Commit 79fe1881 authored by marcus-tun's avatar marcus-tun
Browse files

updated doku

parent e667c70e
The server stuff is currently coded to reside in
The client stuff is pretty much standalone
- Server:
- ntp syncronised time
- mod_python
Installation of the Server
cd <wherever>
git clone
cd /var/www
ln -s <wherever>/pluto/server sd
ln -s sd/index.html . # optional
mkdir assertions
chown www-data:www-data assertions
chmod 700 assertions
Modify apache config (e.g. /etc/apache2/sites-enabled/default-ssl)
Add some section like this for shiboleth and mod_python:
<Location /sd>
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibRequestSetting exportAssertion true
require valid-user
<Directory /var/www/sd/>
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
#AddHandler cgi-script .cgi .py
#AddHandler cgi-script .cgi .php
AddHandler mod_python .py
PythonHandler /var/www/sd/
#PythonHandler mod_python.publisher
PythonDebug on
Order allow,deny
Allow from all
<Directory /var/www/assertions/>
AllowOverride None
Options -ExecCGI -MultiViews -SymLinksIfOwnerMatch -Indexes
Order allow,deny
Allow from all
The shibboleth configuration used was based on these ones:
SP Setup howto:
General shibboleth doc:
Configure shibboleth to:
1. Support the exportLocation, i.e. your Sessions tag in
/etc/shibboleth/shibboleth2.xml should look like this:
<Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
checkAddress="false" handlerSSL="true" cookieProps="https"
2. Add support for ECP, i.e. your SSO tag in
/etc/shibboleth/shibboleth2.xml should look like this:
<SSO type="SAML2" Location="/ECP"
ECP="true" discoveryProtocol="SAMLDS" discoveryURL="">
Testing the installation with the client
Will execute phpinfo on the server at
If you're asked for the password and then see some output of phpinfo.
Please make sure NOT to mix up this output with error messages.
Will log in with your IdP and create the files
Which you can use to log in to SAML enabled ssh services such as
<eppn> (This service is currently being setup)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment