Login as a root or sudo user to configure the Service Provider Registration with Identity Provider as follows.
Service Provider Configuration
1. Protecting the Resource
Go to the /etc/httpd/conf.d directory and edit the shib.conf file and add the following content.
<Location /testapp>
AuthType shibboleth
ShibRequireSession On
require shibboleth
ShibUseHeaders On
</Location>
/testapp is my protected resource. The testapp is deployed in the tomcat6 and deployment steps are configured my previous blog. Please follow the lync and configure the testapp war file.
TESTAPP WAR FILE
2. Configuring AJP protocol request transfer from Httpd to Tomcat6
Go to the /etc/httpd/conf.d directory and create the proxy_ajp.conf file and the following content.
ProxyPass /testapp/ ajp://127.0.0.1:8009/testapp/
3. Test the Apache Server Configuration
Run the apachectl -t command. If any error found in the configuration file, please fix the configuration, and retry again.
4.Configuring the SAML Response Attributes
Go to the /etc/shibboleth/ directory and edit the attribute-map.xml file and the following attribute definition or uncomment attribute definition. They are
<Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/>
<Attribute name="urn:oid:2.5.4.4" id="sn"/>
<Attribute name="urn:oid:2.5.4.42" id="givenName"/>
4. Configure Attribute - Policy
If you want to include or exclude, please modify the attribute-policy.xml file. I am using the default configuration attribute-policy File.
5. Test the shibboleth configuration
shibd -t
The following output display after running the above command
6. Restart httpd, and shibd services
service httpd restart
service shibd restart
7. Logs
Please check any errors found in the shib logs or httpd log
Shibd Logs
The shibboleth log files are available in the /var/log/shibboleth and the log file name is shibd.log. After starting the server without any issue, the log file look like this.
Httpd Log
The Apache Server log files are available in the /etc/httpd/logs
>>Follow Continuation
Service Provider Configuration
1. Protecting the Resource
Go to the /etc/httpd/conf.d directory and edit the shib.conf file and add the following content.
<Location /testapp>
AuthType shibboleth
ShibRequireSession On
require shibboleth
ShibUseHeaders On
</Location>
/testapp is my protected resource. The testapp is deployed in the tomcat6 and deployment steps are configured my previous blog. Please follow the lync and configure the testapp war file.
TESTAPP WAR FILE
2. Configuring AJP protocol request transfer from Httpd to Tomcat6
Go to the /etc/httpd/conf.d directory and create the proxy_ajp.conf file and the following content.
ProxyPass /testapp/ ajp://127.0.0.1:8009/testapp/
3. Test the Apache Server Configuration
Run the apachectl -t command. If any error found in the configuration file, please fix the configuration, and retry again.
4.Configuring the SAML Response Attributes
Go to the /etc/shibboleth/ directory and edit the attribute-map.xml file and the following attribute definition or uncomment attribute definition. They are
<Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/>
<Attribute name="urn:oid:2.5.4.4" id="sn"/>
<Attribute name="urn:oid:2.5.4.42" id="givenName"/>
4. Configure Attribute - Policy
If you want to include or exclude, please modify the attribute-policy.xml file. I am using the default configuration attribute-policy File.
5. Test the shibboleth configuration
shibd -t
The following output display after running the above command
6. Restart httpd, and shibd services
service httpd restart
service shibd restart
7. Logs
Please check any errors found in the shib logs or httpd log
Shibd Logs
The shibboleth log files are available in the /var/log/shibboleth and the log file name is shibd.log. After starting the server without any issue, the log file look like this.
Httpd Log
The Apache Server log files are available in the /etc/httpd/logs
>>Follow Continuation
No comments:
Post a Comment