Versions Compared

Old Version 12

changes.mady.by.user Paul B Hill

Saved on

compared with

New Version 13

changes.mady.by.user Paul B Hill

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In order to make your application use MIT Touchstone, or Shibboleth, for authentication, several steps have to be performed. MIT Information Services offers consulting services to make this process easier. However, many people at MIT are able to perform each of these simple steps with minimal intervention from IS&T.

The boxes information below are is intended to help guide you through your configuration.

...

IS&T is currently supporting customers intending to use Shibboleth 1.3x or 2.x. We expect to start supporting recommend that new installations use Shibboleth 2.x based SPs.

*As of June 30, 2010, the Internet2 Shibboleth development team will no longer promise to supply security updates for version 1.3x. *

We strongly recommend that sites currently running Shibboleth 1.3 in production plan to upgrade to the current version of Shibboleth well in the late Spring of 2009advance of the announced end-of-life date. This will protect against the possibility of a forced but unplanned migration from 1.3 should a security issue or incompatibility be discovered after the end-of-life date has been reached.

Using installers:

The most current installers from Internet2 can always be found at http://shibboleth.internet2.edu/downloads.html

Historical installers:

1.3x RPMs remain RPMs are available from Internet2 for RHEL 4 and 5.

You will typically need the 5 main RPMs: log4shib, opensaml, shibboleth, xerces-c, xml-security-c.
You should normally skip the -devol, -debug, and -doc RPMs from the Internet2 RPM download site.
If your system does not already have curl installed, you will need to install it (via the stock RHEL RPM).

An A 1.3x installer for IIS is also available from Internet2.

Some other Linux distributions also maintain binary installers available from the OS distribution point. If you have questions about other distributions please contact touchstone-support and indicate what operating distribution and version you are using.

Building from source:

The Touchstone team recommends that you use the installers available from Internet2 or your operating system vendor.

However, if you need to build from source, the Touchstone team maintains a source tarball of tbe Shibboleth SP, including all of its immediate prerequisites (curl, log4shib, xerces-c, xml-security-c, and opensaml), and a script to perform the entire build, in the touchstone locker, in /mit/touchstone/shibboleth/source/shibboleth-sp-sources.tgz.

...

Once you have built the software successfully, you will need to configure and customize it for use.

Certificate request and configuration

 

Note: Before proceeding to "Configuration and customization for use" you should obtain a server certificate.
If your server already has a server certificate issued by the MIT Certificate Authority, and it was issued after July 1st, 2008, and it has not expired, you should be to use it with Shibboleth/MIT Touchstone. If the server certificate was issued prior to July 1st, 2008, you probably need to obtain a new server certificate.
Please make sure that you use lower case servernames in your certificate request. The server name within the certifiacte is case sensitive.
Information about how to generate a certificate request and where to send the request can be found in https://wikis-mit-edu.ezproxyberklee.flo.org/confluence/display/WSWG/server+certificates
Only section one of the above document is directly applicable to your configuration at this time.

...