Difference between revisions of "Configure Shibboleth Idp"
From MyWiki
| Line 11: | Line 11: | ||
Update /etc/tomcat6/server.xml<br> | Update /etc/tomcat6/server.xml<br> | ||
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false"/><br> | <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false"/><br> | ||
| + | |||
Alternatively, IdPAuthIP is also easy to configure. However, the document was very out of date when I read it. The code you should use is<br> | Alternatively, IdPAuthIP is also easy to configure. However, the document was very out of date when I read it. The code you should use is<br> | ||
<source lang="text"> | <source lang="text"> | ||
Latest revision as of 11:30, 10 October 2015
- use htpasswd generate a password file
- add this into the Apache ssl.conf
<Location /idp/Authn/RemoteUser>
AuthType Basic
AuthName "Identity Provider Authentication"
AuthUserFile /opt/ssl/htpasswd
require valid-user
</Location>Update /etc/tomcat6/server.xml
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false"/>
Alternatively, IdPAuthIP is also easy to configure. However, the document was very out of date when I read it. The code you should use is
<ph:LoginHandler xsi:type="ph:IPAddress" username="ip-user"
defaultDeny="true">
<ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol</ph:AuthenticationMethod>
<ph:IPEntry>192.168.0.0/16</ph:IPEntry>
</ph:LoginHandler>Once you have EITHER of these two configured, you can go to the testshib.org to test against their shibboleth SP. Follow their instructions and it is very straightforward.
