Developers Getting Started With i2b2
Space shortcuts
Space Tools

Versions Compared

Old Version 1

changes.mady.by.user Jeffrey Klann

Saved on

compared with

New Version 2

changes.mady.by.user Jeffrey Klann

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A guide for setting up federated authentication using SAML for i2b2 on CentOS 7

Info
This guide uses sp.example.org as the domain name. Please replace sp.example.org with your domain name.


Prerequisites
The following applications and services must be already setup and running:

...

It is generally best practice to update the operating system to get the latest security patches and software updates before installing any new software.
Execute the following command to update the operating system:

sudo yum -y update

Restart the server for the changes to apply.

...

Please visit Extra Packages for Enterprise Linux for more information.
Execute the following command to install additional open source packages:


sudo yum -y install epel-release

Run update again to pull the packages:

sudo yum -y update

Anchor
installing-shibboleth
installing-shibboleth
Installing Shibboleth

...

Add Shibboleth repository:



sudo wget http://download.opensuse.org/repositories/security://shibboleth/CentOS_7/security:shibboleth.repo \ -P /etc/yum.repos.d

Update the repository:

sudo yum -y update

Install Shibboleth:

sudo yum -y install shibboleth

Enable Shibboleth and restart Apache HTTP server:

Code Block
sudo systemctl enable shibd 
sudo systemctl start shibd 
sudo systemctl restart httpd

Anchor
verifying-installation
verifying-installation
Verifying Installation

...

Anchor
confirm-shibboleth-functionality
confirm-shibboleth-functionality
Confirm Shibboleth functionality:

sudo shibd -t

You should see output response that ends with overall configuration is loadable, check console or log for non-fatal problems

Anchor
confirm-apache-functionality
confirm-apache-functionality
Confirm Apache functionality:

sudo apachectl configtest

You should see the output Syntax OK.

...

Open up a web browser and navigate to https://sp.example.org/Shibboleth.sso/Session.

Info
Note: replace sp.example.org with your domain name.


You should see the message A valid session was not found. in your browser.

...

Modify the shib.conf located in the directory /etc/httpd/conf.d.
Delete the following configuration:

<Location /secure>
  AuthType shibboleth
  ShibRequestSetting requireSession 1
  require shib-session
</Location>


Add the following configuration:

<Location />
  AuthType shibboleth
  ShibRequestSetting requireSession 0
  require shibboleth
</Location>

Anchor
setting-up-federation-files-and-metadata
setting-up-federation-files-and-metadata
Setting Up Federation Files and Metadata

...

Modify the attributes of the ApplicationDefaults element as follow:

Code Block
languagexml
<!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. --> <ApplicationDefaults entityID="https://sp.example.org/shibboleth" REMOTE_USER="eduPersonPrincipalName,eppn" cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1" signing="true" attributePrefix="AJP_">


Remember to replace sp.example.org with your domain name.

...