Spider

From Studentnet Wiki
Revision as of 02:30, 16 January 2020 by Jrobertson (talk | contribs)
Jump to navigation Jump to search


Shibboleth Installation & Configuration

Download the latest version of Shibboleth from: https://shibboleth.net/downloads/service-provider/latest/ and install it using the default options. All files will be found under [C:\opt\shibboleth-sp\etc\shibboleth]

Open shibboleth2.xml with a text editor

IIS Configuration (Shibboleth)

If you have not already done so install IIS onto either the PaperCut Application Server or a different server. If you install IIS onto the PaperCut Application Server make sure you have not configured PaperCut MF to use port 80 or 443 and make sure you don’t tell IIS to use any of the standard PaperCut ports (9191, 9192, 9193).

You will need to make sure that you have ISAPI Extensions and ISAPI Filters installed on IIS which can both be found under Add Server Roles > Web Server (IIS) > Web Server > App Development

Cloudwork Configuration

Download the metadata from here enter the FQDN for your IIS Server followed by /Shibboleth.sso/Metadata (For iis.domain.vm the URL would be iis.domain.vm/Shibboleth.sso/Metadata) and then upload the XML file

Edit InProcess so we use the correct IIS site

We need to change the site name. This will be the Fully Qualified Domain Name (FQDN) that your users connect to.

<InProcess logger="native.logger">

<ISAPI normalizeRequest="true" safeHeaderNames="true">

<Site id="1" name="iis.domain.vm" scheme="https" port="443"/>

</ISAPI> </InProcess>

NOTE: If you are running Shibboleth V3 then an additional entry needs to be put into the code above. V3 requires the command useHeaders="true". Therefore, if you are implementing a Shibboleth V3 configuration, please use the code below instead, which has the useHeaders=“true” command added.

<InProcess logger="native.logger">

<ISAPI normalizeRequest="true" safeHeaderNames="true">

<Site id="1" name="iis.domain.vm" scheme="https" port="443" useHeaders="true" />

</ISAPI> </InProcess>

Update RequestMapper

The RequestMapper tells IIS which Paths for a certain host need to use Shibboleth for authentication. We are going to use “user” for ours so any user going to host/user will need to be logged in if not they will be taken to the login page. If you wanted to add /admin to this, you can just copy and paste the user line and replace user with admin.

<RequestMapper type="Native">

<RequestMap>

<Host name="spider.saintaug.nsw.edu.au" authType="shibboleth" requireSession="true">

       <Path name="CustomStAug" authType="none" requireSession="false" />

<Path name="Images" authType="none" requireSession="false" /> <Path name="images" authType="none" requireSession="false" /> <Path name="fonts" authType="none" requireSession="false" /> <Path name="ScriptResource.axd" authType="none" requireSession="false" /> <Path name="WebResource.axd" authType="none" requireSession="false" />

</Host> </RequestMap> </RequestMapper>