After installing Shibboleth and joining TestShib, some minor configuration tweaks are necessary to use TestShib. Here are the changes that need to be made.






Identity Provider Configuration
  1. TestShib's configuration files are distributed as a set of files that replace the distribution configuration directory for your comfort. Back up the existing configuration directory and let's begin.
  2. Download either the .tar file or .zip file.
  3. Decompress the file and copy its contents into the default configuration directory, overwriting when needed.
  4. Place the testshib.key and testshib.crt files you received when you joined TestShib into the default configuration directory too. Make sure the names are right. If you lost these, rejoin.
  5. The port 8443 virtual host defined in httpd.conf or ssl.conf needs to use these new keys as well. Change the SSLCertificateFile and SSLCertificateKeyFile directives to match.
  6. Change the providerId value of idp.xml's main <IdPConfig> element to match the one you're using with TestShib.
  7. Change the smartScope attributes in resolver.xml to match your base domain(e.g., supervillain.edu).
  8. If you'll be testing against other TestShib members as well as the dummy providers, grab a fresh copy of the metadata from http://www.testshib.org/metadata/testshib-metadata.xml and put it in the config directory.

That's it. Restart Apache and Tomcat, and it's time to test it out.



Service Provider Configuration
  1. TestShib's configuration is distributed as a shibboleth.xml file that replaces the default configuration for your comfort. Back up the existing configuration directory and let's begin.
  2. Generate and save the right shibboleth.xml for your installation:
    RPM with Red Hat File Layout
    Standard /opt/shibboleth-sp/
    Windows

    Hostname for your provider:

  3. Overwrite the old shibboleth.xml by placing this file into the default configuration directory.
  4. Place the testshib.key and testshib.crt files you received when you joined TestShib into the default configuration directory too. Make sure the names are right. If you lost these, rejoin.
  5. Add <shibmlp errorText/> to somewhere pretty on the sessionError.html template in the config directory. Be careful to remove this before production use or you may be vulnerable to cross-site scripting attacks.
  6. Grab a copy of the metadata from http://www.testshib.org/metadata/testshib-metadata.xml and put it in the config directory.

Good job. Restart Apache and shibd, and it's time to test it out. If you get XML parsing errors when you try to start shibd, you've got dingbats in your file. They're hidden characters that browsers create to cause trouble. Try copy/pasting the entire text output into a fresh document, or your other favorite cleansing method.


© Copyright 2006 Internet2.