Versions Compared

Old Version 12

changes.mady.by.user Robert A Basch

Saved on

compared with

New Version Current

changes.mady.by.user Paul B Hill

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

As in the Webauth test, this setup currently uses certificates signed by my own test CA, not MIT (or self-signed) certificates, so you will get warnings about this when you visit this site.

Other tests, can be found at http://posteverything.mit.edu/test.html. Note that this a developers test environment and does not use the pilot or produciton IdPs and it may not always be running.

A test application has also been created for the current pilot system and it will be in place when the project reaches its fully operational phase. This test application may be used by the Help Desk and other people to determine if the system is running correctly at any given point in time. It can be found at:

    http://touchstone-tester.mit.edu/

Server Configuration

This describes the server configuration performed for the test environment login and application servers, not including building and installing the relevant packages' software. 

...

WebAuth Application Server

...

Add the following to $APACHE_ROOT/conf/httpd.conf (see INSTALL in the WebAuth source tree, and the mod_webauth manual, for more information):

...

No Format
ScriptAlias /shib-testenv "/var/www/cgi-bin/testenv.cgi"
<Location /shib-testenv>
  AuthType shibboleth
  ShibRequireSession On
  ShibRedirectToSSL 443
  require valid-user
</Location>

...

but changed things to use the server certificates signed by my test CA, instead of using self-signed certs.

 The The partner metadata file is here.  Besides the host/domain names, the significant difference between this and the file resulting from following the wiki instructions is that the test CA certificate is embedded, instead of the IdP cert itself.

...

I modified the distributed AAP.xml to add a Header value for eduPersonNickname, and uncommented the sections defining the eduPerson and common LDAP attributes. 

To test against a second IdP (e.g. ProtectNetwork), add a SessionInitiator element for it in shibboleth.xml and add a ShibRequireSessionWith directive to the appropriate Location block in the Apache configuration, e.g.:

No Format

ShibRequireSessionWith ProtectNetwork