...
Install the MS Visual C++ re-distributable libraries. You need to restart the server after the installation.
These links may break at some point, but for now the 32-bit and 64-bit run times can be found at:
The top-level link to find them is https://visualstudio.microsoft.com/downloads/ via Other Tools.
Run Shibboleth SP Windows installer
2.1 Download the latest version of the Windows installer package from the Shibboleth download site at https://shibboleth.net/downloads/service-provider/latest/. Select either the win32/ or win64/ directory as appropriate to your 32-bit or 64-bit system. Then download .msi file.
2.2 Run the installer package. It is recommended that you accept all defaults, as follows:
- Accept the license agreement
- Install to C:\opt\shibboleth-sp ( this is the default location. You may change it to other location.)
- Make sure Configure IIS7 module is checked
- Click Next, then Install, then Finish
- Click Yes to restart your system
Verify installation
On the Administrative Tools menu, click Services. Find Shibboleth Daemon in the list and double-click it. Verify that Service Status is "Running", Startup type is "Automatic", and on the Log On tab, verify that "Local System" is selected.
...
Expand | ||
---|---|---|
| ||
Save a copy of
Find <ISAPI...>...<Site id="1" name="shibtest.cit.cornell.edu"/>. Change the "site id" to match the id assigned to your site by IIS. You can find your site id in Internet Services (IIS) Manager by clicking on "Sites". In this same location, change the site name to your DNS name. Our example defined two sites. Delete or add more as needed.
Find <RequestMap>...<Host name="shibtest.cit.cornell.edu">. Change the "Host name" to the site name you defined in step above. In this example file, we defined two hosts and specifies different authorization rules for each site and location. Please modify it to meet your site requirement. If your site supports both http and https, add redirectToSSL="443" in Host element because shibboleth SP doesn't work with http connection. Additional resources for AccessControl: https://wiki.shibboleth.net/confluence/display/SP3/XMLAccessControl If you use group for authorization, please note Shibboleth IDP doesn't support nested groups( for example group B is a member of group A, user C is a member of group B, IDP doesn't know user C is a member of group A) . If you have to use nested group, you need to convert nested group to dynamic group.
Find <ApplicationDefaults entityID="shibtestsites.cit.cornell.edu" ...>. Change the "entityID" to whatever you like. EntityID is the name of your SP and should be unique. We recommend you include domain name in entityID to guarantee it is unique. It's better not include space or special characters in it( / or : are fine).
Find < Errors supportContact ="root@localhost" helpLocation ="/about.html" styleSheet ="/shibboleth-sp/main.css" />. Change the email address to your application's support email address.
Find <SSO entityID="https://shibidp.cit.cornell.edu/idp/shibboleth">.Replace our production IDP's entityID with test IDP's entityID: https://shibidp-test.cit.cornell.edu/idp/shibboleth Find <MetadataProvider ... url="https://shibidp.cit.cornell.edu/idp/shibboleth" ..>. This is production IDP's metadata url. Comment out this block for your test site. Then un-comment MetadataProvider for Cornell test IDP.
|
Expand | |||||
---|---|---|---|---|---|
| |||||
Go to your SP installation directory(
"overall configuration is loadable, check console for non-fatal problems" If there is error, check log for detail. All the log files are in SP installation directory\var\log\shibboleth |
...
Info |
---|
Whenever you make changes to SP's configuration file, save the file. You can wait for the Shibboleth Daemon to pick up the changes or you can restart the Shibboleth Daemon to make the changes take effect right away. |
...
Register Service Provider with IDP
1. Get SP metadata
Restart IIS and the Shibboleth Daemon. The Shibboleth Daemon can be restarted using the Administrative Tools > Services navigation.
...