Skip to Content

Posts under tag: Shibboleth

August 5, 2013

After Shibboleth is Installed

This post is for people who are setting up shibboleth service providers on their web servers.

Configuration

Look at https://it.uoregon.edu/idm/services/shibboleth-application-integration for common configuration procedure.

  • shibboleth2.xml: This file is where your shibboleth settings will reside. The default shibboleth site settings goes under ApplicationDefaults. Additional vhosts are managed with ApplicationOverride.
  • attribute-map.xml: This file defines the attributes used by the service provider. Add the attributes that you need to that file. Common attributes requested are user information like username (duckid), email address and directory information that all come from LDAP.

Testing Shibboleth

  • Once installed and configured go to your default shibboleth site URL: https://www.example.org/Shibboleth.sso/Login (The /Login depends on your shibboleth configuration). You can optionally set a target variable to redirect to after authentication. E.g. https://pcs.uoregon.edu/Shibboleth.sso/Login?target=https://pcs.uoregon.edu/
  • If you see a 404 error you probably have a redirect setup to send Shibboleth.sso (or any handlerURL you have setup) to some page on your website. Common problem with WordPress. Add RewriteCond %{REQUEST_URI} !^/?Shibboleth.sso/ to stop the redirect. In Shibboleth 2.5.2 you have to setup the redirect for any website that uses redirects otherwise you will see 404 errors.
  • Once you hit enter on that URL you should be redirected to your IDP to authenticate. Once authenticated if you see no errors you will be redirected to your site. Otherwise you will see errors.
  • Commons errors. Here are some possible ones that you should check for:
    • IDP is not configured for your Shibboleth address.
    • IDP is configured for https but you tried to connect with http. This includes using http in the target variable. Since we require https for Shibboleth it is recommended to make all traffic redirect to https.
    • Your server’s date is skewed. Make sure to use NTP and have it running and synced with ntp.uoregon.edu or any other reliable NTP server.
    • Check Shibboleth logs for errors as well.
  • Once authenticated go to https://www.example.org/Shibboleth.sso/Session to review your session and see if all the attributes you requested are being provided. If your attribute-map.xml is configured correctly you should see attributes you have access to.

(more…)

May 31, 2011

UO: new Test Shibboleth service

Attention Shibboleth Users,
We are pleased announce the release of our new Test Shibboleth service.

If you have a development or test system currently configured to access ssotest1.uoregon.edu/idp/shibboleth you will need to update your Shibboleth Service Provide (SP) to point to the new test Shibboleth service.

As of 6/20/2011 the old test service will no longer be available. (more…)