Skip to content Skip to navigation

Systems Integration for Guest Accounts


Software Installation

Install shibboleth-sp package (this should be available from your Linux distribution or local package repository).

Certificate Management

Create self-signed certificates or obtain Comodo certificates and set them up as /etc/shibboleth/stanford.key and /etc/shibboleth/stanford.crt

Webserver Configuration

Configure shibboleth.xml:

  • add the WAYF SessionInitiator:

        <SessionInitiator isDefault="true" id="guestwayf" 
  • set the providerID (usually of the form


Send the following information to

  • providerid value from shibboleth.xml

  • load balanced name of the web service and name of all hosts that this will run on (e.g.,,

  • a list of attributes wanted from LDAP

Create Protected Directories

Configure protected Apache area. In an .htaccess file this looks like:

AuthType shibboleth
ShibRequireSession On
require valid-user
require entitlement ~ ^workgroup-name$
Last modified May 24, 2011