Changes between Version 7 and Version 8 of ServiceProviderFederation/Archive/SP configuration guide
- Timestamp:
- 07/24/14 11:41:57 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
ServiceProviderFederation/Archive/SP configuration guide
v7 v8 1 1 = Disclaimer = 2 2 3 This documentation is provided as-is, should be read and executed carefully and you should know at all time what you are doing. In case of doubt, don’t follow the steps in this documentation and make your own, more appropriate, assumptions. In case you have further questions send them to Clarind-devel@mailman.sfs.uni-tuebingen.de.3 This documentation is provided as-is, should be read and executed carefully and you should know at all time what you are doing. In case of doubt, don’t follow the steps in this documentation and make your own, more appropriate, assumptions. In case you have further questions send them to clarind-devel@mailman.sfs.uni-tuebingen.de. 4 4 5 5 = Sources to read = 6 6 This document does not have as much priority for regular revision as the following documents. Please consult them and do not fully rely on the details in this document. 7 7 * Up-to-date information about the CLARIN Service Provider Federation (SPF): [https://www.clarin.eu/spf] 8 * Up-to-date information about the CLARIN IdP:[https://www.clarin.eu/content/clarin-identity-provider]8 * Up-to-date information about the CLARIN-IDP [https://www.clarin.eu/content/clarin-identity-provider] 9 9 * Generate the metadata and additional information: [https://wiki.shibboleth.net/confluence/display/SHIB2/MetadataForSP] 10 * ApplicationDefaults tag and attributes: [https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplication]10 * !ApplicationDefaults tag and attributes: [https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplication] 11 11 * SSO tag and attributes: [https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPServiceSSO] 12 * MetadataProvider tag [https://wiki.shibboleth.net/confluence/display/SHIB2/IdPMetadataProvider]12 * !MetadataProvider tag [https://wiki.shibboleth.net/confluence/display/SHIB2/IdPMetadataProvider] 13 13 * Documentation of the DFN: [https://www.aai.dfn.de/dokumentation/service-provider/konfiguration/] 14 14 … … 22 22 23 23 ==== attribute-map.xml ==== 24 25 Edit attribute-map.xml in /etc/shibboleth/. Uncomment or add the following lines: 26 27 24 Edit the file `attribute-map.xml` (usually located in the directory `/etc/shibboleth`) and uncomment or add the following lines: 28 25 {{{#!xml 29 26 <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName" id="eppn"> … … 37 34 38 35 ==== shibboleth2.xml ==== 39 40 Edit shibboleth2.xml in /etc/shibboleth/: 41 * Add an !ApplicationDefaults entry containing your entityID (a randomly chosen string, mostly in the format of an URL letting you make some assumptions about who runs the SP): 42 36 Edit `shibboleth2.xml` (usually located in the directory `/etc/shibboleth`): 37 * Add an `<ApplicationDefaults>` entry containing your `entityID`. The `entityID` is a randomly chosen string in URL-format identifying your SP (and letting other people make some assumptions about who runs the SP): 43 38 {{{#!xml 44 39 <ApplicationDefaults entityID="https://sp.phonetik.uni-muenchen.de" … … 46 41 }}} 47 42 48 * Add an SSO entry to the Session section with the entityID of the clarin IDP and the link to the discovery service: 49 43 * Add an `<SSO>` entry to the Session section with the entityID of the CLARIN-IDP and the link to the discovery service: 50 44 {{{#!xml 51 45 <SSO entityID="https://idp.clarin.eu" discoveryProtocol="SAMLDS" … … 54 48 </SSO> 55 49 }}} 56 57 50 58 51 * Edit the errors section to let the user know who he or she may contact on error: … … 63 56 }}} 64 57 65 66 * Add or edit the !MetadataProvider to the !ApplicationDefaults section: 58 * Add or edit the `<MetadataProvider>` to the `<ApplicationDefaults>` section: 67 59 {{{#!xml 68 60 <MetadataProvider type="Chaining"> … … 78 70 79 71 ==== httpd.conf ==== 80 81 Edit the httpd.conf in /etc/apache2/: 82 * Add “AuthType shibboleth” and “ShibRequireSession On” so an Directory entry could look like this 72 Edit the `httpd.conf` (usually located in the dircetory `/etc/apache2`): 73 * Add `AuthType shibboleth` and `ShibRequireSession On` so an `Directory` entry. It could look like this: 83 74 {{{#!xml 84 75 <Directory /srv/www/htdocs> … … 88 79 </Directory> 89 80 }}} 81 82 90 83 ==== Shibboleth and Apache restart ==== 91 92 84 After editing the three aforementioned files, remember to restart the Shibboleth daemon and the apache server for the changes to take effect. 93 85