Page History

Download our sample shibboleth2.xml and replace your /etc/shibboleth/shibboleth2.xml with downloaded file. Open shibboleth2.xml in a text editor.

• Update SP entityID:

 Find <ApplicationDefaults entityID="https://mysite.cit.cornell.edu/shibboleth"... >.  EntityID is the  Unique identifier for your SP. Cornell Shibboleth Identity Provider(IDP) provides service to many applications. This entityID will help Cornell IDP to identify your SP. We recommend you follow shibboleth convention named it "https://xxx/shibboleth". It's better not include space or special characters in it( / and : are fine). One SP can server multiple sites in your Apache so it does not necessarily equate to the hostname(s) at which your service runs. 

• Update the support contact: 

Find  < Errors supportContact ="root@localhost"  helpLocation ="/about.html" styleSheet ="/shibboleth-sp/main.css"  /> . Change the email address to your application's support email address.

• Update IDP info if you are configuring a test/dev site( skip this if you are configuring production site )

Find <SSO entityID=" https://shibidp.cit.cornell.edu/idp/shibboleth ">.Replace our production IDP's entityID with test IDP's entityID: https://shibidp-test.cit.cornell.edu/idp/shibboleth

Find <MetadataProvider ... url=" https://shibidp.cit.cornell.edu/idp/shibboleth " ..>. This is production IDP's metadata url. Comment out this block for your test site. Then un-comment MetadataProvider for Cornell test IDP.

• Check if you have sp-signing-cert.pem and sp-encrypt-cert.pem in /etc/shibboleth directory. If they are not there, generate them.

  Code Block
  title generate a 10 year signing key
  shib-keygen -n sp-signing -h yourServername -y 10 (your servername will be the CN of the certificate)

  Code Block
  title generate 10 year encryption key
  shib-keygen -n sp-encrypt -h yourServername -y 10