Skip to content

Setting up Authentication

Jump to bottom Edit New page
Adel Qalieh edited this page Apr 14, 2017 · 4 revisions

Authentication for the PennMobile server uses Shibboleth, a federated identity platform. The setup for this is quite convoluted, so bear with the install directions.

Requesting

Email [email protected] to request integration with PennKey SSO. You should provide the URL and they will guide you through the process.

Setup

$URL=https://api.pennlabs.org
  1. Install Shibboleth and apache
sudo apt-get install apache2 libapache2-mod-shib2
  1. Check Metadata service to verify installation
wget $URL/Shibboleth.sso/Metadata
  1. Edit /etc/shibboleth/shibboleth2.xml 
<ApplicationDefaults entityID="$URL/shibboleth"
<SSO entityID="https://idp.pennkey.upenn.edu/idp/shibboleth"
<MetaDataProvider <!-- uncomment this -->
  1. Download metadata.xml 
wget -O metadata.xml https://idp.pennkey.upenn.edu/md/saml2-idp.pennkey.upenn.edu-metadata.xml
  1. Test on CGI using Perl

/etc/apache/apache2.conf

<Location /secure>
        Options +ExecCGI
        AddHandler cgi-script .cgi
        AuthType shibboleth
        ShibRequestSetting requireSession 1
        ShibRequestSetting exportAssertion 1
        require valid-user
</Location>

/var/www/html/secure/index.cgi

#!/usr/bin/perl

print "Content-type: text/plain; charset=utf-8\n\n";

for $key (sort keys %ENV) {
  print qq($key="$ENV{$key}"\n);
}
  1. Proxying?
Add a custom footer
Add a custom sidebar
Clone this wiki locally