Page History
...
/var/www/html ← Apache static content as set in, for instance, /etc/httpd/conf/httpd.conf
Configuration files to create from scratch or to import
Location on SP | Description | |
---|---|---|
key pair | /etc/shibboleth/sp-key.pem /etc/shibboleth/sp-cert.pem | Create a key pair; include the content of the public key certificate (sp-cert.pem) in sp-metadata.xml (see below), and the paths of the key and certificate as xml attributes of the <CredentialResolver> element of shibboleth2.xml (see below) (what if the private key is password protected?) |
idp-metadata.xml | /etc/shibboleth/idp-metadata.xml | A copy of your IdP's metadata. You'll need to ask the admin(s) of your idP for a copy of it. Rename it to idp-metadata.xml and put it in /etc/shibboleth |
...
- sso/apache/sp.conf-sample
- sso/apache/sp-metadata.xml-sample
- sso/shibboleth/attribute-map.xml-sample
- sso/shibboleth/shibboleth2.xml-sample
- sso/tomcat/server.xml-sample
- sso/shrine/shrine.conf-sample
- sso/shrine/override.conf-sample
Copy these files to the Location location on the SP (i.e. your server) indicated in the table below. Remove the "-sample
" from the file names.
...
Then search for the marker: 'ADJUST_FOR_YOUR_SITE' in each of these files for indications of what / where you need to edit them.
Location in Git Repo (under shrine-setup/src/main/resources) | Location on SP | Description |
---|---|---|
sso/apache/sp-metadata.xml-sample |
– as long as your Apache configuration sets | To be shared dynamically with your site's IdP (i.e. make it available at a given URL as a document at the document root and share that URL with your IdP's maintainers/admins); or omit from the SP's (i.e. your) web server, and instead share it securely with the IdP admins whenever it changes (if it does) In either case, populate the entityID, public key certificate, and consumer service location with yours. |
sso/shibboleth/shibboleth2.xml-sample | /etc/shibboleth/shibboleth2.xml | Populate the entityID attribute in Populate the entityID attribute in The |
sso/shibboleth/attribute-map.xml-sample | /etc/shibboleth/attribute-map.xml | Populates Populate the idP's attribute name for the user; to map to the attribute id "userId" |
sso/apache/sp.conf-sample | /etc/httpd/conf.d/sp.conf | Populate the |
sso/tomcat/server.xml-sample | /opt/shrine/tomcat/conf/server.xml | Populate Most likely the following 3 attributes are already populated, but if not then populate certificateKeyAlias and proxyName You will need to populate . Once done, Merge the contents of |
|
| Set Shrine configuration options for using SSO for login. Specify the logout URL ( Specify Shrine's session timeout in ms ( You should use either file and merge it into the existing |