Initial Shibboleth Development

Charlie Guo crguo at
Mon Sep 26 02:00:41 BST 2011


I'm currently developing an application for Stanford that's supposed to
interface with their Shibboleth authentication system. I've read most of the
getting started guides for Service Providers and I am currently following
the instructions posted here: for setting
up my application, and I already have some questions/problems. If anybody
has answers for any of them, I would really appreciate it!

First, I didn't receive any security certs or keys back from testshib, and
Stanford's instructions note that I should have received them and stored
them in testshib.crt and testshib.key. Where can I find these, or do I not
need them?

Second, the application is running Django, and using mod_wsgi to route the
urls. Is there a resource that I should be Aliasing /Shibboleth.sso to? My
shib.conf file looks like this:

# Tell Apache to load the Shibboleth Metadata

Alias /Shibboleth.sso/Metadata "/etc/shibboleth/shibboleth2.xml"

# Load the Shibboleth module.
LoadModule mod_shib /usr/lib/shibboleth/

# Used for example logo and style sheet in error templates.
<IfModule mod_alias.c>
  <Location /shibboleth-sp>
    Allow from all
  Alias /shibboleth-sp/main.css /usr/share/doc/shibboleth-2.4.3/main.css
  Alias /shibboleth-sp/logo.jpg /usr/share/doc/shibboleth-2.4.3/logo.jpg

# Configure the module for content.
# You MUST enable AuthType shibboleth for the module to process
# any requests, and there MUST be a require command as well. To
# enable Shibboleth but not specify any session/access requirements
# use "require shibboleth".
<Location /stanford/shibboleth >
  AuthType shibboleth
  ShibRequireSession On
  ShibUseEnvironment On
  Require user

<Location /secure>
  AuthType shibboleth
  ShibRequestSetting requireSession 1
  require valid-user

Third, I'm running into an error message "Error Message: SAML 2 SSO profile
is not configured for relying party ''".
The TestShib portal was working previously but now has stopped working. I'm
not sure which file I changed to create the problem.

The whole setup is running on Amazon EC2, with RedHat.

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list