Versions Compared

Old Version 13

changes.mady.by.user Robert A Basch

Saved on

compared with

New Version 14

changes.mady.by.user Robert A Basch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

This

...

page

...

is

...

under

...

construction

Summary

The following steps should be followed to migrate a Shibboleth service provider (web server application) from Shibboleth 1.3 to 2.x:

Anchor
backup
backup

Back up old configuration files

If you install from RPM (strongly recommended), the configuration files, error pages, certificates, etc., in the $PREFIX/etc/shibboleth directory should be saved when you install the Shibboleth 2 SP RPMs. But we still recommend making a copy of the /etc/shibboleth directory for safety. You should also save a copy of the shibd init script (/etc/rc.d/init.d/shibd

...

).

...

Anchor
install
install

Install Shibboleth SP 2.x

...

We

...

strongly

...

recommend

...

that

...

you

...

download

...

and

...

install

...

the

...

2.x

...

SP

...

RPMs

...

from

...

the

...

Internet2

...

downloads

...

site

...

.

...

It

...

is

...

not

...

necessary

...

to

...

download

...

the

...

-debuginfo

...

,

...

-devel

...

,

...

or

...

-docs

...

RPMs.

...

Anchor
configure
configure

Configure the SP software

The quickest way to get started is to copy the following files from the Touchstone locker (/mit/touchstone/config/shibboleth2-sp

...

)

...

into

...

/etc/shibboleth:

...

  • attribute-map.xml

...

  • gen-shib2.sh

...

  • shibboleth2.xml.in

...

Then

...

run

...

the

...

gen-shib2.sh

...

script,

...

and

...

answer

...

the

...

prompts,

...

to

...

generate

...

shibboleth2.xml.

...

For

...

example:

{
No Format
}# cd /etc/shibboleth
# cp /mit/touchstone/config/shibboleth2-sp/* .
# sh gen-shib2.sh
{noformat}

Note

...

that

...

any

...

changes

...

to

...

the

...

shibboleth2.xml,

...

attribute-map.xml,

...

and

...

attribute-policy.xml

...

files

...

will

...

be

...

detected

...

automatically,

...

i.e.

...

without

...

requiring

...

a

...

restart

...

of

...

shibd.

...

Also,

...

note

...

that

...

Shibboleth

...

2.x

...

can

...

check

...

for

...

and

...

reload

...

metadata

...

automatically,

...

obviating

...

the

...

need

...

for

...

a

...

separate

...

cron

...

job

...

to

...

do

...

so.

...

The

...

Touchstone-supplied

...

shibboleth2.xml

...

template

...

is

...

configured

...

to

...

do

...

so

...

for

...

the

...

MIT

...

metadata,

...

so,

...

once

...

2.x

...

is

...

deployed,

...

the

...

cron

...

job

...

required

...

in

...

1.3

...

can

...

be

...

removed.

...

Anchor
testshib
testshib

Test the SP software

Anchor
adapt
adapt

Adapt the web application and server configurations as necessary

The names of the environment variables mapped to Shibboleth attributes have changed in 2.x, to non-Shibboleth-specific

...

names.

...

  For

...

example

...

the

...

user's

...

display

...

(i.e.

...

full)

...

name

...

is

...

now

...

passed

...

via

...

the

...

displayName

...

variable,

...

whereas

...

in

...

1.3

...

it

...

was

...

passed

...

via

...

HTTP_SHIB_INETORGPERSON_DISPLAYNAME

...

.

...

Note

...

that,

...

by

...

default,

...

the

...

Shibboleth-related

...

headers

...

are

...

not

...

passed

...

to

...

the

...

application

...

in

...

2.x;

...

this

...

is

...

to

...

avoid

...

any

...

problems

...

with

...

header

...

spoofing.

...

  If

...

you

...

do

...

need

...

to

...

use

...

these

...

headers

...

in

...

your

...

application,

...

add

...

the

...

following

...

directive

...

to

...

your

...

Apache

...

configuration:

{
Code Block
}ShibUseHeaders On
{code}
{anchor:testapp}

h4. Test the web

Anchor
testapp
testapp

Test the web application