The Shibboleth software consists of two major components (the Identity Provider (IdP) and Service Provider (SP). A successfull install requires configuring the two components to recognize each other (both use metadata to describe their partners), and configuring each component to use the local infrastructure. The IdP, for instance, needs java and a servlet container (eg tomcat); it also needs an external authentication mechanism (eg Kerberos, ldap, AD, etc) and access to an attribute store (ldap, SQL, etc). The SP is configured to protect content on a web server. There's a third component -- the Discovery Service -- which is used in advanced environments.
Several options are available for starting with a pre-configured learning environment.
- Download the VMWare image used by the Shibboleth installfests. The VM contains Red Hat 5, an ldap server, and a configured IdP and SP. Slides are available describing the steps necessary to get the VM operating in your environment. With this approach you're starting from an almost functional environment and can make incremental changes to the environment in order to learn about configuring and managing the Shibboleth components. If you break th environment beyond repair, simply download the image again and start over (and read the wiki!).
- If you plan to use Active Directory for authentication and as an attribute store, download the Shibboleth QuickStart package and install it against a DEVELOPMENT instance of AD. Information is available HERE.
- The Shibboleth project provides alternative install packages that are more "wizard-like"; they contain more of the required infrastructure (eg servlet container, etc) but expose fewer options. They are intended as learning environments, not as a foundation for a production deploy.
- Use the TestShib service to test your components. TestShib contains working IdP and SP components. You can install a local IdP and/or SP and test each of them separately against TestShib's known-to-be-working components. With this approach, you only need to be concerned with one component at a time.
The Shibboleth project STRONGLY recommends that you work with both and IdP and an SP during the learning phase, in order to develop the required understanding of how each component operates and, more importantly, how they interoperate.
Your test phase does not really end until you have both a locally installed IdP and SP, and they are interoperating with each other. (steps for doing this...)