...
Panel | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
On a Linux server, the quickest way to get started is to use Touchstone's gen-shib2.sh script to generate an initial configuration from a template. Shibboleth 2.4+In the /etc/shibboleth directory (as root), download and run the gen-shib2.sh script from the Touchstone locker, e.g.:
gen-shib2.sh will use the wget utility, if available, to download the other files needed to configure the SP. If you do not have the wget utility on your system, you must download the following files from http://web.mit.edu/touchstone/config/shibboleth2-sp/ (or, if AFS is installed on your server, copy them from the Touchstone locker
Here is a sample typescript from running the procedure for a web server whose public name (the host name entered by users as the URL to access your application) is mywebapp.mit.edu, but is hosted on a machine named simulacrum.mit.edu:
Notes:
Shibboleth 2.3Download the following files from http://web.mit.edu/touchstone/config/shibboleth2-sp/2.3/ (or, if you have AFS, copy them from the Touchstone locker (
Then run the gen-shib2.sh script, and answer the prompts, to generate shibboleth2.xml. For example:
NotesNote that any changes to the shibboleth2.xml, attribute-map.xml, and attribute-policy.xml files will be detected automatically, i.e. without requiring a restart of shibd. Note: The gen-shib2.sh procedure described above is currently supported on Linux systems only; it should be portable to other UNIX-based systems with minimal effort. Please contact touchstone-support if you are using another operating system and having problems with the gen-shib2.sh script. The $prefix/etc/shibboleth directory will contain apache.config, apache2.config, and apache22.config, which contain needed and example directives for Apache 1.3, Apache 2.0, and Apache 2.2, respectively; copy and/or include the appropriate file in your Apache config, and customize as needed. The directory also contains a shibd init script for Red Hat (shibd-redhat) and Debian (shibd-debian) systems. The current Red Hat RPMs also install the init script into /etc/init.d/shibd, and adds it as a managed service. On Solaris machines, the gen-shib.sh script will generate a shibd init script (from shibd.in); this should be installed into /etc/init.d, and configured to start at boot time, after httpd has started. shibd is a daemon that must be running, so make sure it is started at boot time, after Apache httpd has been started. On Red Hat, the
On Windows/IIS machines, the shibboleth2.xml.windows-example file in the locker (for SP version 2.3) is a good starting point for the shibboleth2.xml file. You will need to edit the file for it to work on your server; please see the comments at the top of the file for the details. The attribute-map.xml file in the locker should work without modification. |
...