Difference between revisions of "Configure Shibboleth Idp"
From MyWiki
(Created page with "* use htpasswd generate a password file * add this into the Apache ssl.conf") |
|||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
* use htpasswd generate a password file | * use htpasswd generate a password file | ||
* add this into the Apache ssl.conf | * add this into the Apache ssl.conf | ||
| + | <source lang="text"> | ||
| + | <Location /idp/Authn/RemoteUser> | ||
| + | AuthType Basic | ||
| + | AuthName "Identity Provider Authentication" | ||
| + | AuthUserFile /opt/ssl/htpasswd | ||
| + | require valid-user | ||
| + | </Location> | ||
| + | </source> | ||
| + | Update /etc/tomcat6/server.xml<br> | ||
| + | <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false"/><br> | ||
| + | |||
| + | Alternatively, IdPAuthIP is also easy to configure. However, the document was very out of date when I read it. The code you should use is<br> | ||
| + | <source lang="text"> | ||
| + | <ph:LoginHandler xsi:type="ph:IPAddress" username="ip-user" | ||
| + | defaultDeny="true"> | ||
| + | <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol</ph:AuthenticationMethod> | ||
| + | <ph:IPEntry>192.168.0.0/16</ph:IPEntry> | ||
| + | </ph:LoginHandler> | ||
| + | </source> | ||
| + | Once you have EITHER of these two configured, you can go to the testshib.org to test against their shibboleth SP. Follow their instructions and it is very straightforward.<br> | ||
Latest revision as of 11:30, 10 October 2015
- use htpasswd generate a password file
- add this into the Apache ssl.conf
<Location /idp/Authn/RemoteUser>
AuthType Basic
AuthName "Identity Provider Authentication"
AuthUserFile /opt/ssl/htpasswd
require valid-user
</Location>Update /etc/tomcat6/server.xml
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false"/>
Alternatively, IdPAuthIP is also easy to configure. However, the document was very out of date when I read it. The code you should use is
<ph:LoginHandler xsi:type="ph:IPAddress" username="ip-user"
defaultDeny="true">
<ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol</ph:AuthenticationMethod>
<ph:IPEntry>192.168.0.0/16</ph:IPEntry>
</ph:LoginHandler>Once you have EITHER of these two configured, you can go to the testshib.org to test against their shibboleth SP. Follow their instructions and it is very straightforward.
