Re: Source of SAML Metadata for the service provider(s)

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Source of SAML Metadata for the service provider(s)

Marcky Tamondong
Hi Guys,

Good day!

Hope you can help me. After my Idp installation I need to load SAML metadata for the service provider(s) with I will interact.
Based on the shibboleth2 wiki, I should collect the following things:

        1. an SSL certificate that you'll use to secure your IdP's browser-facing HTTP connection

        2. a source of SAML Metadata for the service provider(s) your IdP will communicate with (this could come from a Federation you've joined, directly from the SP(s), or created and maintained by hand by             you)

Can you kindly explain further how will I get Source of metadata from another server with mantis bug traker(application) running on webserver running on apache ver.2? Do I need join a federation?

Note: I'm planing to implement Shibboleth SSO in our office internal webservers.

Thank you,

Marcky Tamondong
System Administrator
Novare Technologies
Reply | Threaded
Open this post in threaded view
|

Re: Source of SAML Metadata for the service provider(s)

Romeo Theriault
Can you kindly explain further how will I get Source of metadata from another server with mantis bug traker(application) running on webserver running on apache ver.2? Do I need join a federation?

If you're just going to be using Shibboleth for an in-office setup, then no you don't need to join a federation.  Once you get the SP software setup and running on your apache server, you can grab the default provided metadata by going to it's Shibboleth.sso/Metadata url, like so:

  https://hostname.domain.edu/Shibboleth.sso/Metadata


These links were useful to me when I was first setting up a Service Provider, hopefully they'll help you too:

https://spaces.internet2.edu/display/SHIB2/NativeSPLinuxInstall
https://spaces.internet2.edu/display/SHIB2/NativeSPGettingStarted
[2] Create the SP metadata: https://spaces.internet2.edu/display/SHIB2/MetadataForSP
[3] Define a new metadata source: https://spaces.internet2.edu/display/SHIB2/IdPMetadataProvider
[4] Apache config: https://spaces.internet2.edu/display/SHIB2/NativeSPApacheConfig

--
Romeo Theriault
System Administrator
Information Technology Services
Ph#: 207-561-3517
Em@: [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Source of SAML Metadata for the service provider(s)

Marcky Tamondong
Hi Romeo,

Thank you so much!

Regards,

Marcky Tamondong
System Administrator
Novare Technologies



On 3/18/2010 7:17 PM, Romeo Theriault wrote:
Can you kindly explain further how will I get Source of metadata from another server with mantis bug traker(application) running on webserver running on apache ver.2? Do I need join a federation?

If you're just going to be using Shibboleth for an in-office setup, then no you don't need to join a federation.  Once you get the SP software setup and running on your apache server, you can grab the default provided metadata by going to it's Shibboleth.sso/Metadata url, like so:

  https://hostname.domain.edu/Shibboleth.sso/Metadata


These links were useful to me when I was first setting up a Service Provider, hopefully they'll help you too:

https://spaces.internet2.edu/display/SHIB2/NativeSPLinuxInstall
https://spaces.internet2.edu/display/SHIB2/NativeSPGettingStarted
[2] Create the SP metadata: https://spaces.internet2.edu/display/SHIB2/MetadataForSP
[3] Define a new metadata source: https://spaces.internet2.edu/display/SHIB2/IdPMetadataProvider
[4] Apache config: https://spaces.internet2.edu/display/SHIB2/NativeSPApacheConfig

--
Romeo Theriault
System Administrator
Information Technology Services
Ph#: 207-561-3517
Em@: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: Native SP Installation

Marcky Tamondong
In reply to this post by Romeo Theriault
Hi Guys,

Hope you can help me. I'm confused about the installation.

For example I have Server(A) which I install Shibboleth Idp, and I have 3 resources Webservers  WebServer(B apache), WebServer(C MS IIS), WebServer(D apache), do I have to install the shibboleth-SP on the 3 webserver(B,C,D) to get thedefault provided metadata?

Thank you,
Marcky Tamondong
System Administrator
Novare Technologies Inc.




On 3/18/2010 7:17 PM, Romeo Theriault wrote:
Can you kindly explain further how will I get Source of metadata from another server with mantis bug traker(application) running on webserver running on apache ver.2? Do I need join a federation?

If you're just going to be using Shibboleth for an in-office setup, then no you don't need to join a federation.  Once you get the SP software setup and running on your apache server, you can grab the default provided metadata by going to it's Shibboleth.sso/Metadata url, like so:

  https://hostname.domain.edu/Shibboleth.sso/Metadata


These links were useful to me when I was first setting up a Service Provider, hopefully they'll help you too:

https://spaces.internet2.edu/display/SHIB2/NativeSPLinuxInstall
https://spaces.internet2.edu/display/SHIB2/NativeSPGettingStarted
[2] Create the SP metadata: https://spaces.internet2.edu/display/SHIB2/MetadataForSP
[3] Define a new metadata source: https://spaces.internet2.edu/display/SHIB2/IdPMetadataProvider
[4] Apache config: https://spaces.internet2.edu/display/SHIB2/NativeSPApacheConfig

--
Romeo Theriault
System Administrator
Information Technology Services
Ph#: 207-561-3517
Em@: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Native SP Installation

sharique farooqui

Hi Marcky,

 

No, you get it by installing on only one server.

----------

Sharique Ahmed Farooqui

 

Software Engineer | Fast Track Software Services Pvt Ltd

 

From: Marcky Tamondong [mailto:[hidden email]]
Sent: Wednesday, March 24, 2010 8:50 AM
To: Romeo Theriault; [hidden email]
Subject: Re: [Shib-Users] Native SP Installation

 

Hi Guys,

Hope you can help me. I'm confused about the installation.

For example I have Server(A) which I install Shibboleth Idp, and I have 3 resources Webservers  WebServer(B apache), WebServer(C MS IIS), WebServer(D apache), do I have to install the shibboleth-SP on the 3 webserver(B,C,D) to get thedefault provided metadata?

Thank you,
Marcky Tamondong
System Administrator
Novare Technologies Inc.




On 3/18/2010 7:17 PM, Romeo Theriault wrote:

Can you kindly explain further how will I get Source of metadata from another server with mantis bug traker(application) running on webserver running on apache ver.2? Do I need join a federation?


If you're just going to be using Shibboleth for an in-office setup, then no you don't need to join a federation.  Once you get the SP software setup and running on your apache server, you can grab the default provided metadata by going to it's Shibboleth.sso/Metadata url, like so:

  https://hostname.domain.edu/Shibboleth.sso/Metadata


These links were useful to me when I was first setting up a Service Provider, hopefully they'll help you too:

https://spaces.internet2.edu/display/SHIB2/NativeSPLinuxInstall
https://spaces.internet2.edu/display/SHIB2/NativeSPGettingStarted
[2] Create the SP metadata: https://spaces.internet2.edu/display/SHIB2/MetadataForSP
[3] Define a new metadata source: https://spaces.internet2.edu/display/SHIB2/IdPMetadataProvider
[4] Apache config: https://spaces.internet2.edu/display/SHIB2/NativeSPApacheConfig


--
Romeo Theriault
System Administrator
Information Technology Services
Ph#: 207-561-3517
Em@: [hidden email]

 

Reply | Threaded
Open this post in threaded view
|

Re: Native SP Installation

Marcky Tamondong
Hi Sharique,

Thank you!

Take care,
Marcky Tamondong


On 3/24/2010 6:17 PM, Sharique Ahmed wrote:

Hi Marcky,

 

No, you get it by installing on only one server.

----------

Sharique Ahmed Farooqui

 

Software Engineer | Fast Track Software Services Pvt Ltd

 

From: Marcky Tamondong [[hidden email]]
Sent: Wednesday, March 24, 2010 8:50 AM
To: Romeo Theriault; [hidden email]
Subject: Re: [Shib-Users] Native SP Installation

 

Hi Guys,

Hope you can help me. I'm confused about the installation.

For example I have Server(A) which I install Shibboleth Idp, and I have 3 resources Webservers  WebServer(B apache), WebServer(C MS IIS), WebServer(D apache), do I have to install the shibboleth-SP on the 3 webserver(B,C,D) to get thedefault provided metadata?

Thank you,
Marcky Tamondong
System Administrator
Novare Technologies Inc.




On 3/18/2010 7:17 PM, Romeo Theriault wrote:

Can you kindly explain further how will I get Source of metadata from another server with mantis bug traker(application) running on webserver running on apache ver.2? Do I need join a federation?


If you're just going to be using Shibboleth for an in-office setup, then no you don't need to join a federation.  Once you get the SP software setup and running on your apache server, you can grab the default provided metadata by going to it's Shibboleth.sso/Metadata url, like so:

  https://hostname.domain.edu/Shibboleth.sso/Metadata


These links were useful to me when I was first setting up a Service Provider, hopefully they'll help you too:

https://spaces.internet2.edu/display/SHIB2/NativeSPLinuxInstall
https://spaces.internet2.edu/display/SHIB2/NativeSPGettingStarted
[2] Create the SP metadata: https://spaces.internet2.edu/display/SHIB2/MetadataForSP
[3] Define a new metadata source: https://spaces.internet2.edu/display/SHIB2/IdPMetadataProvider
[4] Apache config: https://spaces.internet2.edu/display/SHIB2/NativeSPApacheConfig


--
Romeo Theriault
System Administrator
Information Technology Services
Ph#: 207-561-3517
Em@: [hidden email]

 


Reply | Threaded
Open this post in threaded view
|

Re: Native SP Installation

Peter Schober
In reply to this post by Marcky Tamondong
* Marcky Tamondong <[hidden email]> [2010-03-24 04:21]:
> For example I have Server(A) which I install Shibboleth Idp, and I have  
> 3 resources Webservers  WebServer(B apache), WebServer(C MS IIS),  
> WebServer(D apache), do I have to install the shibboleth-SP on the 3  
> webserver(B,C,D) to get thedefault provided metadata?

I'm not sure what the question really is ("to get the default provided
metadata"?) but you'll need install the Shib SP (or something
equivalent) on all of your webservers -- if they all host resources
that should be protected by Shib/SAML. See also
https://spaces.internet2.edu/display/SHIB2/NativeSPOneMany
-peter
Reply | Threaded
Open this post in threaded view
|

Re: Native SP Installation

Marcky Tamondong
Hi Peter,

Thanks for the response. First of all please be informed that I need
shibboleth for SSO on our office internal webserver resources. My
shibboleth server is named ServerA, on this server I installed
ShibbolethIdp.

We have 3 Webserver resources:

WebServer(B apache) - Internal Mantis trouble ticket logger
WebServer(C MS IIS) - Internal WebMail
WebServer(D apache) - Internal Company Website

My question is do I have to install the shibboleth NativeSP on the 3
webserver(B,C,D) and configure it?

Hope you can help me.

Thank you,
Marcky Tamondong
System Admnistrator

On 3/24/2010 11:03 PM, Peter Schober wrote:

> * Marcky Tamondong<[hidden email]>  [2010-03-24 04:21]:
>    
>> For example I have Server(A) which I install Shibboleth Idp, and I have
>> 3 resources Webservers  WebServer(B apache), WebServer(C MS IIS),
>> WebServer(D apache), do I have to install the shibboleth-SP on the 3
>> webserver(B,C,D) to get thedefault provided metadata?
>>      
> I'm not sure what the question really is ("to get the default provided
> metadata"?) but you'll need install the Shib SP (or something
> equivalent) on all of your webservers -- if they all host resources
> that should be protected by Shib/SAML. See also
> https://spaces.internet2.edu/display/SHIB2/NativeSPOneMany
> -peter
>
>    

Reply | Threaded
Open this post in threaded view
|

Re: Native SP Installation

Nate Klingenstein
Marcky,

Generally, yes, you do.  They're different logical applications,  
different machines, etc.

If they all receive the same attribute information, you could  
hypothetically front all the services with a single Shibboleth  
instance and then proxy the authentication to your own servers.  
However, you'd still have to run something to protect each of those  
services, and you'd need to create or use your own secure SSO protocol  
to bridge the authentication instance.

The best and easiest choice is almost always just to run an SP on each.

Take care,
Nate.

On Mar 25, 2010, at 2:34 AM, Marcky Tamondong wrote:

> We have 3 Webserver resources:
>
> WebServer(B apache) - Internal Mantis trouble ticket logger
> WebServer(C MS IIS) - Internal WebMail
> WebServer(D apache) - Internal Company Website
>
> My question is do I have to install the shibboleth NativeSP on the 3  
> webserver(B,C,D) and configure it?

Reply | Threaded
Open this post in threaded view
|

Re: Native SP Installation

Marcky Tamondong
Hi Nate,

Thank you again! Have a nice day!

Take care,
Marcky Tamondong


On 3/25/2010 11:13 AM, Nate Klingenstein wrote:

> Marcky,
>
> Generally, yes, you do.  They're different logical applications,
> different machines, etc.
>
> If they all receive the same attribute information, you could
> hypothetically front all the services with a single Shibboleth
> instance and then proxy the authentication to your own servers.  
> However, you'd still have to run something to protect each of those
> services, and you'd need to create or use your own secure SSO protocol
> to bridge the authentication instance.
>
> The best and easiest choice is almost always just to run an SP on each.
>
> Take care,
> Nate.
>
> On Mar 25, 2010, at 2:34 AM, Marcky Tamondong wrote:
>
>> We have 3 Webserver resources:
>>
>> WebServer(B apache) - Internal Mantis trouble ticket logger
>> WebServer(C MS IIS) - Internal WebMail
>> WebServer(D apache) - Internal Company Website
>>
>> My question is do I have to install the shibboleth NativeSP on the 3
>> webserver(B,C,D) and configure it?
>
>