Beginners guide.

[Cantor, Scott]

On 1/20/12 10:54 AM, "Friedrich Clausen" <fred at derf.nl> wrote:

>Hi All,
>
>I understand the concepts behind Shibboleth but I am having trouble
>getting to grips setting up a test environment in which to test things
>further. I would like to setup a test environment containing 1) an IdP
>and 2) a SP. The SP can be authenticated with something simple such as
>IP based authentication.

That is not likely to be as simple as other options, it's a specialized
idea. Probably the simplest option is REMOTE_USER with your web server
using a simple user/pw file. Since that's not always easy with Java
servers and Apache adds pieces, the next easiest (to me) is Kerberos,
because installing a KDC just takes a couple of minutes, and the JAAS
plugin for it is simple to use. LDAP for me is a nightmare to setup and
use, but if you find it simple, than s/Kerberos/LDAP.

>I have been reading through the Wiki but I figure out in which order
>to do things as the Wiki is very comprehensive. Is there a basic guide
>or book out there that can walk me through bootstrapping a Shibboleth
>infrastructure?

There's testshib.org. Setting up each piece independently helps some
people compared to trying to do both at once.

If you read the wiki, then you should be able to understand the concepts
being addressed in the testshib process such that connecting the result to
each other is easier.

And I will add that you should NOT try and do the IdP and SP on one
machine. It will confuse you and make the process less clear than using
two.

The basis of an "infrastructure" in the broader sense is metadata. Beyond
simple software setup, which is no harder or easier than most PKI-based
SSO solutions, the real work is metadata management. Shibboleth pushes
essentially all of its harder aspects to metadata. In return, you have to
know that piece.

-- Scott