Shibboleth Identity Provider Integration with Service Provider

Service Provider Initiated Single Sign On Configuration

I have installed the shibboleth Identity and Service Provider in Cent OS 6.4 64 bit server in different virtual machines. I have allocated 4gb ram for each virtual machines. The installation and Configuration details as follows. 

Identity Provider Installation

• Software Requirement

       Cent OS 6.4 64 Bit
       Tomcat6
       Apache 2.2 Web Server
       mod_ssl
       Identity Provider 2.4.0
       Java 1.6
       open ldap
       tomcat6-dta-ssl-1.0.0.jar

• Install the Cent OS 6.4 64 Bit in Virtual Machines.

     Please follow the Cent OS Install Lync to install the centos.

• Install Tomcat6, httpd, mod_ssl,  openldap, and open jdk from the centos default repositories.

    yum install tomcat6
    yum install httpd
    yum install mod_ssl
    yum install *openldap* -y
    yum install java-1.6.0-openjdk-devel.x86_64

• Install Shibboleth Identity Provider

    

Copy the shibboleth-identityprovider-2.4.0-bin.zip to /opt directory and extract the zip file. The Identity Provider file structure as follows.

  /opt/shibboleth-identityprovider-2.4.0/doc

  /opt/shibboleth-identityprovider-2.4.0/LICENSE.txt 

  /opt/shibboleth-identityprovider-2.4.0/install.sh

  /opt/shibboleth-identityprovider-2.4.0/install.bat

  /opt/shibboleth-identityprovider-2.4.0/cpappend.bat

  /opt/shibboleth-identityprovider-2.4.0/lib

  /opt/shibboleth-identityprovider-2.4.0/src

  /opt/shibboleth-identityprovider-2.4.0/endorsed

Go to the /opt/shibboleth-identityprovider-2.4.0/ directory and run the install.sh file. After running the install.sh file and please provide the following details. They are

1. Where should the Shibboleth Identity Provider software be installed?

•     Provide the absolute path of the of IDP installation directory. Default Installation Directory is /opt/shibboleth-idp/. If you want to change the installation directory, please specify different path else accept the default one.

1. What is the fully qualified hostname of the Shibboleth Identity Provider server?

• Enter Host Name. I have used host name is idp.liyaqat.com

1.  A keystore is about to be generated for you. Please enter a password that will be used to protect it.

• Enter Keystore password.

The shibboleth IDP structure as follows.

/opt/shibboleth-idp/

-->bin/ . This directory contains the SAML executable files.  

--> conf/  This directory contains the IDP Configuration Files. The Configuration files info is  explained in IDP Configuration Section.

--> credentials/ . This Directory Contains the Install process generate the IDP Self Signed Certificate. For Production Environment Generate the Create the Certificate request and send to the Certificate authority for signing. Once the Certificate is signed, import the signed certificate into the key store.    

--> lib/  This Directory Contains the Shibboleth Library Files.

 -->lib/endorsed. This directory Contains the Endorsed libraries. These files needs to be copied into the tomcat endorsed directory.

    

--> metadata/ . This directory contains the idp metadata. All other metada files needs to be copied in this directory. 

--> war/ . This directory contains the war file. This war file needs to be deployed in the tomcat web apps directory.

--> log/ . This directory contains the idp server log files.

>>Follow the Tomcat Configuration