配置 Shibboleth 原生服务提供者和 Apache [英] Configure Shibboleth native Service Provider and Apache

问题描述

我有一个简单的网络应用程序.我想在我的 Web 应用程序前面设置 Shibboleth 本机 SP，以便它发出/断言 SAML 相关内容并将请求转发到我的 Web 应用程序.是否有完整的教程来实现这一目标?

I have a simple web application. I want to set Shibboleth native SP in front of my web app so that it issues/asserts SAML related things and forwards request to my web app. Is there a complete tutorial how to achieve that?

推荐答案

使用 testshib 来测试您的应用程序，它也提供了轻松很多.

Use testshib to test your app, it gives too much ease.

按照步骤操作

1. 在您的机器上下载并安装 sp
2. 将 shibboleth 的配置包含到您的 apache 中2.1.在 httpd.conf 文件中添加 include "PATH/opt/path/etc/apache22"(如果版本是 apache2.2，否则适用)
3. 在 apache22.config 文件中添加要保护的位置 - 默认为/secure
4. 在您的 shibboleth2.xml 文件(在 etc 文件夹中)中放置您的实体 ID(应用程序默认元素)，例如 https://mywebsite.com/shibboleth - 这可以是任何东西，不一定是真正的路径
5. 将您的 idp 的实体 ID 放在 sso 元素中，如果是 testshib，它将是 https://idp.testshib.org/idp/shibboleth
6. 在元数据提供者中，将 idp 的元数据 uri 放入您的 idp 的元数据 urn，以防 testshib 将是 http://www.testshib.org/metadata/testshib-providers.xml
7. 从 https://mywebsitehost.com/Shibboleth.sso/Metadata 下载您的元数据 -这里 mywebsitehost 将是一个真正的主机，其余路径将由 shibboleth 自动配置 - 此路径将下载您的 sp 的元数据文件
8. 通过注册将元数据文件上传到 testshib

1. download and instal sp on your machine
2. include shibboleth's configuration into your apache 2.1. into httpd.conf file add include "PATH/opt/path/etc/apache22"(if version is apache2.2, otherwise appropriate)
3. in apache22.config file add the location you want to secure - it would be /secure bydefault
4. in your shibboleth2.xml file (in etc folder) put your entity id(application defaults element), ex https://mywebsite.com/shibboleth - this can be anything, not neccessary a real path
5. put entity id of your idp in sso element, in case of testshib it would be https://idp.testshib.org/idp/shibboleth
6. in the metadata provider put idp's metadata uri to your idp's metadata urn, incase testshib it would be http://www.testshib.org/metadata/testshib-providers.xml
7. Download your metadata from https://mywebsitehost.com/Shibboleth.sso/Metadata - here mywebsitehost would be a real host and rest path will be automatically configured by shibboleth - this path will download your sp's metadata file
8. Upload your metadata file to testshib via register

你准备好了.转到 https://mywebsitehost.com/secure，您应该会被重定向到 idp 以进行身份​​验证.

You are ready to go. Go to https://mywebsitehost.com/secure and you should be redirected to idp to authenticate.

注意:确保您的域名配置了 ssl(https)

NOTE: Make sure you have a domain name configured with ssl(https)

这篇关于配置 Shibboleth 原生服务提供者和 Apache的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！