with the following code to add information about your Service Provider to your Metadata:
<Handler type="MetadataGenerator" Location="/Metadata" signing="false"> <mdui:UIInfo> <mdui:DisplayName xml:lang="de">Beispiel SP</mdui:DisplayName> <mdui:DisplayName xml:lang="en">Example SP</mdui:DisplayName> <mdui:Description xml:lang="de">Eine Beschreibung für den SP</mdui:Description> <mdui:Description xml:lang="en">An description for the SP</mdui:Description> </mdui:UIInfo> <md:Organization> <md:OrganizationName xml:lang="de">RWTH Aachen University</md:OrganizationName> <md:OrganizationName xml:lang="en">RWTH Aachen University</md:OrganizationName> <md:OrganizationDisplayName xml:lang="de">RWTH Aachen University</md:OrganizationDisplayName> <md:OrganizationDisplayName xml:lang="en">RWTH Aachen University</md:OrganizationDisplayName> <md:OrganizationURL xml:lang="de">http://www.rwth-aachen.de</md:OrganizationURL> <md:OrganizationURL xml:lang="en">http://www.rwth-aachen.de</md:OrganizationURL> </md:Organization> <md:ContactPerson contactType="support"> <md:GivenName>Support</md:GivenName> <md:SurName>Adresse</md:SurName> <md:EmailAddress>support@sp.example.com</md:EmailAddress> </md:ContactPerson> <md:ContactPerson contactType="technical"> <md:GivenName>Technischer</md:GivenName> <md:SurName>Ansprechpartner</md:SurName> <md:EmailAddress>technik@sp.example.com</md:EmailAddress> </md:ContactPerson> <md:ContactPerson contactType="administrative"> <md:GivenName>Adminstrativer</md:GivenName> <md:SurName>Ansprechpartner</md:SurName> <md:EmailAddress>admin@sp.example.com</md:EmailAddress> </md:ContactPerson> </Handler> |
Enter the Metadata Provider:
<!-- RWTH Aachen Metadaten --> <MetadataProvider type="XML" validate="true" url="https://sso.rwth-aachen.de/metadata/rwth.metadata.xml" backingFilePath="rwth.metadata.xml" maxRefreshDelay="7200"> <MetadataFilter type="Signature" certificate="/etc/shibboleth/sso.pem"/> </MetadataProvider> |
Certificate for SignatureMetadataFilter (above: sso.pem)
You can find the certificate hier: https://sso.rwth-aachen.de/metadata/sso.pem. You can access it via wget and save it in the target location directly:
wget https://sso.rwth-aachen.de/metadata/sso.pem -O /etc/shibboleth/sso.pem |
Register certificate in Credential Resolver to enable encryption and decryption of SAML data:
<CredentialResolver type="File" key="/Pfad/zum/Private/Key.pem" certificate="/path/to/certificate.pem"/> |
Check if the configuration can be loaded
shibd -t |
For RHEL based systems (centOS etc) the LD_LIBRARY_PATH must be extended first: export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/shibboleth/lib64/
Restart the Shibboleth Service Provider
systemctl restart shibd |