Skip to end of metadata
Go to start of metadata

Prerequisite: Time synchronization

1. Install ntpd client on Ubuntu server.

sudo apt-get install ntp

2. change time servers.
edit /etc/ntp.conf file and add the time servers you want to use.

Reference: https://help.ubuntu.com/10.04/serverguide/NTP.html

Install Shibboleth

sudo apt-get install libapache2-mod-shib2

sudo a2enmod shib2

sudo a2enmod ssl

sudo /etc/init.d/apache2 restart

generate key and self-signed certificate

sudo shib-keygen -h <hostname>

The key file (sp-key.pem) and the certificate file (sp-cert.pem) will be created in /etc/shibboleth folder.

Configure Shibboleth

Edit /etc/shibboleth/shibboleth2.xml,

Set entityID to

https://js-drupal.oise.utoronto.ca/shibboleth2.xml

Set Session initiation to:

<SessionInitiator type="Chaining" Location="/Login" isDefault="true"  id="Intranet" 
            relayState="cookie" entityID="https://idp.utorauth.utoronto.ca/shibboleth">
      <SessionInitiator type="SAML2" acsIndex="1" template="bindingTemplate.html"/>
      <SessionInitiator type="Shib1" acsIndex="5"/>
</SessionInitiator>

Set Metadata to:

<!-- UofT Federation Metadata - served from www.utoronto.ca -->

<MetadataProvider type="XML" url="https://www.utoronto.ca/security/UToronto_SAML_Metadata.xml" backingFilePath="/etc/shibboleth/UToronto_SAML_Metadata.xml" reloadInterval="3600">
     <MetadataFilter type="RequireValidUntil" maxValidityInterval="5184000"/>
     <MetadataFilter type="Signature" verifyName="false" certificate="/etc/shibboleth/utorauth_metadata_verify.crt"/>
</MetadataProvider>

Download the Metadata verification certificate from

http://www.utoronto.ca/security/projects/utorauth_metadata_verify.crt

and save it to: /etc/shibboleth

Test configurations

sudo /usr/sbin/shibd -t

If you see "overall configuration is loadable, check console for non-fatal problems", it means the configurations are fine. Fix any reported errors. 

Start shibd

sudo /etc/init.d/shibd start

see "shibd warning: file permissions require running as root" message.

check with

service --status-all

found shied is running.

check with 

sudo shibd check

got the following error message:

listener failed to initialize

 

References:

https://wiki.cam.ac.uk/raven/Installing_SP2.x_under_Linux

http://dev.e-taxonomy.eu/trac/wiki/ShibbolethSP2InstallDebianLenny

http://www.utoronto.ca/security/projects/SP-install.htm

http://blogs.uw.edu/iweb/2011/11/30/setting-up-shibboleth-ubuntu-apache-drupal/

 

  • No labels