Instructions
- Software Installation
-
Install shibboleth-sp package (this should be available from your Linux distribution or local package repository).
- Certificate Management
-
Create self-signed certificates or obtain Comodo certificates and set them up as /etc/shibboleth/stanford.key and /etc/shibboleth/stanford.crt
- Webserver Configuration
-
Configure shibboleth.xml:
-
add the WAYF SessionInitiator:
<SessionInitiator isDefault="true" id="guestwayf" Location="/WAYF/Guest" Binding="urn:mace:shibboleth:sp:1.3:SessionInit" wayfURL="https://guestlogin.stanford.edu/wayf/index.php" wayfBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"/> -
set the providerID (usually of the form https://webservice.stanford.edu/)
-
- Registration
-
Send the following information to shibboleth-team@lists.stanford.edu:
-
providerid value from shibboleth.xml
-
load balanced name of the web service and name of all hosts that this will run on (e.g. webservice.stanford.edu, websrv1.stanford.edu, websrv2.stanford.edu)
-
a list of attributes wanted from LDAP
-
- Create Protected Directories
-
Configure protected Apache area. In an .htaccess file this looks like:
AuthType shibboleth ShibRequireSession On require valid-user require entitlement ~ ^workgroup-name$
