materials

    Shibboleth Key Links, Workshop Goals, Debugging Tips

    Key URLs Resources

    Goal 1: Get Native SP up for one host, one site

    1. https://site.com/Shibboleth.sso/Metadata spits out SP Metadata XML boilerplate.
    2. https://site.com/Shibboleth.sso/Login redirects you to login.
    3. https://site.com/Shibboleth.sso/Session reveals the attributes that are being sent from the IDP.
    4. The currently logged in user is exposed to your target language. For Apache, the REMOTE_USER environment variable will be set. For IIS, the HTTP_REMOTEUSER http header will be set. Use a dummy script a dummy script (like <?php phpinfo(); ?>) that shows all of the environment variables, http headers. etc and do an in-page search for <your_internet_id>.

    Goal 2: Get Native SP up for one host, multiple sites

    1. Tweak your shibboleth2.xml to add a new site. Restart Apache/IIS. Restart Shib Daemon/Windows Service
    2. Re-assemble your metadata and email it to idm@umn.edu
    3. Ensure each step works in Goal 1 for each site.
    Goal 3: Get Native SP up using 1 entity ID across multiple hosts and sites
    1. Copy your sp-key.pem and sp-cert.pem to the new host, ensure site.com/Shibboleth.sso/Metadata's X509Certificate has the same values on sites from either host
    2. Repeat everything in Goal 2 for the new host/site.

    Restart Shibboleth SP and Apache (OIT RHEL5 Virtual Machine)

    1. sudo su swadm
    2. sudo /sbin/service shibd restart
    3. sudo /sbin/service httpd restart

    Check syntax for shibboleth2.xml

    • /usr/sbin/shibd -tc /swadm/etc/shibboleth/shibboleth2.xml (OIT RHEL5 Virtual Machine)
    • FOR IIS shibd -console -check

    View shib logs (OIT RHEL5 Virtual Machine)

    • tail -f /swadm/etc/shibboleth/log/shibd.log (Very handy for debugging)


    Comments