Let's say you've got a working Shibboleth Identity Provider (IdP) and you want to add a Service Providers (SP) metadata to the IdP, so that the IdP know about the Service Provider. In /opt/shibboleth-idp/conf/metadata-providers.xml, uncomment the following. Restart Tomcat.
<MetadataProvider
id="LocalMetadata"
xsi:type="FilesystemMetadataProvider"
metadataFile="/path/to/metadata.xml"
/>
This assumes you have done the following.
Identity Provider (IdP)
- Install Tomcat application server and ensure Tomcat is running.
- Setup Tomcat to use SSL / HTTPS
- Setup an LDAP server (refer to the LDAP section of our WalkThroughs page).
- Install and setup the Shibboleth Identity Provider.
- Configure Shibboleth Identity Provider to authenticate against LDAP.
Service Provider (SP)
- Install HTTPD web server.
- Lets install and setup the Shibboleth Service Provider.
- Then configure www.example.com/secure to be authenticated and authorized by the Service Provider.
Ensure the URL in ${idp_install_root}/conf/relaying-party.xml points to your IdP.
<rp:AnonymousRelyingParty provider="https://<hostname of your IdP>/idp/shibboleth" defaultSigningCredentialRef="IdpCrednetail"/>
<rp:DefaultRelyingParty provider="https://<hostname of your IdP>/idp/shibboleth" defaultSigningCredentialRef="IdpCredential"
<rp: ProfileConfiguration . . .
If you've done the above steps, you should be able to view your IdP metadata at http://<hostname of your IdP>:8080/idp/shibboleth and you can view the metadata of your SP at http://<hostname of your SP>/Shibboleth.sso/metadata. You can also use the wget command on Linux to view the metadata on the command line.
wget http://<hostname of your IdP>:8080/idp/shibboleth
wget http://<hostname of your SP>/Shibboleth.sso/metadata
Did you find this article helpful?
If so, consider buying me a coffee over at 