Enter your [your_sp_entity_id]:
eg https://example.com/shibboleth
Code Block |
---|
|
<!-- By default, in-memory StorageService, ReplayCache, ArtifactMap, and SessionCache are used. See example-shibboleth2.xml for samples of explicitly configuring them. -->
<!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
<ApplicationDefaults entityID="[your_sp_entity_id]"
REMOTE_USER="mail"
cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:
!TLSv1:!TLSv1.1"
> |
Make sure handlerSSL="true" cookieProps="https" exist as follows:
Code Block |
---|
|
<Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
checkAddress="false" handlerSSL="true" cookieProps="https">
|
Enter your [vo_entity_id]:
eg https://proxy.eduteams.org/proxy
Code Block |
---|
|
<!--
Configures SSO for a default IdP. To properly allow for >1 IdP, remove
entityID property and adjust discoveryURL to point to discovery service.
You can also override entityID on /Login query string, or in RequestMap/htaccess.
-->
<SSO entityID="https://proxy.eduteams.org/proxy">
SAML2
</SSO> |
Enter [your_support_email_address]:
eg support@example.com
Code Block |
---|
|
<!--
Allows overriding of error template information/filenames. You can
also add your own attributes with values that can be plugged into the
templates, e.g., helpLocation below.
-->
<Errors supportContact="[your_support_email_address]"
helpLocation="/about.html"
styleSheet="/shibboleth-sp/main.css"/>
|
Add the filename of the local copy of the eduTEAMS proxy's metadata
Code Block |
---|
|
<!-- Example of locally maintained metadata. -->
<!--
<MetadataProvider type="XML" validate="true" path="partner-metadata.xml"/>
-->
<!-- Metadata for the eduTEAMS proxy -->
<MetadataProvider type="XML" validate="true" path="proxy.eduteams.org-frontend.xml" />
|
Now save a copy of the eduTEAMS proxy metadata to the file /etc/shibboleth/proxy.eduteams.org-frontend.xml
eg
wget "https://proxy.acc.eduteams.org/metadata/frontend.xml" -o /etc/shibboleth/proxy.eduteams.org-frontend.xml
Finally, set up the signing and encryption certificates.
Please note the filenames used for the signing and encryption certificates. See note in this document for help with these if required.
Code Block |
---|
|
<!-- Simple file-based resolvers for separate signing/encryption keys. -->
<CredentialResolver type="File" use="signing"
key="sp-key.pem" certificate="sp-cert.pem"/>
<CredentialResolver type="File" use="encryption"
key="sp-key.pem" certificate="sp-cert.pem"/>
|
You can use the command shib-keygen to create the signing and encryption pairs.
shib-keygen -h [your_sp_domain]
eg
shib-keygen -h example.com