-
Notifications
You must be signed in to change notification settings - Fork 0
SSO
Cady Baltz edited this page May 2, 2023
·
2 revisions
- Run
sudo yum install shibbolethon Linux- This is already done our server
- Our server also required the following change for it to run:
sudo setenforce 0- Necessary after every server reboot
- Useful resource for installing Shibboleth on Apache:
cd /etc/shibboleth- To generate public/private key pair, run
keygen.sh- This is already done in our server, see the files sp-cert.pem and sp-key.pem
- Modify
shibboleth2.xmlfor all configuration changes- Currently, we are configured to point to the UTD test IDP here: https://idptest.utdallas.edu/idp/shibboleth
- Currently, our SP's entity ID is configured as: csa-4485-02.utdallas.edu
- After modifying this file, you must run:
-
./metagen.sh -c sp-cert.pem -h csa-4485-02.utdallas.edu -e csa-4485-02.utdallas.edu > metadata.xmlto update yourmetadata.xmlfile
-
- Modify
attribute-map.xmlto change which attributes are extracted from Shibboleth- Currently, we have approval for
givenName(user's first name),sn(user's last name), andmail(user's email)
- Currently, we have approval for
- Useful resource for how to setup configuration files properly:
- When you make any configuration changes, you must run:
sudo systemctl restart httpdsudo systemctl start shibd
- Verify shibd status:
sudo systemctl status shibd - View the shibd logs:
/var/log/shibboleth/shibd.log
NOTE: Shibboleth requires https and requests must come from the same host
-
https://csa-4485-02.utdallas.edu/Shibboleth.sso/Login
- This is the link your application should redirect to for login
-
https://csa-4485-02.utdallas.edu/Shibboleth.sso/Logout
- This is the link your application should redirect to for logout
-
https://csa-4485-02.utdallas.edu/Shibboleth.sso/Session
- This is the link that contains the current session information, based on cookies (e.g. the current user's attributes)
Date - 04/2023