Configure Shibboleth Idp

From MyWiki
Jump to: navigation, search
  • use htpasswd generate a password file
  • add this into the Apache ssl.conf 
<Location /idp/Authn/RemoteUser>
    AuthType Basic
    AuthName "Identity Provider Authentication"
    AuthUserFile /opt/ssl/htpasswd
    require valid-user
</Location>

Update /etc/tomcat6/server.xml
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false"/>

Alternatively, IdPAuthIP is also easy to configure. However, the document was very out of date when I read it. The code you should use is

    <ph:LoginHandler xsi:type="ph:IPAddress" username="ip-user"
        defaultDeny="true">
        <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol</ph:AuthenticationMethod>
         <ph:IPEntry>192.168.0.0/16</ph:IPEntry>
    </ph:LoginHandler>

Once you have EITHER of these two configured, you can go to the testshib.org to test against their shibboleth SP. Follow their instructions and it is very straightforward.

Retrieved from "https://wiki.twig.es/index.php?title=Configure_Shibboleth_Idp&oldid=2643"