配置 Shibboleth 原生服务提供者和 Apache [英] Configure Shibboleth native Service Provider and Apache
问题描述
我有一个简单的网络应用程序.我想在我的 Web 应用程序前面设置 Shibboleth 本机 SP,以便它发出/断言 SAML 相关内容并将请求转发到我的 Web 应用程序.是否有完整的教程来实现这一目标?
I have a simple web application. I want to set Shibboleth native SP in front of my web app so that it issues/asserts SAML related things and forwards request to my web app. Is there a complete tutorial how to achieve that?
推荐答案
使用 testshib 来测试您的应用程序,它也提供了轻松很多.
Use testshib to test your app, it gives too much ease.
按照步骤操作
- 在您的机器上下载并安装 sp
- 将 shibboleth 的配置包含到您的 apache 中2.1.在 httpd.conf 文件中添加 include "PATH/opt/path/etc/apache22"(如果版本是 apache2.2,否则适用)
- 在 apache22.config 文件中添加要保护的位置 - 默认为/secure
- 在您的 shibboleth2.xml 文件(在 etc 文件夹中)中放置您的实体 ID(应用程序默认元素),例如 https://mywebsite.com/shibboleth - 这可以是任何东西,不一定是真正的路径
- 将您的 idp 的实体 ID 放在 sso 元素中,如果是 testshib,它将是 https://idp.testshib.org/idp/shibboleth
- 在元数据提供者中,将 idp 的元数据 uri 放入您的 idp 的元数据 urn,以防 testshib 将是 http://www.testshib.org/metadata/testshib-providers.xml
- 从 https://mywebsitehost.com/Shibboleth.sso/Metadata 下载您的元数据 -这里 mywebsitehost 将是一个真正的主机,其余路径将由 shibboleth 自动配置 - 此路径将下载您的 sp 的元数据文件
- 通过注册将元数据文件上传到 testshib
- download and instal sp on your machine
- include shibboleth's configuration into your apache 2.1. into httpd.conf file add include "PATH/opt/path/etc/apache22"(if version is apache2.2, otherwise appropriate)
- in apache22.config file add the location you want to secure - it would be /secure bydefault
- in your shibboleth2.xml file (in etc folder) put your entity id(application defaults element), ex https://mywebsite.com/shibboleth - this can be anything, not neccessary a real path
- put entity id of your idp in sso element, in case of testshib it would be https://idp.testshib.org/idp/shibboleth
- in the metadata provider put idp's metadata uri to your idp's metadata urn, incase testshib it would be http://www.testshib.org/metadata/testshib-providers.xml
- Download your metadata from https://mywebsitehost.com/Shibboleth.sso/Metadata - here mywebsitehost would be a real host and rest path will be automatically configured by shibboleth - this path will download your sp's metadata file
- Upload your metadata file to testshib via register
你准备好了.转到 https://mywebsitehost.com/secure,您应该会被重定向到 idp 以进行身份验证.
You are ready to go. Go to https://mywebsitehost.com/secure and you should be redirected to idp to authenticate.
注意:确保您的域名配置了 ssl(https)
NOTE: Make sure you have a domain name configured with ssl(https)
这篇关于配置 Shibboleth 原生服务提供者和 Apache的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!