Shibboleth documentation and HOWTOs: Difference between revisions
(→Deploying Shibboleth SPs in the University: UCS-->UIS) |
No edit summary |
||
| (4 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
{{New Docs}} | |||
= NOTE: Version 2 of the Service Provider has been deprecated by the software maintainers, AND we are now running version 3 of the IdP = | |||
==Deploying Shibboleth SPs in the University== | ==Deploying Shibboleth SPs in the University== | ||
This page provides information about deploying Shibboleth Service Providers (SPs) within the University, either just to protect sites with Raven or with a view to joining the UK federation and potentially letting in people from other institutions. | |||
It is hoped the information on these pages will furnish the Reader with enough information to deploy Shibboleth Service Provider software to interact with the Shibboleth IdP version 3 - run by the Access and Identity Services team (within the UIS). | |||
Note that, unlike when using the local Ucam WebAuth protocol (i.e. 'classic Raven'), Shib SPs need to be registered with Raven before it will provide them with service. This can be achieved either by registering with the local unofficial Ucam federation (which will allow authentication via Raven but little else), or by registering with the UK Access Management Federation. See [[SP registration]] for details. [Prior to 2012, Raven provided limited support for unregistered entities - this is no longer the case]. | Note that, unlike when using the local Ucam WebAuth protocol (i.e. 'classic Raven'), Shib SPs need to be registered with Raven before it will provide them with service. This can be achieved either by registering with the local unofficial Ucam federation (which will allow authentication via Raven but little else), or by registering with the UK Access Management Federation. See [[SP registration]] for details. [Prior to 2012, Raven provided limited support for unregistered entities - this is no longer the case]. | ||
| Line 16: | Line 25: | ||
===Instructions=== | ===Instructions=== | ||
* [[Installing | * [https://www.switch.ch/aai/guides/sp/installation/ Installing SP3 for Linux, MacOS and Windows] | ||
* [[Installing | * [[Installing SP3.x under Linux]] | ||
* [[Installing | * [[Installing SP3.x under Windows]] | ||
* [[Installing | * [[Installing SP3.x for Apache under Windows]] | ||
* [[Installing SP3.x under OSX]] | |||
* [[SP registration]] | * [[SP registration]] | ||
| Line 25: | Line 35: | ||
* [[Configuring Shibboleth access control|Configuring access control]] | * [[Configuring Shibboleth access control|Configuring access control]] | ||
* [[Virtual hosting issues with Shibboleth|Virtual hosting issues]] | * [[Virtual hosting issues with Shibboleth|Virtual hosting issues]] | ||
* [[Configuring other Shibboleth SPs]] | |||
===Additional information=== | ===Additional information=== | ||
* [[Editing XML]] | * [[Editing XML]] | ||
* [[EntityIDs]] | * [[Choosing EntityIDs]] | ||
* [[SP Metadata]] | * [[SP Metadata]] | ||
* [[Attributes released by the Raven IdP]] | * [[Attributes released by the Raven IdP]] | ||
* [[SSL, certificates and security with Shibboleth|SSL, certificates and security]] | * [[SSL, certificates and security with Shibboleth|SSL, certificates and security]] | ||
* [[Shibboleth FAQs|FAQs]] | * [[Shibboleth FAQs|FAQs]] | ||
===Resources=== | |||
* [['Ucam Federation' IdP metadata]] | |||
* [[shibboleth2.xml - internal use skeleton]] | |||
* [[attribute-map.xml - internal use skeleton]] | |||
- - - - | |||
== DEPRECATED SP v2 == | |||
'''Please note these instructions are left here for those interested, but are aimed at the DEPRECATED SP version 2''' | |||
This information is intended to support the deployment of [http://shibboleth.net/products/service-provider.html version 2.x of the Shib SP software] originally developed by [http://www.internet2.edu/ Internet2] but now managed by [http://shibboleth.net/ the Shibboleth Consortium] - other software, including anything supporting appropriate versions of SAML, should also work but University Information Services has limited direct experience of anything else. Note that earlier versions of the Shibboleth software have reached end of life and should be avoided. | |||
The definitive documentation for all this starts with the [http://shibboleth.net/products/service-provider.html Shib Consortium SP software page] and the [https://wiki.shibboleth.net/confluence/display/SHIB2/Installation installation] and [https://wiki.shibboleth.net/confluence/display/SHIB2/Configuration configuration] pages in the Shib Wiki. Almost everything you might need will be here, but you may need to explore - try following any and all links that look even vaguely useful. The [http://shibboleth.net/community/lists.html Shibboleth-Users] mailing list can be a useful resource, as can its archives (but be sure you are finding fresh information - the archives go back a long way). | |||
===Instructions=== | |||
* [[Installing SP2.x under Linux]] | |||
* [[Installing SP2.x under Windows]] | |||
* [[Installing SP2.x for Apache under Windows]] | |||
* [[Installing SP2.x under OSX]] | |||
===Resources=== | ===Resources=== | ||
Latest revision as of 11:40, 3 March 2020
We're working on improving Raven resources for developers and site operators.
Try out the new Raven documentation for size.
NOTE: Version 2 of the Service Provider has been deprecated by the software maintainers, AND we are now running version 3 of the IdP
Deploying Shibboleth SPs in the University
This page provides information about deploying Shibboleth Service Providers (SPs) within the University, either just to protect sites with Raven or with a view to joining the UK federation and potentially letting in people from other institutions.
It is hoped the information on these pages will furnish the Reader with enough information to deploy Shibboleth Service Provider software to interact with the Shibboleth IdP version 3 - run by the Access and Identity Services team (within the UIS).
Note that, unlike when using the local Ucam WebAuth protocol (i.e. 'classic Raven'), Shib SPs need to be registered with Raven before it will provide them with service. This can be achieved either by registering with the local unofficial Ucam federation (which will allow authentication via Raven but little else), or by registering with the UK Access Management Federation. See SP registration for details. [Prior to 2012, Raven provided limited support for unregistered entities - this is no longer the case].
These documents are intended for the system administrator that will be installing and maintaining a Shibboleth service provider in the University of Cambridge. This may be a different person than the application developer who will actually be using the attributes which Shibboleth delivers, though they may find some of this information relevant as well. The following basic skills are expected of the reader, and are beyond the scope of what these documents attempts to cover:
- familiarity with the local operating system, including how to install software (on some UNIX systems this may involve compiling packages from source code)
- configuring the local web server (Apache, IIS, etc)
- basic understanding of XML documents (but see Editing XML for some hints)
In addition, a basic understanding of SSL, including how to generate a key and CSR, will be required for many deployment options.
Instructions
- Installing SP3 for Linux, MacOS and Windows
- Installing SP3.x under Linux
- Installing SP3.x under Windows
- Installing SP3.x for Apache under Windows
- Installing SP3.x under OSX
Additional information
- Editing XML
- Choosing EntityIDs
- SP Metadata
- Attributes released by the Raven IdP
- SSL, certificates and security
- FAQs
Resources
- 'Ucam Federation' IdP metadata
- shibboleth2.xml - internal use skeleton
- attribute-map.xml - internal use skeleton
- - - -
DEPRECATED SP v2
Please note these instructions are left here for those interested, but are aimed at the DEPRECATED SP version 2
This information is intended to support the deployment of version 2.x of the Shib SP software originally developed by Internet2 but now managed by the Shibboleth Consortium - other software, including anything supporting appropriate versions of SAML, should also work but University Information Services has limited direct experience of anything else. Note that earlier versions of the Shibboleth software have reached end of life and should be avoided.
The definitive documentation for all this starts with the Shib Consortium SP software page and the installation and configuration pages in the Shib Wiki. Almost everything you might need will be here, but you may need to explore - try following any and all links that look even vaguely useful. The Shibboleth-Users mailing list can be a useful resource, as can its archives (but be sure you are finding fresh information - the archives go back a long way).
Instructions
- Installing SP2.x under Linux
- Installing SP2.x under Windows
- Installing SP2.x for Apache under Windows
- Installing SP2.x under OSX
Resources
- 'Ucam Federation' IdP metadata
- shibboleth2.xml - internal use skeleton
- attribute-map.xml - internal use skeleton
Other University Shibboleth information
Shibboleth Implementation Project documents
These documents, originally working document belonging to the Computing Service's Shibboleth Development Project, are retained for historical and reference purposes.
