Page History
...
idP (Identity Provider): A web-based system that can authenticate a user on behalf of another system called SP (for Service Provider).
...
/etc/httpd/* ← Apache configuration files
/var/www/html ← Apache static content as set in, for instance, /etc/httpd/conf/httpd.conf
Quick Shibboleth Instructions for Adjusting Configuration
...
Filename | Location on SP | Notes |
---|---|---|
idp-metadata.xml | /etc/shibboleth/idp-metadata.xml | A copy of your IdP's metadata |
sp-metadata.xml | /var/www/html/sp-metadata.xml – if your Apache sets DocumentRoot to /var/www/html (for instance in /etc/httpd/conf/httpd.conf) | To be shared dynamically with your site's Shibboleth IdP (i.e. make it available at a given URL and share that URL with your idP's maintainers/admins) Or omit from the SP, and instead email it to the IdP admins |
attribute-map.xml | /etc/shibboleth/attribute-map.xml | Specifies the user-information that your IdP sends to the SP upon login |
sp.conf | /etc/httpd/conf.d/sp.conf | Tells Apache to require Shibboleth login for Shrine Urls (/shrine-api/*) . Tomcat should open port 8080 only to localhost, and should reside on the same host as your SP |
server.xml | Tomcat configuration | Among other things, tells Tomcat which port to listen to and with which protocol |
shibboleth2.xml | /etc/shibboleth/shibboleth2.xml | Specifies miscellaneous aspects of your SP |
shrineSP.conf shrine.conf | ||
key pair |
Each of these files needs to be adjusted to the particulars of your site, your requirements.
...
More-Detailed Discussion of Shibboleth, Apache, and Tomcat Configuration
Here we discuss key items in the various configuration files; not necessarily the items that need to be modified but those that deserve an explanation.
Apache Configuration
/etc/httpd/conf.d/sp.conf
...
REMOTE_USER: how REMOTE_USER will be populated. Note that "ecommonsid which is specific to HMS IT, comes first, so REMOTE_USER will be set to its value). Otherwise, the first attribute name that matches an attribute returned by the idP will be used.
...