Shibboleth Studienarbeit 1 2005/2006 Andreas Eigenmann Armin Thommen Joël Stillhart XML to PDF by RenderX XEP XSL-FO Formatter, visit us at http://www.renderx.com/ Shibboleth: Studienarbeit 1 2005/2006 by Andreas Eigenmann, Armin Thommen, and Joël Stillhart tutor: Prof. Dr. Andreas Steffen Published 10.02.2006 XML to PDF by RenderX XEP XSL-FO Formatter, visit us at http://www.renderx.com/ Table of Contents Executive summary .............................................................................................................. viii Management summary .......................................................................................................... ix 1. Situation ..................................................................................................................... ix 2. Proceeding ................................................................................................................. ix 3. Results ........................................................................................................................ x 4. Outlook ....................................................................................................................... x 1. Introduction ........................................................................................................................ 1 1. Conceptual formulation ............................................................................................... 1 2. Introduction ................................................................................................................. 1 3. Overview Shibboleth ................................................................................................... 2 2. Hostsystem for the Shibboleth demonstrator ..................................................................... 4 1. Basic Information ........................................................................................................ 4 2. User Mode Linux (UML) ............................................................................................. 4 2.1. Needed packages ............................................................................................ 5 2.2. Network environment ....................................................................................... 5 3. Handle a Debian system ............................................................................................ 5 3.1. Debian commands ........................................................................................... 6 3.2. Configuration files ............................................................................................ 6 4. Hostkernel .................................................................................................................. 7 4.1. Needed packages ............................................................................................ 7 4.2. Get kernel and apply SKAS patch ................................................................... 7 4.3. Kernel configuration, compiling and installation .............................................. 8 5. Creating a Debian root filesystem .............................................................................. 8 5.1. Needed packages ............................................................................................ 8 5.2. Setting up the system ...................................................................................... 8 3. Shibboleth demonstrator .................................................................................................. 12 1. Components of the Shibboleth demonstrator ........................................................... 12 2. Requirements ........................................................................................................... 13 3. Handling the Shibboleth demonstrator ..................................................................... 13 3.1. Configuration of the Shibboleth demonstrator ............................................... 14 3.2. Building the Shibboleth demonstrator ............................................................ 14 3.3. Running the Shibboleth demonstrator ........................................................... 14 3.4. Stopping the Shibboleth demonstrator .......................................................... 14 4. Usage of the Shibboleth demonstrator ..................................................................... 15 5. Notes ........................................................................................................................ 15 4. Shibboleth interactions ..................................................................................................... 16 5. LDAP backend .................................................................................................................. 27 1. Introduction ............................................................................................................... 27 1.1. What is LDAP? .............................................................................................. 27 1.2. Usage of LDAP .............................................................................................. 27 2. LDAP installation ...................................................................................................... 28 3. LDAP configuration ................................................................................................... 28 3.1. slapd.conf ...................................................................................................... 28 3.2. ldap.conf ........................................................................................................ 30 4. Populate the LDAP ................................................................................................... 31 4.1. Attribute overview .......................................................................................... 31 4.2. Atribute definition ........................................................................................... 33 4.3. LDIF Files ...................................................................................................... 40 4.4. Attribute configuration with a LDAP browser ................................................. 41 6. Identity Provider (IdP) ....................................................................................................... 45 iii XML to PDF by RenderX XEP XSL-FO Formatter, visit us at http://www.renderx.com/ Shibboleth 1. IdP description .......................................................................................................... 45 1.1. Introduction .................................................................................................... 45 1.2. Tasks .............................................................................................................. 45 1.3. Components .................................................................................................. 45 2. Installation and configuration of an identity provider ............................................... 46 2.1. Introduction .................................................................................................... 46 2.2. Overview ........................................................................................................ 46 2.3. Prenotes ........................................................................................................ 47 2.4. JAVA 1.5 ........................................................................................................ 47 2.5. Tomcat 5.5 ..................................................................................................... 48 2.6. Shibboleth IdP 1.3c ....................................................................................... 51 2.7. Central Authentication System (CAS) Single Sign On (SSO) - moon.shib- bolethtesting.org .................................................................................................. 53 2.8. Client certificate based (PKI) Single Sign On (SSO) - sun.shibbolethtest- ing.org ................................................................................................................. 56 2.9. Server certificates and keystores .................................................................. 58 2.10. Tomcat 5.5 configuration .............................................................................. 58 2.11. Shibboleth IdP 1.3c configuration ................................................................ 59 7. Service Provider(SP) ........................................................................................................ 73 1. SP description .......................................................................................................... 73 1.1. Introduction .................................................................................................... 73 1.2. Tasks of a SP ................................................................................................. 73 1.3. Components .................................................................................................. 73 1.4. Process flow .................................................................................................. 74 2. Installation and configuration of a service provider ................................................. 75 2.1. Introduction .................................................................................................... 75 2.2.