Changes between Version 3 and Version 4 of ParkingSpSetup


Ignore:
Timestamp:
12/07/11 13:54:04 (13 years ago)
Author:
jpmitchell@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ParkingSpSetup

    v3 v4  
    661. Install the Shibboleth SP using the defaults in the installer but noting the installation path. 
    771. Download the IdP metadata from the following URL and save into the etc directory in the Shibboleth SP installation path: [[br]] https://idp.alaska.edu/idp-metadata.xml 
    8 1. Open the idp-metadata.xml file and copy out the entityID of the IdP: 
     81. Open the idp-metadata.xml file and copy out the entityID of the IdP without the quotes: 
    99{{{ 
    10 <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" entityID="urn:mace:incommon:alaska.edu"> 
    11 <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol"> 
     10... 
     11<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
     12xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     13entityID="urn:mace:incommon:alaska.edu"> 
     14... 
    1215}}} 
    13  
     161. Open the shibboleth2.xml file in the etc directory of the Shibboleth SP installation and edit the ISAP tag, RequestMap tag, ApplicationDefaults tag, SSO tag, and MetadataProvider tag as follows and save the file. The site id comes from the value in the IIS control panel associated with the web site that is configure to work with the Shibboleth SP. The name and hostname should be the outwardly listening IIS interface that the web browser will be connecting to. The entityID in the ApplicationDefaults tag should looks something like: https://thefullhostname/shibboleth . The entityID in the SSO tag should be the entityID copied from the idp-metadata.xml file. The file name in the MetadataProvider should point to the idp-metadata.xml file saved in the etc directory of the Shibboleth SP installation. It should not include any directory components, just the filename. 
     17{{{ 
     18... 
     19        <ISAPI normalizeRequest="true" safeHeaderNames="true"> 
     20            <!-- 
     21            Maps IIS Instance ID values to the host scheme/name/port. The name is 
     22            required so that the proper <Host> in the request map above is found without 
     23            having to cover every possible DNS/IP combination the user might enter. 
     24            --> 
     25            <Site id="1" name="uafparktest.uaf.edu"/> 
     26            <!-- 
     27            When the port and scheme are omitted, the HTTP request's port and scheme are used. 
     28            If these are wrong because of virtualization, they can be explicitly set here to 
     29            ensure proper redirect generation. 
     30            --> 
     31            <!-- 
     32            <Site id="42" name="virtual.example.org" scheme="https" port="443"/> 
     33            --> 
     34        </ISAPI> 
     35... 
     36        <RequestMap> 
     37            <!-- 
     38            The example requires a session for documents in /secure on the containing host with http and 
     39            https on the default ports. Note that the name and port in the <Host> elements MUST match 
     40            Apache's ServerName and Port directives or the IIS Site name in the <ISAPI> element above. 
     41            --> 
     42            <Host name="uafparktest.uaf.edu" authType="shibboleth"/> 
     43            <!-- Example of a second vhost mapped to a different applicationId. --> 
     44            <!-- 
     45            <Host name="admin.example.org" applicationId="admin" authType="shibboleth" requireSession="true"/> 
     46            --> 
     47        </RequestMap> 
     48... 
     49    <ApplicationDefaults entityID="https://uafparktest.uaf.edu/shibboleth" 
     50                         REMOTE_USER="eppn persistent-id targeted-id"> 
     51... 
     52            <SSO entityID="urn:mace:incommon:alaska.edu" 
     53                 discoveryProtocol="SAMLDS" discoveryURL="https://ds.example.org/DS/WAYF"> 
     54              SAML2 SAML1 
     55            </SSO> 
     56... 
     57        <MetadataProvider type="XML" file="idp-metadata.xml"/> 
     58... 
     59}}}  
     601. Open the attribute-map.xml file in the etc directory of the Shibboleth SP installation. Add the following tag to the file and save it. 
     61{{{ 
     62... 
     63<Attribute name="urn:mace:alaska.edu:attributes:bannerid" id="bannerid"/> 
     64... 
     65}}} 
     661. Restart IIS and the shibd service. This step may require a reboot to finish the process on some installations. 
     671. Browse to the following URL and email the downloaded XML file to iam@alaska.edu. [[br]] https://thefullhostname/Shibboleth.sso/Metadata