Shibboleth Key Links, Workshop Goals, Debugging Tips

    Key URLs Resources

    Goal 1: Get Native SP up for one host, one site

    1. spits out SP Metadata XML boilerplate.
    2. redirects you to login.
    3. reveals the attributes that are being sent from the IDP.
    4. The currently logged in user is exposed to your target language. For Apache, the REMOTE_USER environment variable will be set. For IIS, the HTTP_REMOTEUSER http header will be set. Use a dummy script a dummy script (like <?php phpinfo(); ?>) that shows all of the environment variables, http headers. etc and do an in-page search for <your_internet_id>.

    Goal 2: Get Native SP up for one host, multiple sites

    1. Tweak your shibboleth2.xml to add a new site. Restart Apache/IIS. Restart Shib Daemon/Windows Service
    2. Re-assemble your metadata and email it to
    3. Ensure each step works in Goal 1 for each site.
    Goal 3: Get Native SP up using 1 entity ID across multiple hosts and sites
    1. Copy your sp-key.pem and sp-cert.pem to the new host, ensure's X509Certificate has the same values on sites from either host
    2. Repeat everything in Goal 2 for the new host/site.

    Restart Shibboleth SP and Apache (OIT RHEL5 Virtual Machine)

    1. sudo su swadm
    2. sudo /sbin/service shibd restart
    3. sudo /sbin/service httpd restart

    Check syntax for shibboleth2.xml

    • /usr/sbin/shibd -tc /swadm/etc/shibboleth/shibboleth2.xml (OIT RHEL5 Virtual Machine)
    • FOR IIS shibd -console -check

    View shib logs (OIT RHEL5 Virtual Machine)

    • tail -f /swadm/etc/shibboleth/log/shibd.log (Very handy for debugging)