Versions Compared

Old Version 88

changes.mady.by.user Hong Ye

Saved on

compared with

New Version 89

changes.mady.by.user Hong Ye

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Apache must be installed and your website have an SSL certificate installed and SSL enabled. To request a SSL certificate: https://it.cornell.edu/ssl/renew-or-request-ssl-certificate.
  • Shibboleth doesn't support http access. If http access is supported on your site, define a redirect rule in Apache configuration that route http traffic to https.
  • Make sure your server time is accurate.
  • Your server has user shibd createdavailable.

Installation

Expand
titleInstall Shibboleth SP on Centos/RedHat
Install using RPM: https://wiki.shibboleth.net/confluence/display/SP3/RPMInstall
  1. Visit https://shibboleth.net/downloads/service-provider/RPMS/, choose your platform, then click Generate
  2. Copy generated content to /etc/yum.repos.d/shibboleth.repo
  3. sudo yum install shibboleth.x86_64 ( 64 bit OS )
    sudo yum install shibboleth (32 bit OS )

...

Expand
titleCreate signing and encryption key (Ubuntu users)

Check if you have sp-signing-cert.pem and sp-encrypt-cert.pem in /etc/shibboleth directory. If they are not there, generate them.

shib-keygen -n sp-signing -h yourServername -y 10 (your servername will be the CN of the certificate)
shib-keygen -n sp-encrypt -h yourServername -y 10

After you run the commands, four files are created: sp-encrypt-cert.pem, sp-encrypt-key.pem, sp-signing-cert.pem, sp-signing-key.pem. These files should be owned by shibd.
Shibboleth Configuration Check

...