Shibboleth2.xml - internal use skeleton

From RavenWiki
Revision as of 11:42, 3 March 2020 by rjw57 (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

We're working on improving Raven resources for developers and site operators.

Try out the new Raven documentation for size.

Shibboleth SP v3 (and IdP v3)

These pages are being updated as (limited) time allows.

This page on the Shibboleth.net Wiki seems to be useful : https://wiki.shibboleth.net/confluence/display/SP3/UpgradingFromV2

The following file /should/ be a starting point for the shibboleth2.xml file required by an SP. Note that the filename "shibboleth2.xml" is still correct.

shibboleth2.xml-UCAMSKEL-3 

There are three known changes your Authors suggest be made to the above xml file from previous versions:

1. In the "<!-- Metadata provider -->" block, The "shib2 idp" metadata should now be

uri="https://shib.raven.cam.ac.uk/ucamfederation-sp-metadata.xml"

2, 3. follow the instructions at https://wiki.shibboleth.net/confluence/display/SP3/UpgradingFromV2 for "namespace" and "review all "MetadataProvider" elements in the shibboleth2.xml file for "file" and "uri" attributes".

- we believe we have done this in the above linked file, but please do check and report back if we've missed something.

**DEPRECATED** Shibboleth SP v2 (along with the old Shibboleth V2 IdP) **DEPRECATED**

The main configuration for the Shibboleth SP is a file called shibboleth2.xml. You'll find this in the main Shibboleth configuration directory whose location varies from installation to installation. Try /etc/shibboleth, /opt/shibboleth-sp/etc/shibboleth, C:\opt\shibboleth-sp\etc\shibboleth or similar.

Various skeleton versions of this file are available, suitable for use with an SP that only wants to work within the University and only wants to authenticate Raven users.

This one is believed to work with versions 2.3 and 2.4 of the SP software:

**DEPRECATED** http://raven.cam.ac.uk/project/shibboleth/files/config/shibboleth2.xml-UCAMSKEL

Version 2.4 of the SP software introduced a number of simplifications to the configuration file, and version 2.5 of the software no longer accepts some features that used to work in version 2.4. This skeleton files is recommended for use with versions 2.4 and 2.5 of the SP software:

**DEPRECATED ** http://raven.cam.ac.uk/project/shibboleth/files/config/shibboleth2.xml-UCAMSKEL-2.5

Make a copy of it and rename it shibboleth2.xml. Search it for all occurrences of 'FIX-ME' and apply the edits described in the adjacent comments. Try not to disturb anything you are not explicitly told to alter - see Editing XML for tips on editing XML files. You can check it for major mistakes by running

 <some path>/shibd -t (Unix)
 <some path>\shibd.exe -check (Windows)

The path to shibd varies from installation to installation - try /sbin, /opt/shibboleth-sp/sbin, C:\opt\shibboleth-sp\sbin or similar.