Versions Compared

Old Version 38

changes.mady.by.user Xavier Haurie

Saved on

compared with

New Version 39

changes.mady.by.user Xavier Haurie

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Copy these files to the Location on the SP (i.e. your server) indicated in the table below. Remove the "-sample" from the file names.


Then search for the marker: 'ADJUST_FOR_YOUR_SITE' in each of these files for indications of what / where you need to edit.

...

Location in Git Repo (under shrine-setup/src/main/resources)Location on SPDescription
sso/apache/sp-metadata.xml-sample

/var/www/html/sp-metadata.xml 

– as long as your Apache configuration sets DocumentRoot to /var/www/html (for instance in /etc/httpd/conf/httpd.conf) 

To be shared dynamically with your site's IdP (i.e. make it available at a given URL and share that URL with your IdP's maintainers/admins); or omit from the SP's web server, and instead share it securely with the IdP admins whenever it changes (if it does)

In either case, populate the entityID, public key certificate, and consumer service location with yours

sso/shibboleth/shibboleth2.xml-sample/etc/shibboleth/shibboleth2.xml

Populate the entityID attribute in<ApplicationDefaults> to match your entityID in sp-metadata.xml.

Populate the entityID attribute in <SSO> to match the idP's entityID in idp-metadata.xml

The <CredentialResolver> element specifies the private+public key to use for encryption and signing while communicating with the idP. If you put the keys in the location specified above, there is no need to modify this element. Otherwise edit this file to reflect the location of the keys. Private key should be in a "safe" location. what if it is password-protected?

sso/shibboleth/attribute-map.xml-sample/etc/shibboleth/attribute-map.xml Populates the idP's attribute name for the user; to map to the id "userId"
sso/apache/sp.conf-sample/etc/httpd/conf.d/sp.conf

Populate the ServerName and ProxyPass directives with your hostname.

sso/tomcat/server.xml-sample/opt/shrine/tomcat/conf/server.xml

Populate

certificateKeystoreFile, certificateKeystorePassword, certificateKeyAlias and proxyName.

Once done, Merge the contents  of server.xml-sample into the existing /opt/shrine/tomcat/conf/server.xml.

sso/shrine/shrine.conf-sample

or

sso/shrine/override.conf-sample

/opt/shrine/tomcat/lib/shrine.conf

or

/opt/shrine/tomcat/lib/override.conf

Set Shrine configuration options for using SSO for login.

Specify the logout URL.

Specify Shrine's session timeout in ms.

You should use either file and merge it into the existing shrine.conf or override.conf in /opt/shrine/tomcat/lib