Reg: Shibboleth Integration with google app services.

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Reg: Shibboleth Integration with google app services.

ksureshhpk
Hi, I need to integrate google app services to shibboleth to one of my client .I don't know about shibboleth .Client was set up everything in the shibboleth server and gave the following information. --- Apache --- - proxy_ajp.conf : Apache configured to pass requests for the IdP into Tomcat by adding the following line to: ProxyPass /idp/ ajp://localhost:8009/idp/ - /etc/apache2/sites-enabled/default-ssl : Same directive as above, one of them can be turned off ProxyRequests Off Allow from all ProxyPass /idp ajp://localhost:8009/idp retry=5 SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key ; self-signed certificates, server requires passphrase (Pa33w0rd) at each restart - /etc/apache2/httpd.conf - front-end IdP with basic authentication (user: test, password: test), this can go to the default-ssl file probably : AuthType Basic AuthName "My Identity Provider" AuthUserFile /usr/local/idp/credentials/user.db require valid-user ; --- Tomcat --- - /etc/tomcat/server.xml, added : request.tomcatAuthentication="false" and address="127.0.0.1" to Tomcat's /etc/tomcat/conf/server.xml port 8009 AJP13 connector so Apache can relay usernames to the IdP. - /etc/default/tomcat6 : JAVA_HOME=/usr/lib/jvm/java-6-openjdk ; path to Java modified, JAVA_OPTS="-Djava.awt.headless=true -Xmx1024M -XX:MaxPermSize=512M" ; memory settings, TOMCAT6_SECURITY=no ; Tomcat could not to start with it turned on --- IdP --- Added Google Metadata into /usr/local/idp/metadata/google-metdata.xml : urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified Added MetaDataProvider into /usr/local/idp/conf/relaying-party.xml : <RelyingPartyhttp://google.com/">google.com" provider="YOUR-ENTITY-ID" defaultSigningCredentialRef="IdPCredential"> Attribute Resolver configured in /usr/local/idp/conf/attribute-resolver.xml : Attribute Filter configured in /usr/local/idp/conf/attribute-resolver.xml : So I was set up everything in the google domain as per the instruction in your article and configured some xml files in the shibboleth server. My domain is "learnderby.com" . When I go to the mail apps ie http://mail.google.com/a/learnderby.com then it will open one popup and ask me to enter username and password, But I dont know what should enter on these fields. How the shibboleth server know about my username and password ? Are shibboleth server already have my username and password ? Can you please help me on how to proceed on this ? Looking forward your response about this exciting one. Thanks & Regards, Sureshk.
Reply | Threaded
Open this post in threaded view
|

Re: Reg: Shibboleth Integration with google app services.

suresh
Hi,

   Now shibboleth is working fine. But I need to add the user dynamically from my application to shibboleth server in "/usr/local/idp/credentials/user.db" . Can any one tell me how will I add this in shibboleth server ?

Thanks.