1 | To setup perform the following steps: |
---|
2 | |
---|
3 | 1. create a directory, e.g. named "secure" in your webroot |
---|
4 | 2. copy the script to this directory |
---|
5 | 3. add the following snippet to your apache configuration: |
---|
6 | # NOTE: the location needs to match the directory name! |
---|
7 | <Location /secure> |
---|
8 | AuthType shibboleth |
---|
9 | ShibRequestSetting requireSession 1 |
---|
10 | ShibRequestSetting exportAssertion 1 |
---|
11 | require shibboleth |
---|
12 | |
---|
13 | Options +ExecCGI |
---|
14 | AddHandler cgi-script .pl |
---|
15 | DirectoryIndex shib_test.pl |
---|
16 | |
---|
17 | # Examples for customizing script |
---|
18 | # SetEnv SHIBTEST_ATTRIBUTES_REQUIRED "eduPersonPrincipalName:eppn eduPersonTargetedID:persistent_id" |
---|
19 | # SetEnv SHIBTEST_ATTRIBUTES_OPTIONAL "eduPersonScopedAffiliation:affiliation:eduPersonAffiliation cn displayName" |
---|
20 | |
---|
21 | # Uncomment the following, if you want to enable support for lazy session |
---|
22 | # instantiation |
---|
23 | # SetENV SHIBTEST_LAZY true |
---|
24 | |
---|
25 | # These are usually guessed correctly by the script, but you may need to |
---|
26 | # adjust them to match your local URIs for lazy session instantiation |
---|
27 | # SetEnv SHIBTEST_LOGIN_URI "https://sp.example.org/Shibboleth.sso/Login" |
---|
28 | # SetEnv SHIBTEST_LOGOUT_URI "https://sp.example.org/Shibboleth.sso/Logout" |
---|
29 | </Location> |
---|
30 | |
---|
31 | You can use SetEnv directives to customize the behavior of script. E.g., you |
---|
32 | can define aliases for an attribute by seperating them with a colon. |
---|
33 | |
---|
34 | If you want a dump of the raw SAML assertions, you need to install XML::Twig |
---|
35 | and configure the SP to export the assertions (see |
---|
36 | https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAssertionExport) |
---|