Commit 679aaac0 authored by Constantinos Venetsanopoulos's avatar Constantinos Venetsanopoulos
Browse files

Move Shibboleth documentation

Move the documentation concerning Shibboleth authentication to a
dedicated section inside the Admin Guide. Shibboleth targets advanced
users only, so it should not reside inside the Quick Install Admin
Guide.
parent 7c77fa6a
......@@ -241,6 +241,58 @@ Please note the following:
may actually be stored in a longer-term logfile
.. _shibboleth-auth:
Authentication using Shibboleth
===============================
Astakos can delegate user authentication to a Shibboleth federation.
To setup shibboleth, install package::
apt-get install libapache2-mod-shib2
Change appropriately the configuration files in ``/etc/shibboleth``.
Add in ``/etc/apache2/sites-available/synnefo-ssl``::
ShibConfig /etc/shibboleth/shibboleth2.xml
Alias /shibboleth-sp /usr/share/shibboleth
<Location /im/login/shibboleth>
AuthType shibboleth
ShibRequireSession On
ShibUseHeaders On
require valid-user
</Location>
and before the line containing::
ProxyPass / http://localhost:8080/ retry=0
add::
ProxyPass /Shibboleth.sso !
Then, enable the shibboleth module::
a2enmod shib2
After passing through the apache module, the following tokens should be
available at the destination::
eppn # eduPersonPrincipalName
Shib-InetOrgPerson-givenName
Shib-Person-surname
Shib-Person-commonName
Shib-InetOrgPerson-displayName
Shib-EP-Affiliation
Shib-Session-ID
Finally, add 'shibboleth' in ``ASTAKOS_IM_MODULES`` list. The variable resides
inside the file ``/etc/synnefo/20-snf-astakos-app-settings.conf``
Scaling up to multiple nodes
============================
......
......@@ -534,51 +534,8 @@ themselves (the apps) and should be set as above.
For the ``ASTAKOS_RECAPTCHA_PUBLIC_KEY`` and ``ASTAKOS_RECAPTCHA_PRIVATE_KEY``
go to https://www.google.com/recaptcha/admin/create and create your own pair.
Shibboleth Setup
----------------
Optionally, Astakos can delegate user authentication to a Shibboleth federation.
To setup shibboleth, install package::
apt-get install libapache2-mod-shib2
Change appropriately the configuration files in ``/etc/shibboleth``.
Add in ``/etc/apache2/sites-available/synnefo-ssl``::
ShibConfig /etc/shibboleth/shibboleth2.xml
Alias /shibboleth-sp /usr/share/shibboleth
<Location /im/login/shibboleth>
AuthType shibboleth
ShibRequireSession On
ShibUseHeaders On
require valid-user
</Location>
and before the line containing::
ProxyPass / http://localhost:8080/ retry=0
add::
ProxyPass /Shibboleth.sso !
Then, enable the shibboleth module::
a2enmod shib2
After passing through the apache module, the following tokens should be available at the destination::
eppn # eduPersonPrincipalName
Shib-InetOrgPerson-givenName
Shib-Person-surname
Shib-Person-commonName
Shib-InetOrgPerson-displayName
Shib-EP-Affiliation
Shib-Session-ID
Finally, add 'shibboleth' in ``ASTAKOS_IM_MODULES``.
If you are an advanced user and want to use the Shibboleth Authentication method,
read the relative :ref:`section <shibboleth-auth>`.
Servers Initialization
----------------------
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment