== [[https://iam.alaska.edu/shib|Shibboleth]] / Shibboleth SP Setup == This page documents installing a Shibboleth SP. UA Supported Configurations: * Apache or IIS on Windows * Apache on Linux * Shibboleth SP Version 2.4.2 N.B. 2014-05-08: RHEL - use /etc/shibboleth metagen.sh to generate the SP's metadata ! Installation: 1. Download and install the appropriate installers/packages. * Windows: (It is recommended to use the MSIs.) * [[http://www.shibboleth.net/downloads/service-provider/latest/win32/|Latest 32-bit Windows Installer Packages]] * [[http://www.shibboleth.net/downloads/service-provider/latest/win64/|Latest 64-bit Windows Installer Packages]] * Linux: (It is recommended to use a binary repo.) * [[http://download.opensuse.org/repositories/security://shibboleth/|Binary RPMs]] * [[http://www.shibboleth.net/downloads/service-provider/latest/SRPMS/|Source RPMs]] 2. Configure the SP 1. Remove and regen the SP keys. * Linux: {{{ [root@idmt-1 shibboleth]# pwd /etc/shibboleth [root@idmt-1 shibboleth]# rm -rf sp-key.pem sp-cert.pem [root@idmt-1 shibboleth]# ./keygen.sh Generating a 2048 bit RSA private key ...........................................................................................+++ .........................................................................................................................................................+++ writing new private key to 'sp-key.pem' ----- }}} * Windows: TBD 2. Download and setup the IdP's metadata. Check config for correct syntax. * Linux: {{{ [root@idmt-1 shibboleth]# wget https://idp.alaska.edu/idp-metadata.xml --2011-06-27 15:50:17-- https://idp.alaska.edu/idp-metadata.xml Resolving idp.alaska.edu... 137.229.114.38 Connecting to idp.alaska.edu|137.229.114.38|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 6973 (6.8K) [application/xml] Saving to: `idp-metadata.xml' 100%[===================================================================================================================================================================================================>] 6,973 --.-K/s in 0s 2011-06-27 15:50:17 (302 MB/s) - `idp-metadata.xml' saved [6973/6973] [root@idmt-1 shibboleth]# pwd /etc/shibboleth [root@idmt-1 shibboleth]# vi shibboleth2.xml --> SAML2 SAML1 SAML2 Local :wq! [root@idmt-1 shibboleth]# shibd -t overall configuration is loadable, check console for non-fatal problems }}} * Windows: TBD 3. Setup EntityID for SP. Note the entityID for the SP is _NOT_ a URL. It is a unique string that identifies your SP and is usually based off of the hostname of the system. It may also be a CNAME for the system. * Linux: {{{ [root@idmt-1 shibboleth]# hostname idmt-1.alaska.edu [root@idmt-1 shibboleth]# pwd /etc/shibboleth [root@idmt-1 shibboleth]# vi shibboleth2.xml