[Dev] Shibboleth sandbox VM

Twan Goosen twan at clarin.eu
Fri Jun 13 16:19:26 CEST 2014 

Dear developers,

For a project I'm currently working on (continued development of the 
CLARIN Virtual Collection Registry, actually) I needed a shibboleth 
testing environment to see how the application behaves in a Shibboleth 
setup. Because I did not have an existing setup available to me, I 
deployed a fresh Shibboleth SP and IdP to a VM (an otherwise clean 
Ubuntu Server 14.04 installation).

I figured more people might be interested in something like this, so I 
put a copy of this VM (in its bare-bone state) free for everyone to use. 
I hope that you understand that I'm providing it 'as is' and cannot make 
any promises or offer any support. The VM is available in .ova format[1] 
at 
<https://clarin.fz-juelich.de/owncloud/public.php?service=files&t=c93c60720e219ecce8f3ce343363dc6c>. 
I have only used and tested it with VirtualBox 4.3.

I attached a text file to this e-mail with some basic usage notes to get 
started (some of this information is also embedded in the .ova). The 
first step towards testing your application would be to deploy it (e.g. 
in Tomcat or Apache) and apply the required shibboleth configuration. 
The SP and IdP already know about each other, so no work should be 
needed there if you only need the basics. If you want to know how to 
proceed, please read the Shibboleth, Tomcat, Apache, ... documentation 
available on the web.

Have fun!

Best,
Twan

[1] http://en.wikipedia.org/wiki/Open_Virtualization_Format

-- 
Twan Goosen
CLARIN ERIC
www.clarin.eu | tel. +31 85 0091277 | skype: twan.goosen

-------------- next part --------------
Shibboleth test VM with Tomcat, SSH, Shibboleth IdP, Shibboleth SP and an LDAP user store

Provided as is, no guarantees or support!



   * Admin (this user has full sudo rights):
    - username: shib
    - password: shibboleth
 

   * Proxy configuration on host


      * Configure VM NAT: 6022 -> 22 (see http://www.virtualbox.org/manual/ch06.html#natforward)
      * `ssh -D 8888 -Nf -p 6022 shib at localhost`
      * Firefox: add socks5 proxy localhost:8888
      * add to /etc/hosts:

         * 127.0.0.1     idp.shibtest.clarin.eu
         * 127.0.0.1     sp.shibtest.clarin.eu


   * Use

      * go to http://sp.shibtest.clarin.eu/secure/


         * accept certificates for idp.clarin.eu and sp.clarin.eu
         * log in with shib/shibboleth
         * Secured dummy page should appear with no errors


   * Configure

      * Locations

         * Apache: /etc/apache2
         * IdP: /opt/shibboleth-idp
         * SP: /etc/shibboleth
         * Tomcat: /etc/tomcat7

      * Secure an application

         * Needs to be deployed at/accessed through sp.shibtest.clarin.eu!

         * See  /etc/apache2/sites-available/sp-ssl.conf


            *         <Directory /var/www/html/secure>
            *           AuthType Shibboleth
            *           ShibRequireSession On
            *           require valid-user
            *         </Directory>

         * Tomcat running at http://sp.shibtest.clarin.eu:8080/ | http://idp.shibtest.clarin.eu:8080/

            * Manager credentials: shib/shibboleth


      * Add users to user store

         * Local LDAP server (dc=clarin,dc=eu), see https://www.switch.ch/aai/docs/shibboleth/SWITCH/2.5/sp/deployment/?os=ubuntu for examples

More information about the Dev mailing list