Page History
...
A guide for setting up federated authentication using SAML for i2b2 on CentOS 7
Info |
---|
This guide uses sp.example.org as the domain name. Please replace sp.example.org with your domain name. |
Prerequisites
The following applications and services must be already setup and running:
...
It is generally best practice to update the operating system to get the latest security patches and software updates before installing any new software.
Execute the following command to update the operating system:
sudo yum -y update
Restart the server for the changes to apply.
...
Please visit Extra Packages for Enterprise Linux for more information.
Execute the following command to install additional open source packages:
sudo yum -y install epel-release
Run update again to pull the packages:
sudo yum -y update
Anchor | ||||
---|---|---|---|---|
|
...
Add Shibboleth repository:
sudo wget http://download.opensuse.org/repositories/security://shibboleth/CentOS_7/security:shibboleth.repo \ -P /etc/yum.repos.d
Update the repository:
sudo yum -y update
Install Shibboleth:
sudo yum -y install shibboleth
Enable Shibboleth and restart Apache HTTP server:
Code Block |
---|
sudo systemctl enable shibd sudo systemctl start shibd sudo systemctl restart httpd |
Anchor | ||||
---|---|---|---|---|
|
...
Anchor | ||||
---|---|---|---|---|
|
sudo shibd -t
You should see output response that ends with overall configuration is loadable, check console or log for non-fatal problems
Anchor | ||||
---|---|---|---|---|
|
sudo apachectl configtest
You should see the output Syntax OK.
...
Open up a web browser and navigate to https://sp.example.org/Shibboleth.sso/Session.
Info |
---|
Note: replace sp.example.org with your domain name. |
You should see the message A valid session was not found. in your browser.
...
Modify the shib.conf located in the directory /etc/httpd/conf.d.
Delete the following configuration:
<Location /secure>
AuthType shibboleth
ShibRequestSetting requireSession 1
require shib-session
</Location>
Add the following configuration:
<Location />
AuthType shibboleth
ShibRequestSetting requireSession 0
require shibboleth
</Location>
Anchor | ||||
---|---|---|---|---|
|
...
Modify the attributes of the ApplicationDefaults element as follow:
Code Block | ||
---|---|---|
| ||
<!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. --> <ApplicationDefaults entityID="https://sp.example.org/shibboleth" REMOTE_USER="eduPersonPrincipalName,eppn" cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1" signing="true" attributePrefix="AJP_"> |
Remember to replace sp.example.org with your domain name.
...