SAML Integration

Previous Next

This tutorial is part of the SAML Series.

Back to SAML

Category: Advanced

Difficulty: 5 out of 5

Duration: 60 minutes

1. Overview 2. Shibboleth Guides 3. Install Shibboleth - Example A 4. Install Shibboleth - Example B 5. Configure Shibboleth 6. Review SP attribute-filter.xml file 7. Attribute Based Authorisation 8. Configure Apache 9. Start services and check logs 10. Configure the application 11. Links 12. Next Steps

Find a mistake? Let us know the issue here.

Configure Apache

The default Apache installation creates a self-signed certificate which is sufficient for this demonstration. A production-ready deployment requires a CA-issued SSL certificate and a review of the Apache configuration files for suitability. This review should include enabling UseCanonicalName and setting a value for ServerName.

For this demonstration these can be set in Apache’s conf.d/ssl.conf file within the <VirtualHost _default_:443> directive.

To ensure that users are always accessing the server via HTTPS, either disable port 80 or configure a redirect from port 80/HTTP to 443/HTTPS. Adding the following virtual host element to Apache’s conf.d/shib.conf file is a simple means of achieving the redirect, replacing the string sp-example.uni.edu.au with the DNS name of the host. The shib.conf file also contains the default <Location> directive which protects the secure directory with Shibboleth.

<VirtualHost *:80>
    ServerName sp-example.uni.edu.au:80
    RedirectMatch 301 (.*) https://sp-example.uni.edu.au$1
</VirtualHost>

Details on the configuration options for Apache are available here:

Details on the configuration options for IIS are available here:

Up Next:

9. Start services and check logs