Installation Resources

Cantor, Scott cantor.2 at osu.edu
Fri Feb 10 13:27:43 EST 2017


On 2/10/17, 12:55 PM, "users on behalf of Fred Newtz (frnewtz)" <users-bounces at shibboleth.net on behalf of frnewtz at cisco.com> wrote:

> I have gone through multiple attempts now to get Shibboleth configured and working properly in our environment.  The
> installation is easy enough, it is obviously the configuration after the fact where you need a PhD in Shibboleth.

If you understand SAML and the systems you're connecting to thoroughly, and you have the necessary experience with Java server operation and Spring configuration, then I would be happy to respond to specific critiques that you think represent an assumption that one has a PhD in Shibboleth.

>  Does anyone have any suggestions on links to read over to help me understand the best way to go through the
> configuration to ensure that everything is working as it should. 

After initial install and status page testing, you go through each major piece and configure them, and then test and use the logs. I don't really know what else you're looking for because you aren't asking any specific questions.

> The link to the configuration page is nice, but it only lists out all of the configuration files and doesn’t really
> give an order of operations in the best way to go through the configuration and how to test each component to ensure it
> is working before moving on to the next component.

The software does not provide a mechanism for "partial" use, at least not generally. All of the critical components (basic setup, authentication, attribute fetch, attribute release) have to be working to end up with a meaningful outcome. If you want to decompose it, then you can probably either focus on authentication first, or attributes first. Authentication is mostly testable if you have an SP or mock up a link. Attributes are testable with the aacli command line tool to exercise basic operation. That's really it.

>  I can’t imagine there is not a single resource out there that I can use to get a working IdP installation with a valid LDAP
> configuration on the back end. 

You can't document a system by writing a single document that only hits 10% of it. That comes later, as a How-To or example, and it is a bonus.
 
-- Scott
 



More information about the users mailing list