Initial Shibboleth Development

Charlie Guo crguo at stanford.edu
Mon Sep 26 02:00:41 BST 2011 

Hi!

I'm currently developing an application for Stanford that's supposed to
interface with their Shibboleth authentication system. I've read most of the
getting started guides for Service Providers and I am currently following
the instructions posted here:
https://itservices.stanford.edu/service/shibboleth/sp/test-shib for setting
up my application, and I already have some questions/problems. If anybody
has answers for any of them, I would really appreciate it!

First, I didn't receive any security certs or keys back from testshib, and
Stanford's instructions note that I should have received them and stored
them in testshib.crt and testshib.key. Where can I find these, or do I not
need them?

Second, the application is running Django, and using mod_wsgi to route the
urls. Is there a resource that I should be Aliasing /Shibboleth.sso to? My
shib.conf file looks like this:

#
# Tell Apache to load the Shibboleth Metadata
#

Alias /Shibboleth.sso/Metadata "/etc/shibboleth/shibboleth2.xml"

#
# Load the Shibboleth module.
#
LoadModule mod_shib /usr/lib/shibboleth/mod_shib_22.so

#
# Used for example logo and style sheet in error templates.
#
<IfModule mod_alias.c>
  <Location /shibboleth-sp>
    Allow from all
  </Location>
  Alias /shibboleth-sp/main.css /usr/share/doc/shibboleth-2.4.3/main.css
  Alias /shibboleth-sp/logo.jpg /usr/share/doc/shibboleth-2.4.3/logo.jpg
</IfModule>

#
# Configure the module for content.
#
# You MUST enable AuthType shibboleth for the module to process
# any requests, and there MUST be a require command as well. To
# enable Shibboleth but not specify any session/access requirements
# use "require shibboleth".
#
<Location /stanford/shibboleth >
  AuthType shibboleth
  ShibRequireSession On
  ShibUseEnvironment On
  Require user
</Location>

<Location /secure>
  AuthType shibboleth
  ShibRequestSetting requireSession 1
  require valid-user
</Location>


Third, I'm running into an error message "Error Message: SAML 2 SSO profile
is not configured for relying party 'https://dev.classowl.com/shibboleth-sp'".
The TestShib portal was working previously but now has stopped working. I'm
not sure which file I changed to create the problem.

The whole setup is running on Amazon EC2, with RedHat.

Thanks!
Charlie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110925/32b41234/attachment.html

More information about the users mailing list