Shibboleth setup.. So close but can use some help..

[Garry Boyce]

Peter I agree in concept however what I needed was a step by step for a
simple installation of and idp and sp on the same box. I could not find that
in official documentation. Did I miss something?

I used version shibboleth-identityprovider-2.3.3

Looking at official documentation

1) Install went ok and I get an ok from
https://csisupport.cambridgesemantics.com/idp/profile/Status

2) in relying-party.xml where the metadata is configured, I have Filesystem
Metadata Provider as referenced here
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPMetadataProvider

<metadata:MetadataProvider xsi:type="FilesystemMetadataProvider"
xmlns="urn:mace:shibboleth:2.0:metadata" id="SPMETADATA"
metadataFile="/opt/shibboleth-idp/metadata/sp-metadata.xml" />

3) as referenced here
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass, I have
the ShibUserPassAuth configured correctly and it is authenticating to LDAP

4) for SP as referenced
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAddIdP,  I
added

<MetadataProvider type="XML" file="idp-metadata.xml"/>

And the entity id is the same as idp

for SP I get an xml output  from /Shibboleth.sso/Status

5) https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAddIdP also
references a SessionInitiator which I don't see in shibboleth2.xml. And it's
not clear for my simple case what I need here. 

I tried copying SessionInitiator (changing entity id ) from
example-shibboleth2.xml but that also made no difference.

The prior instructions I was following also refers to a RequestMap which I
don't see how or if I should configure.

Just in case(but it made no difference) I put in:
    <RequestMapper type="Native">
        <RequestMap>
            <!--
            The example requires a session for documents in /secure on the
containing host with http and https on the default ports. Note that the name
and port in the <Host> elements MUST match Apache's ServerName and Port
directives or the IIS Site name in the <ISAPI> element above.
            -->
            <Host name="csisupport.cambridgesemantics.com">
                <Path name="secure" authType="shibboleth"
requireSession="true"/>
            </Host>
            <!-- Example of a second vhost mapped to a different
applicationId. -->
            <!--
oleth" requireSession="true"/>
            -->
        </RequestMap>
    </RequestMapper>


I'm really stuck. Please help..

-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On
Behalf Of Peter Schober
Sent: Friday, September 23, 2011 12:47 PM
To: users at shibboleth.net
Subject: Re: Shibboleth setup.. So close but can use some help..

Jfyi:

* Garry Boyce <gboyce at cambridgesemantics.com> [2011-09-23 18:07]:
> I was following:
> 
> http://csrdu.org/blog/2011/07/04/shibboleth-idp-sp-installation-config
> uration

Then you installed a version of the IdP with a known security issue, cf.
http://shibboleth.internet2.edu/secadv/secadv_20110725.txt

Also some of the installation choices made in that blog post are rather
erractic, IMHO (installing the JVM and tomcat to /usr/local/src, creating a
symlink for the IdP's log files and later overwrite it by installing the SP
which owns that same directory, incorrect filesystem paths, etc.) and some
statements flat out wrong, but that's for the author to correct and keep up
to date, of course.

So generally it's advisable to use the official documentation maintained by
the project & community, and ask questions regarding anything that's
unclear, so that the documentation can be improved.
-peter
--
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net