Page History
The following instructions are meant to get you going as quickly as possible. If you want a better understanding of what's going on, go to the next "More Details" sections of this document.
Configuration Directories
In summary, the folders directories containing configuration files which need to be modified are:
/opt/shrine/tomcat
← Tomcat home/conf/
← Tomcat configuration files
/opt/shrine/tomcat/lib/
← Shrine config files
/etc/shibboleth
← /
← Shibboleth configuration files
/etc/httpd/**
← Apache configuration files
/var/www/html/
← Apache static content as set in, for instance, /etc/httpd/conf/httpd.conf
Configuration files to create from scratch or to import
Location on SP | Description | |
---|---|---|
key pair |
| Create If the Shibboleth installer has not already done so, create a key pair; include the content of the public key certificate ( To create a key pair, use You don't need to create separate key pairs for signing and for encryption. |
idp-metadata.xml | /etc/shibboleth/idp-metadata.xml | A copy of your IdPidP's metadata. You'll need to ask the admin(s) of your idP for a copy of it, most likely over a secure channel. Rename it to idp-metadata.xml and put it in /etc/shibboleth |
Configuration files based on samples in Git
Sample configuration files can be found in the Git repository (nightly shrine-setup zip file located at https://repo.open.catalyst.harvard.edu/stash/scm/nexus/content/groups/public/net/shrine/shrine.git, "sso-phase1.1" branch – update later) in the shrine-setup module, specifically at shrine-setup/src/main/resources/sso:-setup/4.0.0/shrine-setup-4.0.0-dist.zip
sso/apache/sp.conf-sample
sso/apache/sp-metadata.xml-sample
sso/shibboleth/attribute-map.xml-sample
sso/shibboleth/shibboleth2.xml-sample
sso/tomcat/server.xml-sample
sso/shrine/shrine.conf-sample
sso/shrine/override.conf-sample
Copy these files to the Location location on the SP (i.e. your server) indicated in the table below. Remove the "-sample
" from the file names. Overwrite the existing config files.
Then search for the marker: 'ADJUST_FOR_YOUR_SITE
' in each of these files for indications of what / where you need to edit them.
Location in Git Repo (under shrine-setup/src/main/resources)zip file | Location on SP | Description |
---|---|---|
sso/apache/sp-metadata.xml-sample |
– as long as your Apache configuration sets | To be shared dynamically with your site's IdP (i.e. make it available at a given URL as a document at the document root and share that URL with your IdP's maintainers/admins); or omit from the SP's (i.e. your) web server, and instead share it securely with the IdP admins whenever it changes (if it does) In either case, populate the entityID, public key certificate, and consumer service location with yours. |
sso/shibboleth/shibboleth2.xml-sample | /etc/shibboleth/shibboleth2.xml | Specifies many aspects of your SP. Populate the entityID attribute in Populate the entityID attribute in Populate the The The private key should be stored in a "safe" location. what if If it is password-protected?, that should be reflected in the |
sso/shibboleth/attribute-map.xml-sample | /etc/shibboleth/attribute-map.xml | Set Populate the idP's attribute name for the user id attribute name; to be mapped to the attribute id "userId" |
sso/apache/sp.conf-sample | /etc/httpd/conf.d/sp.conf | Populate the |
sso/tomcat/server.xml-sample | /opt/shrine/tomcat/conf/server.xml | Populate Most likely the following 3 attributes of You will need to populate Once done, Merge the contents of |
|
| Set Shrine configuration options for using SSO for log in.login/logout. In
You should use either file and merge it into the existing |
Next Steps:
Fast forward to SHRINE 4.0.0 Appendix A.8 - Starting and Stopping the Software
or
Read the "More Details" pages that follow, starting with SHRINE 4.0.0 Appendix A.3 - More Details : Shibboleth Configuration