fred at derf.nl
Fri Jan 20 16:30:38 GMT 2012
On Fri, Jan 20, 2012 at 5:19 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> That is not likely to be as simple as other options, it's a specialized
> idea. Probably the simplest option is REMOTE_USER with your web server
> using a simple user/pw file. Since that's not always easy with Java
> servers and Apache adds pieces, the next easiest (to me) is Kerberos,
> because installing a KDC just takes a couple of minutes, and the JAAS
> plugin for it is simple to use. LDAP for me is a nightmare to setup and
> use, but if you find it simple, than s/Kerberos/LDAP.
Thanks for your prompt reply - I will take that into account and look
at a Kerberos and/or LDAP options.
>>I have been reading through the Wiki but I figure out in which order
>>to do things as the Wiki is very comprehensive. Is there a basic guide
>>or book out there that can walk me through bootstrapping a Shibboleth
> There's testshib.org. Setting up each piece independently helps some
> people compared to trying to do both at once.
> If you read the wiki, then you should be able to understand the concepts
> being addressed in the testshib process such that connecting the result to
> each other is easier.
Excellent - I will look at testshib.org. Perhaps its better if I start
with an SP and then, later, move onto setting up an IdP.
> And I will add that you should NOT try and do the IdP and SP on one
> machine. It will confuse you and make the process less clear than using
I am using a couple of virtual machines so they are separated in that regard.
> The basis of an "infrastructure" in the broader sense is metadata. Beyond
> simple software setup, which is no harder or easier than most PKI-based
> SSO solutions, the real work is metadata management. Shibboleth pushes
> essentially all of its harder aspects to metadata. In return, you have to
> know that piece.
Indeed, I will be focussing on that as well.
More information about the users