Reg: Shibboleth Integration with google app services.
I need to integrate google app services to shibboleth to one of my client .I don't know about shibboleth .Client was set up everything in the shibboleth server and gave the following information.
--- Apache ---
- proxy_ajp.conf : Apache configured to pass requests for the IdP into Tomcat by adding the following line to:
ProxyPass /idp/ ajp://localhost:8009/idp/
- /etc/apache2/sites-enabled/default-ssl : Same directive as above, one of them can be turned off
Allow from all
ProxyPass /idp ajp://localhost:8009/idp retry=5
SSLCertificateKeyFile /etc/ssl/private/server.key ; self-signed certificates, server requires passphrase (Pa33w0rd) at each restart
- /etc/apache2/httpd.conf - front-end IdP with basic authentication (user: test, password: test), this can go to the default-ssl file probably :
AuthName "My Identity Provider"
--- Tomcat ---
- /etc/tomcat/server.xml, added :
request.tomcatAuthentication="false" and address="127.0.0.1" to Tomcat's /etc/tomcat/conf/server.xml port 8009 AJP13 connector so Apache can relay usernames to the IdP.
- /etc/default/tomcat6 :
JAVA_HOME=/usr/lib/jvm/java-6-openjdk ; path to Java modified,
JAVA_OPTS="-Djava.awt.headless=true -Xmx1024M -XX:MaxPermSize=512M" ; memory settings,
TOMCAT6_SECURITY=no ; Tomcat could not to start with it turned on
--- IdP ---
Added Google Metadata into /usr/local/idp/metadata/google-metdata.xml :
Added MetaDataProvider into /usr/local/idp/conf/relaying-party.xml :
Attribute Resolver configured in /usr/local/idp/conf/attribute-resolver.xml :
Attribute Filter configured in /usr/local/idp/conf/attribute-resolver.xml :
So I was set up everything in the google domain as per the instruction in your article and configured some xml files in the shibboleth server. My domain is "learnderby.com" . When I go to the mail apps ie http://mail.google.com/a/learnderby.com then it will open one popup and ask me to enter username and password, But I dont know what should enter on these fields. How the shibboleth server know about my username and password ? Are shibboleth server already have my username and password ? Can you please help me on how to proceed on this ?
Looking forward your response about this exciting one.
Thanks & Regards,
Re: Reg: Shibboleth Integration with google app services.
Now shibboleth is working fine. But I need to add the user dynamically from my application to shibboleth server in "/usr/local/idp/credentials/user.db" . Can any one tell me how will I add this in shibboleth server ?