Shibboleth Users

Text archives Help


Re: [inqueue-support] RE: Shib Configuration questions


Chronological Thread 
  • From: Nate Klingenstein < >
  • To: "RANGI, JAI" < >
  • Cc:
  • Subject: Re: [inqueue-support] RE: Shib Configuration questions
  • Date: Fri, 25 Feb 2005 21:04:37 +0000

Jai,

Just as one possible issue here, the signing credential you use for InQueue should probably be "foo" as well since you don't define an "inqueue_cred" credential. I'd change that. Without knowing more about the errors you're encountering, though, it's hard to debug further.

Thanks,
Nate.

On Feb 25, 2005, at 19:07, RANGI, JAI wrote:

<x-tad-bigger>I am following the instruction from check-list site, My tomcat and Apache have been configured properly and works just fine. You can test it here</x-tad-bigger>

<x-tad-bigger>https://ad117-05.sdstate.edu/examples/</x-tad-bigger><x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>Here is what I have done on the Shibboleth side...</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>This is my origin.xml file. Lines I edited are in Bold, otherwise everything is the same.</x-tad-bigger>

<x-tad-bigger>  </x-tad-bigger>

<x-tad-bigger>--------------------------------------------------------------------------------</x-tad-bigger>

<x-tad-bigger><?xml version="1.0" encoding="UTF-8"?></x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger><ShibbolethOriginConfig</x-tad-bigger>

<x-tad-bigger>        xmlns="urn:mace:shibboleth:origin:1.0"</x-tad-bigger>

<x-tad-bigger>        xmlns:cred="urn:mace:shibboleth:credentials:1.0"</x-tad-bigger>

<x-tad-bigger>        xmlns:name="urn:mace:shibboleth:namemapper:1.0"</x-tad-bigger>

<x-tad-bigger>        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"</x-tad-bigger>

<x-tad-bigger>        xsi:schemaLocation="urn:mace:shibboleth:origin:1.0 origin.xsd"</x-tad-bigger>

<x-tad-bigger>        AAUrl="</x-tad-bigger><x-tad-bigger>https://ad117-05.sdstate.edu/shibboleth/AA</x-tad-bigger><x-tad-bigger>"</x-tad-bigger>

<x-tad-bigger>        resolverConfig="/conf/resolver.xml:sdstate.edu"</x-tad-bigger>

<x-tad-bigger>        defaultRelyingParty="</x-tad-bigger><x-tad-bigger>urn:mace:inqueue</x-tad-bigger><x-tad-bigger>"</x-tad-bigger>

<x-tad-bigger>        providerId="</x-tad-bigger><x-tad-bigger>urn:mace:inqueue:sdstate.edu</x-tad-bigger><x-tad-bigger>"></x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>        </x-tad-bigger><x-tad-bigger><RelyingParty name="urn:mace:inqueue:sdstate.edu"</x-tad-bigger><x-tad-bigger> signingCredential="foo"></x-tad-bigger>

<x-tad-bigger>                <HSNameFormat nameMapping="shm"/></x-tad-bigger>

<x-tad-bigger>        </RelyingParty></x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>        <!-- You'll need to get a test credential from an InQueue CA --></x-tad-bigger>

<x-tad-bigger>       </x-tad-bigger>

<x-tad-bigger>         <RelyingParty name="urn:mace:inqueue" signingCredential="inqueue_cred"></x-tad-bigger>

<x-tad-bigger>                <HSNameFormat nameMapping="shm"/></x-tad-bigger>

<x-tad-bigger>        </RelyingParty></x-tad-bigger>

<x-tad-bigger>       </x-tad-bigger>

<x-tad-bigger>  </x-tad-bigger>

<x-tad-bigger>        <ReleasePolicyEngine></x-tad-bigger>

<x-tad-bigger>                <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository"></x-tad-bigger>

<x-tad-bigger>                        <Path>/conf/arps/</Path></x-tad-bigger>

<x-tad-bigger>                </ArpRepository></x-tad-bigger>

<x-tad-bigger>        </ReleasePolicyEngine></x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>        <Logging></x-tad-bigger>

<x-tad-bigger>                <Log4JConfig location="file:///tmp/log4j.properties" /></x-tad-bigger>

<x-tad-bigger>        </Logging></x-tad-bigger>

<x-tad-bigger>        <Logging></x-tad-bigger>

<x-tad-bigger>                <ErrorLog level="DEBUG" location="file:///tmp/shib-error.log" /></x-tad-bigger>

<x-tad-bigger>                <TransactionLog location="file:///tmp/shib-access.log" /></x-tad-bigger>

<x-tad-bigger>        </Logging></x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>        <NameMapping</x-tad-bigger>

<x-tad-bigger>                xmlns="urn:mace:shibboleth:namemapper:1.0"</x-tad-bigger>

<x-tad-bigger>                id="shm"</x-tad-bigger>

<x-tad-bigger>                format="urn:mace:shibboleth:1.0:nameIdentifier"</x-tad-bigger>

<x-tad-bigger>                type="SharedMemoryShibHandle"</x-tad-bigger>

<x-tad-bigger>                handleTTL="1800"/></x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>        <Credentials xmlns="urn:mace:shibboleth:credentials:1.0"></x-tad-bigger>

<x-tad-bigger>                <FileResolver Id="foo"></x-tad-bigger>

<x-tad-bigger>                        <Key format="PEM"></x-tad-bigger>

<x-tad-bigger>                                </x-tad-bigger><x-tad-bigger><Path>/conf/server.key</Path></x-tad-bigger>

<x-tad-bigger>                        </Key></x-tad-bigger>

<x-tad-bigger>                        <Certificate format="PEM"></x-tad-bigger>

<x-tad-bigger>                                <</x-tad-bigger><x-tad-bigger>Path>/conf/server.crt</Path></x-tad-bigger>

<x-tad-bigger>                        </Certificate></x-tad-bigger>

<x-tad-bigger>                </FileResolver></x-tad-bigger>

<x-tad-bigger>        </Credentials></x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>        <FederationProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadataLoadWrapper"</x-tad-bigger>

<x-tad-bigger>                uri="/conf/localhost-sites.xml"/></x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>        <FederationProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadataLoadWrapper"</x-tad-bigger>

<x-tad-bigger>                uri="/conf/IQ-sites.xml"/></x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger></ShibbolethOriginConfig></x-tad-bigger>

<x-tad-bigger>This is what I got in mail when I register..</x-tad-bigger>

<x-tad-bigger>-------------------------------------------------------------</x-tad-bigger>

<x-tad-bigger>This is an automated request to join InQueue as an identity provider generated by the InQueue website.  The following is the proposed XML metadata associated with SDSU.  The InQueue support team will process and review your application to ensure eligibility for InQueue and completeness of information.  Upon receiving an e-mail confirmation that your application was approved, proceed to the Configuration step of the InQueue guidelines available from the webpage.</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger><OriginSite Name="urn:mace:inqueue:sdstate.edu"></x-tad-bigger>

<x-tad-bigger>   <Alias>SDSU</Alias></x-tad-bigger>

<x-tad-bigger>   <Contact Email=" " Name="Jai.rangi" Type="technical"/></x-tad-bigger>

<x-tad-bigger>   <Contact Email=" " Name="Jai Rangi" Type="administrative"/></x-tad-bigger>

<x-tad-bigger>   <HandleService Location="http://ad117-05.sdstate.edu/shibboleth/HS" Name="ad117-05.sdstate.edu"/></x-tad-bigger>

<x-tad-bigger>   <AttributeAuthority Location="http://ad117-05.sdstate.edu/shibboleth/AA" Name="ad117-05.sdstate.edu"/></x-tad-bigger>

<x-tad-bigger>   <Domain regexp="false">sdstate.edu</Domain></x-tad-bigger>

<x-tad-bigger></OriginSite></x-tad-bigger>

<x-tad-bigger>The bold line above were changed to</x-tad-bigger>

<x-tad-bigger> ---------------------------------------</x-tad-bigger>

<x-tad-bigger>It was changed to</x-tad-bigger>

<x-tad-bigger>         <HandleService Location="https://ad117-05.sdstate.edu/shibboleth/HS" Name="ad117-05.sdstate.edu"/></x-tad-bigger>

<x-tad-bigger>        <AttributeAuthority Location="https://ad117-05.sdstate.edu/shibboleth/AA" Name="ad117-05.sdstate.edu"/></x-tad-bigger>

<x-tad-bigger>--------------------------------------------------------------------------------</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>Lines I edited are in Bold, otherwise everything is the same.</x-tad-bigger>

<x-tad-bigger>  </x-tad-bigger>

<x-tad-bigger>Jai</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>PH 605 688 4689</x-tad-bigger>

<x-tad-bigger>  </x-tad-bigger>

<x-tad-bigger>Fax 605 688 4605</x-tad-bigger>

<x-tad-bigger>  </x-tad-bigger>

<x-tad-bigger>-----Original Message-----</x-tad-bigger>
<x-tad-bigger> From: Scott Cantor [mailto: </x-tad-bigger>
<x-tad-bigger> Sent: Thursday, February 24, 2005 5:27 PM</x-tad-bigger>
<x-tad-bigger> To: RANGI, JAI; </x-tad-bigger>
<x-tad-bigger> Subject: RE: Shib Configuration questions</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>I suggest you start with this:</x-tad-bigger>

<x-tad-bigger>http://shibboleth.internet2.edu/guides/identity-provider-checklist.html</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>If you have specific questions, people are happy to help. Excluding</x-tad-bigger>

<x-tad-bigger>attributes, which is very site dependent, other than filling in the</x-tad-bigger>

<x-tad-bigger>providerId you're assigned and telling it where to find your key and</x-tad-bigger>

<x-tad-bigger>certificate, the rest is not Shibboleth, it's just setting up Tomcat and</x-tad-bigger>

<x-tad-bigger>Apache.</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>-- Scott</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>
<RANGI, JAI.25382DEFANGED-vcf>


  • Re: [inqueue-support] RE: Shib Configuration questions, Nate Klingenstein, 02/25/2005

Archive powered by MHonArc 2.6.16.

Top of page