Changes between Version 1 and Version 2 of GrouperUIInstall


Ignore:
Timestamp:
06/15/13 08:53:29 (11 years ago)
Author:
uaguest_SPatel1@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • GrouperUIInstall

    v1 v2  
    9797== Configure Shibboleth == 
    9898 
    99 1.  In the /etc/shibboleth/shibboleth2.xml file, set the entityID of the SP: 
     991.  Add the metadata for the UA IdP to a new file called /etc/shibboleth/alaska-metadata.xml.  It just needs to contain a single EntityDescriptor element for the UA IdP that can be copied from the InCommon metadata.  And then that simply needs to be wrapped around a EntitiesDescriptor element.  Note that I would have simply referenced the InCommon metadata from the SP, but grinnell doesn't have access to connect to the InCommon site to retrieve it.  Therefore, I created a local copy. 
     100 
     1012.  In the /etc/shibboleth/shibboleth2.xml file: 
     102 
     103a) Set the entityID of the SP.  And add "bannerid" to the front of the REMOTE_USER values.  This is done so that REMOTE_USER gets set as the authenticated users' BannerID, which then gets passed to Tomcat and available for the Grouper UI.  Authentication in the Grouper UI will work if REMOTE_USER is either the subject id (which is the case here) or a subject identifier. 
    100104 
    101105{{{ 
    102106    <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. --> 
    103107    <ApplicationDefaults entityID="https://grinnell.alaska.edu/shibboleth" 
     108                         REMOTE_USER="bannerid eppn persistent-id targeted-id"> 
    104109}}} 
     110 
     111 
     112b) Add the reference to the metadata file.  Replace the following: 
     113 
     114{{{ 
     115        <!-- Example of locally maintained metadata. --> 
     116        <!-- 
     117        <MetadataProvider type="XML" file="partner-metadata.xml"/> 
     118        --> 
     119}}} 
     120 
     121.. with this: 
     122 
     123{{{ 
     124        <MetadataProvider type="XML" file="alaska-metadata.xml"/> 
     125}}} 
     126 
     127 
     128c) Add the entityID of the IdP.  Replace the following: 
     129 
     130{{{ 
     131            <SSO entityID="https://idp.example.org/idp/shibboleth" 
     132                 discoveryProtocol="SAMLDS" discoveryURL="https://ds.example.org/DS/WAYF"> 
     133              SAML2 SAML1 
     134            </SSO> 
     135}}} 
     136 
     137.. with this: 
     138 
     139{{{ 
     140            <SSO entityID="urn:mace:incommon:alaska.edu" 
     141                 discoveryProtocol="SAMLDS" discoveryURL="https://ds.example.org/DS/WAYF"> 
     142              SAML2 SAML1 
     143            </SSO> 
     144}}} 
     145 
     146 
     1473.  In the /etc/shibboleth/attribute-map.xml file, add the mapping for the BannerID attribute. 
     148 
     149{{{ 
     150    <Attribute name="urn:mace:alaska.edu:attributes:bannerid" id="bannerid" /> 
     151}}} 
     152 
     153 
     1544.  Restart the SP: 
     155 
     156{{{ 
     157[root@grinnell shibboleth]# /etc/init.d/shibd restart 
     158Stopping shibd:                                            [  OK  ] 
     159Starting shibd: /sbin/restorecon:  Warning no default label for /var/run/shibboleth/shibd.pid 
     160                                                           [  OK  ] 
     161}}}