Versions used for configuration:
OpenAM (Identity Provider) – 9.0
Shibboleth (Service Provider) – 2.3.1
OS Version – Ubuntu 9.04
Apache version – 2.2.6
(1) Configure OpenAM with necessary Directory Service configuration on host1.
(2) Configure Shibboleth SP version with some basic configuration on host2.
(3) Generate and save Shibboleth SP metadata using URL – http://host2/Shibboleth.sso/Metadata
(4) Edit the Shibboleth SP metadata and remove all XML digital signature and the
(5) Copy the generated SP metadata on the IdP server.
(6) Go to “Common Tasks” section and configure “Create Hosted Identity Provider”. If you want to use it in production, make sure to have your credentials in the keystore, for proof-of-concept scenarios the keystore contains one test key.
(7) Add a new “Circle of Trust” name within “Hosted Identity Provider” and save necessary settings.
(8) Grab the newly created OpenSSO IdP metadata XML (you can use either ssoadm.jsp export entity command or access directly /opensso/saml2/jsp/exportmetadata.jsp?entityid=
(9) Put the metadata in a location which is accessible through a web URL.
(10) Login to the OpenAM UI and go to the Common Tasks section.
(11) Click on “Add Remote Service Provider” link.
(12) Select the file option and upload the Shibboleth Service Provider metadata file.
(13) Select common attributes and finish the setup.
(14) Now edit shibboleth2.xml file on the Shibboleth SP server and do following configurations:
1. In the
3. In the
4. In the
This configuration would be read when shib daemon is restarted.
(15) In the apache config file, include Shibboleth's apache configuration file available in directory
(16) Restart apache configuration.
(17) Restart shibboleth daemon.
(18) Check the shibboleth log-files to ensure that shibboleth daemon was able to load IdP metadata without any issues.
(a) Test accessing a secure URL from Shibboleth SP server.
(b) Verify that client is redirected to SSO login URL of the IdP.
(c) Enter valid user authentication credentials and verify that client is redirected back to the Service Provider URL.
Very nice explanation on configuration with stepwise.ReplyDelete
does it work with current versions?ReplyDelete
Sorry .. have not worked on this for a while, so am not in a position to comment if it would work with latest version.Delete
Great Article. Thank you for sharing! Really an awesome post for every one.ReplyDelete
Cooperative Task Offloading in Three tier Mobile Computing Networks An ADMM Framework Project For CSE
Improving Failure Tolerance in Large Scale Cloud Computing Systems Project For CSE
Maximum Data resolution Efficiency for Fog Computing Supported Spatial Big Data Processing in Disaster Scenarios Project For CSE
A Coarse to Fine Framework for Cloud Removal in Remote Sensing Image Sequence Project For CSE
A High Efficiency Compressed Sensing Based Terminal to Cloud Video Transmission System Project For CSE