问题
I have a simple web application. I want to set Shibboleth native SP in front of my web app so that it issues/asserts SAML related things and forwards request to my web app. Is there a complete tutorial how to achieve that?
回答1:
Use testshib to test your app, it gives too much ease.
Follow the steps
- download and instal sp on your machine
- include shibboleth's configuration into your apache 2.1. into httpd.conf file add include "PATH/opt/path/etc/apache22"(if version is apache2.2, otherwise appropriate)
- in apache22.config file add the location you want to secure - it would be /secure bydefault
- in your shibboleth2.xml file (in etc folder) put your entity id(application defaults element), ex https://mywebsite.com/shibboleth - this can be anything, not neccessary a real path
- put entity id of your idp in sso element, in case of testshib it would be https://idp.testshib.org/idp/shibboleth
- in the metadata provider put idp's metadata uri to your idp's metadata urn, incase testshib it would be http://www.testshib.org/metadata/testshib-providers.xml
- Download your metadata from https://mywebsitehost.com/Shibboleth.sso/Metadata - here mywebsitehost would be a real host and rest path will be automatically configured by shibboleth - this path will download your sp's metadata file
- Upload your metadata file to testshib via register
You are ready to go. Go to https://mywebsitehost.com/secure and you should be redirected to idp to authenticate.
NOTE: Make sure you have a domain name configured with ssl(https)
来源:https://stackoverflow.com/questions/21282863/configure-shibboleth-native-service-provider-and-apache