Skip to Content.
Sympa Menu

shibboleth-dev - RC3 looks good!

Subject: Shibboleth Developers

List archive

RC3 looks good!


Chronological Thread 
  • From:
  • To:
  • Subject: RC3 looks good!
  • Date: Sat, 1 May 2004 12:09:43 -0400
I downloaded the new package, and it works fine:

At 4:43 PM -0400 4/30/04, Walter Hoehn wrote:
RC3 of the 1.2 origin has been posted at http://wayf.internet2.edu/shibboleth/

I think this may be ready for the wider world..... (-:

If you try it, please post your results to this list; note -- the doc included in the distribution isn't yet complete.....

I did the build:

./ant dist-origin
./ant build-util

did the dance (copied the new war file into tomcat, started tomcat, stopped tomcat.

To get my new origin operational within InQueue, I

1) copied some of my old config files into the shibboleth/classes/conf directory:

-- resolver.xml (no change from shib 1.1)
-- my old arps (no change)

2) got the new IQ-sites file (the one included in the dist is minimal...)

bin/metadatatool -i https://wayf.internet2.edu/InQueue/IQ-sites.xml -k conf/internet2.jks -p shib123 -a sitesigner -o /opt/local/jak*/webapps/shibboleth/WEB*/classes/conf/IQ-sites.xml

3) and made the following changes to origin.xml:

a) in the <ShibbolethOriginConfig> element, changed the values for:

AAUrl="https://pluto.services.brown.edu/shibboleth/AA";
defaultRelyingParty="urn:mace:inqueue"
providerId="urn:mace:inqueue:brown.edu">

b) uncommented this RP element

<RelyingParty name="urn:mace:inqueue"
signingCredential="inqueue_cred">
<HSNameFormat nameMapping="shm"/>
</RelyingParty>

c) uncommented some of the logging
<!-- stc changed
set log level to DEBUG
changed log file location
-->
<Logging>
<ErrorLog level="DEBUG" location="file:///opt/local/jakarta-tomcat-4.1.24-LE-
jdk14/logs/shib-error.log" />
<TransactionLog location="file:///opt/local/jakarta-tomcat-4.1.24-LE-jdk14/lo
gs/shib-access.log" />
</Logging>

d) added an element inside the Credentials element, pointing to the credentials the HS will use when signing assertions

<!-- stc added entry for IQ credentials -->
<KeyStoreResolver Id="inqueue_cred" storeType="JKS">

<Path>file:////opt/local/shibboleth-1.1/conf-origin/keystore.jks</Path>
<KeyAlias>brownhs</KeyAlias>
<CertAlias>brownhs</CertAlias>
<StorePassword>shibhs</StorePassword>
<KeyPassword>shibhs</KeyPassword>
</KeyStoreResolver>

Note: these are the same credentials I used with shib 1.1

e) uncommented this element:

<FederationProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMe
tadataLoadWrapper"
uri="/conf/IQ-sites.xml"/>


  • RC3 looks good!, Steven_Carmody, 05/01/2004

Archive powered by MHonArc 2.6.16.

Top of Page