| 1 | To setup perform the following steps: |
|---|
| 2 | |
|---|
| 3 | 1. create a directory, e.g. named "secure" in your webroot |
|---|
| 4 | 2. copy the script to this directory |
|---|
| 5 | 3. add the following snippet to your apache configuration: |
|---|
| 6 | # NOTE: the location needs to match the directory name! |
|---|
| 7 | <Location /secure> |
|---|
| 8 | AuthType shibboleth |
|---|
| 9 | ShibRequestSetting requireSession 1 |
|---|
| 10 | ShibRequestSetting exportAssertion 1 |
|---|
| 11 | require shibboleth |
|---|
| 12 | |
|---|
| 13 | Options +ExecCGI |
|---|
| 14 | AddHandler cgi-script .pl |
|---|
| 15 | DirectoryIndex shib_test.pl |
|---|
| 16 | |
|---|
| 17 | # Examples for customizing script |
|---|
| 18 | # SetEnv SHIBTEST_ATTRIBUTES_REQUIRED "eduPersonPrincipalName:eppn eduPersonTargetedID:persistent_id" |
|---|
| 19 | # SetEnv SHIBTEST_ATTRIBUTES_OPTIONAL "eduPersonScopedAffiliation:affiliation:eduPersonAffiliation cn displayName" |
|---|
| 20 | |
|---|
| 21 | # Uncomment the following, if you want to enable support for lazy session |
|---|
| 22 | # instantiation |
|---|
| 23 | # SetENV SHIBTEST_LAZY true |
|---|
| 24 | |
|---|
| 25 | # These are usually guessed correctly by the script, but you may need to |
|---|
| 26 | # adjust them to match your local URIs for lazy session instantiation |
|---|
| 27 | # SetEnv SHIBTEST_LOGIN_URI "https://sp.example.org/Shibboleth.sso/Login" |
|---|
| 28 | # SetEnv SHIBTEST_LOGOUT_URI "https://sp.example.org/Shibboleth.sso/Logout" |
|---|
| 29 | </Location> |
|---|
| 30 | |
|---|
| 31 | You can use SetEnv directives to customize the behavior of script. E.g., you |
|---|
| 32 | can define aliases for an attribute by seperating them with a colon. |
|---|
| 33 | |
|---|
| 34 | If you want a dump of the raw SAML assertions, you need to install XML::Twig |
|---|
| 35 | and configure the SP to export the assertions (see |
|---|
| 36 | https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAssertionExport) |
|---|
