-metadata.xml
8) New :Copy the certificate value from C:\opt\shibboleth-sp\var\run\shibboleth\local_testshib-two-idp-metadata.xml to
C:\opt\shibboleth-idp\credentials\idp.crt
8) Old : Copied the idp.cert value
C:\opt\shibboleth-idp\credentials\idp.crt
check the changes has came to C:\opt\shibboleth-idp\metadata\local_testshib.xml
9) Create a secure folder inside Apache Server and put your first page.
C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\secure
i.e. C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\secure\index.html
==For Log -- Check this
C:\Program Files\Apache Software Foundation\Apache2.2\logs\error.log
C:\opt\shibboleth-sp\var\log\shibboleth\native.log
C:\opt\shibboleth-idp\logs\idp-process.log
=========For LDAP ==============
1) C:\opt\shibboleth-idp\conf\login.config
edu.vt.middleware.ldap.jaas.LdapLoginModule required
host="localhost"
port="10389"
base="ou=users"
userField="uid";
2) C:\opt\shibboleth-idp\conf\handler.xml - no chagne
3) C:\opt\shibboleth-idp\conf\logging.xml
4) C:\opt\shibboleth-idp\conf\relying-party.xml - no change
5) C:\opt\shibboleth-idp\conf\attribute-resolver.xml
ldapURL="ldap://localhost" baseDN="ou=system" principal="admin"
principalCredential="secret">
(uid=$requestContext.principalName)
]]>
6) C:\opt\shibboleth-sp\etc\shibboleth\shibboleth2.xml- no change
7) C:\apache-tomcat-5.5.28\webapps\idp\login.jsp - no need to change
8) C:\apache-tomcat-5.5.28\webapps\idp\WEB-INF\web.xml - no change
9) C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf
ProxyPass /idp/ ajp://localhost:8009/idp/
AuthType Basic
AuthName "My Identity Provider"
require valid-user
èShibboleth SP (shibboleth-sp-2.3.1) on Linux M/C and Shibboleth IDP (shibboleth-identityprovider-2.2.0-bin)on WIN M/C and LDAP DB.
==========Starting of Shibboleth Services
/sbin/service shibd start
=========Starting Apache Server
httpd -D SSL -k start
==File change made for Linux SP are
1) /etc/shibboleth/shibboleth2.xml
(a)
(b)
(c)
entityID="http://localhost/idp/shibboleth"
REMOTE_USER="eppn persistent-id targeted-id"
signing="false" encryption="false">
(d)
handlerURL="/Shibboleth.sso" handlerSSL="false"
exportLocation="http://localhost/Shibboleth.sso/GetAssertion" exportACL="127.0.0.1"
idpHistory="false" idpHistoryDays="7">
(e)
relayState="cookie" entityID="http://localhost/idp/shibboleth" acsIndex="1" template="/etc/shibboleth/bindingTemplate.html">
(f)
backingFilePath="local_testshib-two-idp-metadata.xml" reloadInterval="7200">
2) etc/httpd/conf/httpd.conf
#by siddhu for shibboleth
Listen 8443 https
UseCanonicalName on
ServerName servername-- for WIN check the mycomputer name and for Linux check /ect/host
#by siddhu for Shibboleth
Include /etc/shibboleth/apache22.config
#By siddhu for shibboleth
ProxyPass /idp/ ajp://localhost:8009/idp/
#ProxyPass /tomcat/ ajp://ipaddressofIDP:8080/idp/
AuthType Basic
AuthName "My Identity Provider"
require valid-user
===On IDP Side
1) c:\opt\shibboleth-idp\conf\relying-party.xml
Added metadata for SP
metadataURL="http://ipaddressofSP/Shibboleth.sso/Metadata"
backingFile="C:/opt/shibboleth-idp/metadata/local_testshib1.xml">
2) Change whole idp-metadata.xml inside c:\opt\shibboleth-idp\metadata\idp-metadata.xml
No comments:
Post a Comment