http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8446
--- Comment #10 from Martin Renvoize <[email protected]> --- So.... the most complicated bit of all this (as you may have guessed) is actually in steps 2. and 3. above! Step 2 - Configuring Shibboleth party of trust. Shibboleth config files should be located at: /etc/shibboleth The important files are: shibboleth2.xml - The main config file attribute-map.xml - The attribute mapping file You will also want to create a directory to keep IdP metadata backups within: mkdir /var/cache/shibboleth/metadata/ chown -r _shibd:_shibd /var/shibboleth/metadata Let's configure some things: 1. First up, we need to setup the SP (Service Provider) identity. In the shibboleth2.xml file you should find a line similar to: <ApplicationDefaults entityID="https://kohaopac.mytestserver.com"; Modify this so that the 'entityID' matches your OPAC URL. 2. Next, we need to tell the shibboleth daemon where the IdP (identity provider) is. In the shibboleth2.xml file you should find a block similar to: <SSO entityID="http://sso.testidentityprovider.com/auth/metadata";> SAML2 SAML1 </SSO> Modify this so that the entityID matches the IdP's sign in URL. 3. Finally, you'll need to tell the daemon where to fetch the IdP's metadata from and set a backup path: In the shibboleth2.xml file you should find a block similar to: <MetadataProvider type="XML" uri="https://sso.testidentityprovider.com/auth/metadata"; backingFilePath="/var/cache/shibboleth/metadata/testidp-metadata.xml" reloadInterval="7200" > </MetadataProvider> Modify this so that the uri matches the IdP's public metadata page, and point the backingFilePath to the directory we created. 4. The config is now done... but you should create some keys to work with your shibboleth SP: sudo openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout server.key -out server.crt Your key and certicate names will obviously need to match those in the shibboleth2.xml config file. 5. Restart the shibd daemon: sudo /etc/init.d/shibd restart 6. We're about ready to swap Matadata: Tell you're IdP provider that your Metadata is available at: https://youropacurl.com/Shibboleth.sso/Metadata -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
