Skip to content Skip to navigation

Systems Integration for Guest Accounts

Instructions

Software Installation

Install shibboleth-sp package (this should be available from your Linux distribution or local package repository).

Certificate Management

Create self-signed certificates or obtain Comodo certificates and set them up as /etc/shibboleth/stanford.key and /etc/shibboleth/stanford.crt

Webserver Configuration

Configure shibboleth.xml:

  • add the WAYF SessionInitiator:

        <SessionInitiator isDefault="true" id="guestwayf" 
            Location="/WAYF/Guest" 
            Binding="urn:mace:shibboleth:sp:1.3:SessionInit"
            wayfURL="https://guestlogin.stanford.edu/wayf/index.php"
            wayfBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"/>
  • set the providerID (usually of the form https://webservice.stanford.edu/)

Registration

Send the following information to shibboleth-team@lists.stanford.edu:

  • providerid value from shibboleth.xml

  • load balanced name of the web service and name of all hosts that this will run on (e.g. webservice.stanford.edu, websrv1.stanford.edu, websrv2.stanford.edu)

  • a list of attributes wanted from LDAP

Create Protected Directories

Configure protected Apache area. In an .htaccess file this looks like:

AuthType shibboleth
ShibRequireSession On
require valid-user
require entitlement ~ ^workgroup-name$
Last modified May 24, 2011