The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

QuickInstallIdp

Owned by Rod Widdowson
Last updated: Jul 08, 2008Version comment
2 min read

Quick Install IdP

This is documented at IdpActiveDirectory

Unable to render {include} The included page could not be found.

The Quick Install IdP will be a single file install package capable of installing and partially configuring Tomcat and an IdP. By asking a couple questions during the install process, and employing some common configuration conventions, this installation should be able to perform much of the configuration needed for the IdP. It will not, however, be able to fully configure the attribute resolution and release components of the IdP as these settings are entirely site specific.

This package is not, and will never be, meant for more advanced users that wish to configure the Servlet container environment and IdP by hand. Its primary target audience is an organization with limited resources (both in people and time) who need to install Shibboleth.

Quick Install IdP 1.0

Version one of the Quick Install IdP will target Windows Server 2003 R1 (or later) systems that are part of an Active Directory domain. It is expected that Active Directory will serve as the source of authentication and attributes. Also, the Quick Install IdP will not require, or offer to perform, Active Directory schema changes. A site may wish to make schema changes, in order to carry more information for their IdP but that will be a site specific matter.

Specifications

  • Install Tomcat 5.5.X, IdP 1.3.X, and Sun JRE 1.5 (with endorsed Xerces and Xalan) on Windows
  • Configure the Tomcat HTTPS connector to accept certificates without validation (mirroring the Apache HTTP optional_no_ca) option
  • Retrieve the following information from the user:
    • Server hostname (pre-populate with auto-detected value)
    • Active Directory service account (used to bind to AD to collect attributes)
    • Federation metadata file
    • IdP's entity ID
    • IdP cert and private key
  • Auto detect Active Directory Kerberos authentication and LDAP endpoints by inspecting AD DDNS SRV records
  • Generate appropriate web.xml and idp.xml
  • Generate appropriate data connector entry within the installed resolver.xml
  • Configure Tomcat to perform form-based authentication against the Active Directory Kerberos endpoint using a JAAS based Tomcat security realm

Optional Features

The following features would be nice to have but may not be immediately included:

  • Auto-generate IdP credentials
  • Auto-generate metadata entity descriptor installer may provide back to federation at end of install process

Post-1.0 Features

  • Provide a Shibboleth 2.0 Quick Install IdP
  • Allow for SPNEGO authentication
  • Collect general LDAP and Kerberos information for authentication and LDAP information for attribute retrieval (so that the package is not strictly Windows focused)