Configuration of Shibboleth 0.8 target side on Debian GNU/Linux unstable/i386
Most of this document can also be found in the target deployment guide
on shibboleth's homepage.
/etc/apache-ssl/httpd.conf:
LoadModule shibrm_module /usr/local/libexec/mod_shibrm.so
LoadModule shire_module /usr/local/libexec/mod_shire.so
SHIREConfig /usr/local/etc/shibboleth/shibboleth.ini
SHIREURL /shibboleth/SHIRE
SetHandler shib-shire-post
ShibMapAttribute urn:mace:eduPerson:1.0:eduPersonPrincipalName REMOTE_USER
ShibMapAttribute urn:mace:eduPerson:1.0:eduPersonScopedAffiliation Shib-EP-Affiliation affiliation
ShibMapAttribute urn:mace:eduPerson:1.0:eduPersonEntitlement Shib-EP-Entitlement entitlement
AuthType shibboleth
ShibExportAssertion On
require valid-user
/usr/local/etc/shibboleth/shibboleth.ini:
[general]
logger=/usr/local/etc/shibboleth/shibboleth.logger
schemadir=/usr/local/etc/shibboleth/
sharsocket=/tmp/shar-socket
sitesFile=file:///usr/local/etc/shibboleth/sites.xml
sitesRefresh=3600
aap-uri=/usr/local/etc/shibboleth/AAP.xml
supportContact=admin@your.site
logoLocation=/icons/index.gif
wayfURL = https://wayf.switch.ch/shibboleth/WAYF
cookieName = shib-cookie
shireSSLOnly = false
shireError=/usr/local/etc/shibboleth/shireError.html
rmError=/usr/local/etc/shibboleth/rmError.html
accessError=/usr/local/etc/shibboleth/accessError.html
[shire]
logger=/usr/local/etc/shibboleth/shire.logger
[shar]
logger=/usr/local/etc/shibboleth/shar.logger
certfile=/etc/apache-ssl/kohala.crt
keyfile=/etc/apache-ssl/kohala.key
calist=/usr/local/etc/shibboleth/ca-bundle.crt
cacheType=memory
cacheClean=300
cacheTimeout=240
[extensions:saml]
eduPerson=/usr/local/lib/libeduPerson.so
[policies]
InCommon=urn:mace:InCommon:pilot:2003
[my.server.name]
requestAttributes =