Shibboleth SP Setup (ubuntu)
...
This will make 2 files sp-key.pem and sp-cert.pem.
Apache uses its own cert/key that is defined in this file:
/etc/apache2/sites-available/default-ssl
Man Page for keygen:
http://manpages.ubuntu.com/manpages/karmic/man8/shib-keygen.8.html
Enable SSL:
Run these commands:
sudo a2enmod ssl
sudo a2ensite default-ssl
...
The shibboleth2.xml (/etc/shibboleth/shibbolethshibboleth2.xml) file needs very little editing. Change the entityID to your server address and begin testing there. It should be something like:
entityID=”https://sp2.lunaimaging.com”
...
You need to give the metadata created by the sp to the idp you are connecting to. To get the metadata from the sp:
https://sp2.lunaimaging.com/Shibboleth.sso/Metadata
(save this and hand off to idp)
...
Setting up to connect to an IDP (Identity Provider)
You will need to hand-off your metadata to the IDP (created here https://yourdomain.com/Shibboleth.sso/Metadata). the IDP will need to supply you with:
...
Luna - Attribute file:
Adjust the names of the attributes you are receiving from the IDP to match in this file.
/LUNA/tomcat/luna_apps/luna.war/WEB-INF/luna-servlet.xml
Shib Attribute file:
/etc/shibboleth/attribute-map.xml
Important commands:
/etc/init.d/shibd start/stop/restart
shibd -t (to test configuration)
...
/var/log/shibboleth/shibd_warn.log
Helpful Links
https://wiki.shibboleth.net/confluence/display/SHIB2/Installation
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPGettingStarted
...