Shibboleth Key Links, Workshop Goals, Debugging Tips
Key URLs Resources
Goal 1: Get Native SP up for one host, one site
- https://site.com/Shibboleth.sso/Metadata spits out SP Metadata XML boilerplate.
- https://site.com/Shibboleth.sso/Login redirects you to login.
- https://site.com/Shibboleth.sso/Session reveals the attributes that are being sent from the IDP.
- The currently logged in user is exposed to your target language.
For Apache, the REMOTE_USER environment variable will be set. For IIS, the HTTP_REMOTEUSER http header will be set.
Use a dummy script a dummy script (like <?php phpinfo(); ?>) that shows all of the environment variables, http headers. etc and do an in-page search for <your_internet_id>.
Goal 2: Get Native SP up for one host, multiple sites
- Tweak your shibboleth2.xml to add a new site. Restart Apache/IIS. Restart Shib Daemon/Windows Service
- Re-assemble your metadata and email it to email@example.com
- Ensure each step works in Goal 1 for each site.
Goal 3: Get Native SP up using 1 entity ID across multiple hosts and sites
- Copy your sp-key.pem and sp-cert.pem to the new host, ensure site.com/Shibboleth.sso/Metadata's X509Certificate has the same values on sites from either host
- Repeat everything in Goal 2 for the new host/site.
Restart Shibboleth SP and Apache (OIT RHEL5 Virtual Machine)
- sudo su swadm
- sudo /sbin/service shibd restart
- sudo /sbin/service httpd restart
Check syntax for shibboleth2.xml
- /usr/sbin/shibd -tc /swadm/etc/shibboleth/shibboleth2.xml (OIT RHEL5 Virtual Machine)
- FOR IIS shibd -console -check
View shib logs (OIT RHEL5 Virtual Machine)
- tail -f /swadm/etc/shibboleth/log/shibd.log (Very handy for debugging)