Versions Compared

Version Old Version 4 New Version 5
Changes made by

Warren Leung

Warren Leung

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Depending on how you integrate with Shibboleth, the steps for configuration will be different. If you are using the Shibboleth SP from Internet2, please see Step 2.

 

 

dfadfdsdsf

 

 

 

 

 

 

 

 

...

Typically home grown applications run the Shibboleth Service Provider. Most cloud vendors or SaaS solutions will implement the SAML protocol.  separately.

Note: Please only perform this in your application test environment and not in production. These changes will only work if your test application is already configured with UCI's IAM's team Shibboleth. Please complete a Shibboleth Configuration Request if you would like to register your test application.

Shibboleth SP

To determine if your application is running the Shibboleth SP, please performing the following:

Linux

  • Does the default install directory /etc/shibboleth exist?
  • Is the shibd process running?

If the answer is yes to both, please move own to Step 2. If not, please move to Step 3.

Windows

  • Does the default install directory C:\opt\shibboleth-sp\etc\shibboleth exist?
  • Does the Shibboleth SP appear in your Services Management Window?

If the answer is yes to both, please move own to Step 2. If not, please move to Step 3

Step 2: Configuring the Shibboleth SP 
Anchor
step2
step2

Download the Shibboleth Test Environment Metadata

Download the Shibboleth Test Metadata and place it in your shibboleth home directory (/etc/shibboleth or C:\opt\shibboleth-sp\etc\shibboleth).

Reference the metadata in your shibboleth2.xml.

In your shibboleth2.xml, which is located in your shibboleth home directory there should be a section that looks similar to the below.

 

Code Block
        <MetadataProvider type="XML" validate="true"
                    url="http://md.incommon.org/InCommon/InCommon-metadata-idp-only.xml"
              backingFilePath="InCommon-metadata-idp-only.xml" maxRefreshDelay="7200">
            <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
            <MetadataFilter type="Signature" certificate="inc-md-cert.pem" verifyBackup="false"/>
            <DiscoveryFilter type="Blacklist" matcher="EntityAttributes" trimTags="true"
              attributeName="http://macedir.org/entity-category"
              attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
              attributeValue="http://refeds.org/category/hide-from-discovery" />
        </MetadataProvider>

Comment the code block out and add the following and save your file

Code Block
        <MetadataProvider type="XML" validate="true" path="metadata.xml"/>

Restart Shibboleth

Restart your Shibboleth process

Test your application

Navigate to your test application and attempt to login. You should be at https://login2.uci.edu.

 

Step 3: Configuring your Cloud/SaaS product using

...

SAML 
Anchor
step3
step3

Please note sthat these steps are generic as all Cloud/SaaS solution configurations are slightly different.