Shibboleth Identity Provider 3
This is the procedure to integrate inWebo multi factor authentication service in "Shibboleth Identity provider"
Requirements
Shibboleth Identity Provider 3.2.1
"Shibboleth Identity Provider is an open-source project that provides Single Sign-On services and extends reach into other organizations and new services through authentication of users and securely providing appropriate data to requesting services."
How to install inWebo Shibboleth plugin
To install the plugin you have to follow this procedure:
Unpack inWebo Shibboleth plugin in a Temp directory
unzip iw-shibboleth-*.zip -d /tmp/
CODECopy inWebo directories in Shibboleth
copy the `edit-webapp`, `flow`, `conf` and `views` directories from the distribution into `${idp.home}`cd iw-shibboleth-* cp -R * ${idp.home}
CODEModify inWebo "inwebo.properties" file
Path `${idp.home}/conf/inwebo.properties`
for your InWebo configuration, you have to input the following details
inwebo.api.certificate.path= <The_path_of_your_inWebo_certificate_file> inwebo.api.certificate.password= <Your_certificate_passphrase> inwebo.api.service.id= <Your_inWebo_service_ID>
CODEModify Shibboleth "idp.properties" file
Path: `${idp.home}/conf/idp.properties`
You have to edit the following properties:
idp.additionalProperties
You have to add ", /conf/inwebo.properties" at the end of the line
idp.additionalProperties= /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/inwebo.properties
CODEidp.authn.flowsYou have to add "|inWebo"
idp.authn.flows= Password|inWebo
CODEidp.authn.flows.initialUncomment the line and change with inWebo
idp.authn.flows.initial = inWebo
CODE
Modify Shibboleth "web.xml" file
Path: `${idp.home}/edit-webapp/WEB-INF/web.xml`
If you don't have this file, you can copy from `${idp.home}/webapp/WEB-INF/web.xml`
In the first section <context-param>
You have to add : "classpath*:/META-INF/shibboleth-idp/inwebo-global-config.xml," in contextConfigLocation <param-value><context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath*:/META-INF/shibboleth-idp/inwebo-global-config.xml,${idp.home}/system/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/config.xml</param-value> </context-param>
CODEIn the <servlet> section, idp<servlet-name>You have to add : "classpath*:/META-INF/shibboleth-idp/inwebo-webflow-config.xml," in contextConfigLocation <param-value>
<servlet> <servlet-name>idp</servlet-name> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath*:/META-INF/shibboleth-idp/inwebo-webflow-config.xml,${idp.home}/system/conf/mvc-beans.xml,${idp.home}/system/conf/webflow- config.xml</param-value> </init-param> </servlet>
CODE
Modify Shibboleth "authn-messages.properties" file
Path: `${idp.home}/messages/authn-messages.properties`
You have to add the following properties:
# inWebo messages idp.login.inwebo.push.send = Send Push Authentication idp.login.inwebo.connect.message = Connecting...
CODERebuild shibboleth IdP war file
cd ${idp.home}/bin ./build.sh
CODERestart App Server (tomcat or jetty)
How to debug
Modifying shibboleth "logback.xml" file
Path `${idp.home}/conf/logback.xml` |
add after `<logger name="net.shibboleth.idp" level="INFO"/>' the following section:
CODE
|