Versions Compared

Old Version 1

changes.mady.by.user Hong Ye

Saved on

compared with

New Version 2

changes.mady.by.user Hong Ye

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

1. Ensure that the new server meets the system requirements for the Shibboleth service provider software.
2. Install the Shibboleth service provider software on the new server.

3. Copy the Shibboleth configuration files and any required certificates in the /etc/shibboleth directory from the old server to the new server.    configuration files: shibboleth2.xml attribute-map.xmlLog on to your old server. Go to shibboleth installation directory(/etc/shibboleth on Linux, c:\opt\shibboleth-sp on Windows). Verify the expiration day of the encryption certificate( signing certificate usually have the same expiration day as the encryption certificate so you only need to verify encryption)

    Open sp-encrypt-cert.pem in text editor, copy the content and paste it in online certificate decoder: https://www.sslshopper.com/certificate-decoder.html. It will tell you the expiration day.

4. Log on to your new server. Go to shibboleth installation directory. Copy the Shibboleth configuration files(shibboleth2.xml and attribute-map.xml) from the old server to the new server.

5. If the expiration day of the encryption certificate on your old server is still valid for a long time, copy them to the new server.

   Certificate files: sp-encrypt-cert.pem, sp-encrypt-key.pem, sp-signing-cert.pem, sp-signing-key.pem
5. Update any necessary configuration files to reflect the new server's hostname and IP address.
6

    Skip step 6.

6. If the encryption certificate on your old server is close to expire:

  • do NOT copy them to the new server. Use the newly generated certificates on the new server instead( encryption certificate and signing certificate are automatically generated during Shibboleth SP installation. If they are not generated, follow Shibboleth installation guide to generate them).
  • Open shibboleth2.xml, give the entityID a different value.
  • Get your SP's new metadata. Then submit your metadata from https://shibrequest.cit.cornell.edu

7. For testing update the hosts file on your own laptop to reflect your website's hostname and the new server's IP address. After you change the host file, your browser should send the request to your new server when you access the site.

    Example: 56.94.3.42 mysite.cit.cornell.edu
8. Test the new server to ensure that the Shibboleth service provider is functioning correctly.

...