shib2 testshib

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

shib2 testshib

Kevin P. Foote

Hi all .. again.

Ive been away from shib for a while (~ year). I previously had 1.3 up and
working in my environment but the project got shelved for a while.

Now I'm back working with shibboleth and shib 2.x has changed a whole lot..

In my initial setup of 1.3 (way back) I used testshib to workout some of
my metadata confusion .. is there such a thing these days?

My original setup was based around the kuleuven.be shibboleth/cas
combination going to ldap (MSAD). This worked quite well but I'd rather
make use of the JAAS ldap to avoid cas if possible. So this stems a few
questions.

Does JAAS portion get started automatically? Or do I need to modify the
JAVA_OPTS line in my tomcat startup?

Will I be able to test the ldap portion by just going to
http://server:8080/idp/login.jsp

------
thanks
   kevin.foote
Reply | Threaded
Open this post in threaded view
|

Re: shib2 testshib

Brent Putman


Kevin P. Foote wrote:
>
> In my initial setup of 1.3 (way back) I used testshib to workout some of
> my metadata confusion .. is there such a thing these days?

Yep, TestShib Two.

http://www.testshib.org/testshib-two/


>
>
> Does JAAS portion get started automatically?

Yes, assuming that you configure the UsernamePassword handler to be the
one that gets used.  The install defaults to the RemoteUser one (so like
the old 1.3 IdP), so you have to change your handler.xml.   You of
course also have to configure JAAS for your LDAP environment, via
changing a supplied config file.   See here for more info:

https://spaces.internet2.edu/display/SHIB2/IdPUserAuthn


> Or do I need to modify the JAVA_OPTS line in my tomcat startup?

No, we take care of setting the right JAAS system property in the Shib
config process.

>
> Will I be able to test the ldap portion by just going to
> http://server:8080/idp/login.jsp

No, you need to test in conjunction with an SP.  You can use the
TestShib 2 SP for that purpose.  That is in fact what it is for.

The VT LDAP module that we supply does also have a command-line utility
to test a JAAS config.  I don't have details, though.  You might search
the list archives, I believe the module author Daniel Fisher at Virgina
Tech supplied instructions once.


--Brent





Reply | Threaded
Open this post in threaded view
|

Re: shib2 testshib

Kevin P. Foote

Brent

thanks.. that should get me started again anyway.

------
thanks
   kevin.foote

On Fri, 23 Jan 2009, Brent Putman wrote:

>
>
> Kevin P. Foote wrote:
>>
>> In my initial setup of 1.3 (way back) I used testshib to workout some of
>> my metadata confusion .. is there such a thing these days?
>
> Yep, TestShib Two.
>
> http://www.testshib.org/testshib-two/
>
>
>>
>>
>> Does JAAS portion get started automatically?
>
> Yes, assuming that you configure the UsernamePassword handler to be the
> one that gets used.  The install defaults to the RemoteUser one (so like
> the old 1.3 IdP), so you have to change your handler.xml.   You of
> course also have to configure JAAS for your LDAP environment, via
> changing a supplied config file.   See here for more info:
>
> https://spaces.internet2.edu/display/SHIB2/IdPUserAuthn
>
>
>> Or do I need to modify the JAVA_OPTS line in my tomcat startup?
>
> No, we take care of setting the right JAAS system property in the Shib
> config process.
>
>>
>> Will I be able to test the ldap portion by just going to
>> http://server:8080/idp/login.jsp
>
> No, you need to test in conjunction with an SP.  You can use the
> TestShib 2 SP for that purpose.  That is in fact what it is for.
>
> The VT LDAP module that we supply does also have a command-line utility
> to test a JAAS config.  I don't have details, though.  You might search
> the list archives, I believe the module author Daniel Fisher at Virgina
> Tech supplied instructions once.
>
>
> --Brent
>
>
>
>
>
>