Bilateral deployment
Once you set up Shibboleth SP instance you will need a Certificate and Metadata to test with UCLA IdP test instance.
You have two options:
Bilateral deployment - You will use a commercial Certificate from a vendor. You have to create and exchange the Metadata with the IdP manually.
Federated deployment - You can use certificates from a test federation, testshib.org
This document describes configuration in a Bilateral environment.
Create a Key and CSR (Certificate Signing Request). Pass the CSR to a provider like Verisign, Godaddy, Thawte etc. and get the Certificate. Save the Key and Certificate ( PEM format) into separate files on your Shibboleth SP server and reference them inside your shibboleth.xml file <CredentialsUse> section.
| Code Block | ||||
|---|---|---|---|---|
| ||||
<CredentialsProvider type="edu.internet2.middleware.shibboleth.common.Credentials"> <Credentials xmlns="urn:mace:shibboleth:credentials:1.0"> <FileResolver Id="federation_creds"> <Key> <Path>/conf/ssl.key/myhost.testshib.key</Path> </Key> <Certificate> <Path>/conf/ssl.crt/myhost.testshib.crt</Path> </Certificate> </FileResolver> |
Contact IT Services and provide the Certificate. Do not share the Key, just the Certificate. IT Services will create the Metadata for you. Save it in a file on your Shibboleth SP server and again reference it from shibboleth.xml, <MetadataProvider> section .
| Code Block | ||||
|---|---|---|---|---|
| ||||
<MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata" uri="/etc/shibboleth/test-metadata.xml"/> |
For more help modifying your shibboleth.xml file you can visit any of the install guides located here.