Versions Compared

Old Version 75

changes.mady.by.user Robert A Basch

Saved on

compared with

New Version 76

changes.mady.by.user Robert A Basch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
Info

Until the MIT Identity Providers know about your application, they won't release information about an authenticated user to your server. Each Touchstone enabled application running on a server needs to be registered with the IdPs, by our adding it to metadata.

Tip

To register your application server with the MIT IdPs send mail to touchstone-support with the following information:

  • A contact email address. We strongly recommend that this be an email list rather than an individual's personal email address. Note that this address will be published in the MIT metadata file.
  • The web server host name, i.e. the host name that a user would specify when entering the URL to access your site. This should be the same as the Subject CN in your server's SSL certificate, and match the host name entered in response to gen-shib2's initial prompt. This name will be used to create a unique Entity ID by which the IdPs will identify your SP; by convention, this ID is the URI https://mywebapp.mit.edu/shibboleth. (For more information on entity ID naming, please see EntityNaming at the Internet2 wiki site). If you have multiple applications installed on the same machine, served by different host names (e.g. using different Apache vhosts), you will also need to provide each application's host name, as Shibboleth endpoints on each host must be registered in metadata. In some cases, different applications will require the use of separate entity IDs; please see below.
  • The certificate information for the SP. If using This should be the self-signed certificate generated at install time , you must include the certificate itself (in /etc/shibboleth/sp-cert.pem); do not send the private key file. If using the MIT server SSL certificate, we only need the Subject CN from the certificate (should be the same as the web server host name above).
  • Organization name. This is typically the name of the MIT department, lab, or center running the application.
  • Organization URL. The URL that provides some basic information about your department, lab, or center.

We also encourage you to send the following optional information with your registration information:

  • The application URL. The actual URL which will be used to access your application.
  • Your server machine's host name(s), if different from the web server host name.
  • Your server platform. (RHEL 4, RHEL 5, Windows, Debian, Solaris, ...)

A single Shibboleth SP installation is designed to support multiple applications installed on that server, but there are different deployment and configuration strategies to support multiple applications. At MIT we recommend that each application simply be configured to use a separate Apache vhost; more complex configurations, e.g. creating separate entity IDs for each application, are also possible. For more information, please see:

An example of when separate entity IDs are needed would be if one application requires a non-standard set of attributes to be released to it. Please consult with touchstone-support as needed.

...