Shibboleth setup.. So close but can use some help..
gboyce at cambridgesemantics.com
Fri Sep 23 19:21:47 BST 2011
Peter I agree in concept however what I needed was a step by step for a
simple installation of and idp and sp on the same box. I could not find that
in official documentation. Did I miss something?
I used version shibboleth-identityprovider-2.3.3
Looking at official documentation
1) Install went ok and I get an ok from
2) in relying-party.xml where the metadata is configured, I have Filesystem
Metadata Provider as referenced here
3) as referenced here
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass, I have
the ShibUserPassAuth configured correctly and it is authenticating to LDAP
4) for SP as referenced
<MetadataProvider type="XML" file="idp-metadata.xml"/>
And the entity id is the same as idp
for SP I get an xml output from /Shibboleth.sso/Status
5) https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAddIdP also
references a SessionInitiator which I don't see in shibboleth2.xml. And it's
not clear for my simple case what I need here.
I tried copying SessionInitiator (changing entity id ) from
example-shibboleth2.xml but that also made no difference.
The prior instructions I was following also refers to a RequestMap which I
don't see how or if I should configure.
Just in case(but it made no difference) I put in:
The example requires a session for documents in /secure on the
containing host with http and https on the default ports. Note that the name
and port in the <Host> elements MUST match Apache's ServerName and Port
directives or the IIS Site name in the <ISAPI> element above.
<Path name="secure" authType="shibboleth"
<!-- Example of a second vhost mapped to a different
I'm really stuck. Please help..
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On
Behalf Of Peter Schober
Sent: Friday, September 23, 2011 12:47 PM
To: users at shibboleth.net
Subject: Re: Shibboleth setup.. So close but can use some help..
* Garry Boyce <gboyce at cambridgesemantics.com> [2011-09-23 18:07]:
> I was following:
Then you installed a version of the IdP with a known security issue, cf.
Also some of the installation choices made in that blog post are rather
erractic, IMHO (installing the JVM and tomcat to /usr/local/src, creating a
symlink for the IdP's log files and later overwrite it by installing the SP
which owns that same directory, incorrect filesystem paths, etc.) and some
statements flat out wrong, but that's for the author to correct and keep up
to date, of course.
So generally it's advisable to use the official documentation maintained by
the project & community, and ask questions regarding anything that's
unclear, so that the documentation can be improved.
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net
More information about the users