18

I am looking into using Shibboleth for authentication of webapplications at my organisation. I am very new to this subject and would like to read through some good tutorials, hands-on-lessons or whatever is out there to help newbies getting to know Shibboleth.

But so far I have not been able to find any tutorials that contain specific examples for each steps. I would like to get a running setup up somehow so I will be able to play around with it...

What I have found up to now: Official Documentation for Shibboleth 2 -- https://spaces.internet2.edu/display/SHIB2/Installation

I would appreciate any hints you can give me about additional information to Shibboleth.

Edit - more info:
The service provider is a Ubuntu Server 10.04 LTS.

fgysin
  • 448
  • 2
  • 5
  • 15
  • What kind of operation system is this? and what kind of webserver? – cstamas May 18 '10 at 10:12
  • 4
    +1. Most existing Shibboleth documentation is overly arcane and academic, and I am having a hard time finding basic examples to educate my coworkers. The word "shibboleth" is hard for outsiders to pronounce. The software "Shibboleth" is hard for outsiders to configure. This irony is amusing. – Stefan Lasiewski Feb 02 '12 at 22:25

4 Answers4

9

The Swiss NREN has a good documentation on this topic:

http://switch.ch/aai/support/serviceproviders/

You will also need to understand the concepts and the SHIB2 wiki is good for that. Will you run your own Identity Provider? else you only need to install an Service Provider which is easier.

UPDATE: For ubuntu you will need this to install. You do not need to compile it from source. (Well, you should not.)

apt-get install libapache2-mod-shib2
cstamas
  • 6,607
  • 24
  • 42
  • 1
    +1 I learned with these guides and slides. By the way, I was just answering when I saw your answer :( – chmeee May 18 '10 at 10:25
  • @chmeee: never mind. The more people involved with SAML and Shibbleth the better ;-) +1 – cstamas May 18 '10 at 13:09
  • We have a running identity provider somewhere. I only need to get a service provider up and running. (Of course setting up the identity provider would be sweet, but I guess I don't have time to play around with that as well...) – fgysin May 19 '10 at 12:05
  • 1
    +1 This site has some of the clearest Shibboleth documentation that I've seen. – Stefan Lasiewski Feb 02 '12 at 22:18
  • Ack! Except http://switch.ch/aai/support/serviceproviders/ uses configuration for Shibboleth 1.x, while most sites are using Shibboleth 2.x these days. – Stefan Lasiewski Feb 02 '12 at 23:57
  • @StefanLasiewski No, take a look again, they are talking about 2.x – cstamas Feb 06 '12 at 08:56
  • True. The Tutorial does cover 2.x versions, but those tutorials use [syntax from Shib 1.x](https://groups.google.com/forum/?fromgroups#!topic/shibboleth-users/sAy5XFtHZiQ), which is confusing. – Stefan Lasiewski Feb 07 '12 at 17:18
  • 1
    I spoke to the maintainer of those documents, and he updated the syntax to use the Shib 2.x syntax. Yay for communication. – Stefan Lasiewski Feb 24 '12 at 20:03
  • @StefanLasiewski Nice, thx. :) – cstamas Feb 27 '12 at 11:17
2

SimpleSAMLphp supports Shibboleth and looks easier to install and configure than using mod_shib2.

Brian J
  • 21
  • 1
2

www.testshib.org provides some good instructions, and they link to relevant portions of wiki.shibboleth.net .

They also provide a IdP and SP service to test different aspects of your Shibboleth installation.

This is one of the best things out there. The problem is that Shibboleth tries to be flexible so that it can work with different organizations, each with their own authentication schemes. This means that Shibboleth has many configuration options, which can be overwhelming for people new to Shibboleth.

Stefan Lasiewski
  • 22,949
  • 38
  • 129
  • 184
2

The official tutorial is a little difficult to follow because you have to switch between the IdP and the SP. This tutorial provides a step-by-step guide and is very useful: http://csrdu.org/blog/2011/07/04/shibboleth-idp-sp-installation-configuration/

(Disclaimer: I manage the site and one of our group members wrote the tutorial.)

Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79
recluze
  • 355
  • 8
  • 18