Shibboleth Developers

["Scott Cantor" <>]

> We are going to be a service provider.  We already have the "target"
> installed on a Linux box running apache.  The test application works fine.

Meaning the SP software is working against some IdP somewhere? Or you
haven't gotten that far yet?

> I would like to set up a working prototype on the same box. I am assuming
> that I will need to install the "origin" somewhere.  I really do not have
> another server to work with.  I was hoping that I could install that on
> the same server.
> 
> Can I do this?  Are there any quirks that I need to look out for?

Yes, by default both software packages are configured for this case because
the metadata that's supplied uses "localhost" as the hostname of the signing
keys, certs, and location of the various components for redirects. This only
works out of the box if your client is running on the same box, though.

As long as you don't stick mod_shib in front of the /shibboleth/HS servlet,
it's fine.

> Also, are there any tutorials or examples of setting up a prototype?

The various guides related to joining InQueue are probably as good as
anything. The specifics don't apply, but the steps are the same.

The essence is not that hard, you have to assign a providerId to each end,
create keys and certs as needed (or use the dummy certs), create metadata
about each end to be consumed by the other by tweaking the examples, and run
it.

-- Scott