Shibboleth Identity Provider 3

This is the procedure to integrate inWebo multi factor authentication service in "Shibboleth Identity provider"

Warning: this document refers to an “inWebo Shibboleth plugin” - This component is no longer supported. We recommend using integrations based on standard protocols such as SAML or OIDC.

Requirements

Shibboleth Identity Provider 3.2.1
"Shibboleth Identity Provider is an open-source project that provides Single Sign-On services and extends reach into other organizations and new services through authentication of users and securely providing appropriate data to requesting services."
Oracle Sun JDK 1.8
(JCE) Unlimited Strength Jurisdiction Policy Files

How to install inWebo Shibboleth plugin

To install the plugin you have to follow this procedure:

Unpack inWebo Shibboleth plugin in a Temp directory
CODE
```
unzip iw-shibboleth-*.zip -d /tmp/
```
Copy inWebo directories in Shibboleth
copy the `edit-webapp`, `flow`, `conf` and `views` directories from the distribution into `${idp.home}`
CODE
```
cd iw-shibboleth-*
cp -R * ${idp.home}
```

Modify inWebo "inwebo.properties" file

Path `${idp.home}/conf/inwebo.properties`

for your InWebo configuration, you have to input the following details

CODE

inwebo.api.certificate.path= <The_path_of_your_inWebo_certificate_file>
inwebo.api.certificate.password= <Your_certificate_passphrase>
inwebo.api.service.id= <Your_inWebo_service_ID>

Modify Shibboleth "idp.properties" file
Path: `${idp.home}/conf/idp.properties`
You have to edit the following properties:
1. idp.additionalProperties
  You have to add ", /conf/inwebo.properties" at the end of the line
  CODE
```
idp.additionalProperties= /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/inwebo.properties
```
2. idp.authn.flowsYou have to add "|inWebo"
  CODE
```
idp.authn.flows= Password|inWebo
```
3. idp.authn.flows.initialUncomment the line and change with inWebo
  CODE
```
idp.authn.flows.initial = inWebo
```

Modify Shibboleth "web.xml" file

Path: `${idp.home}/edit-webapp/WEB-INF/web.xml`

If you don't have this file, you can copy from `${idp.home}/webapp/WEB-INF/web.xml`

In the first section <context-param>
You have to add : "classpath*:/META-INF/shibboleth-idp/inwebo-global-config.xml," in contextConfigLocation <param-value>

CODE

<context-param>
	<param-name>contextConfigLocation</param-name>
	<param-value>classpath*:/META-INF/shibboleth-idp/inwebo-global-config.xml,${idp.home}/system/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/config.xml</param-value>
</context-param>

In the <servlet> section, idp<servlet-name>You have to add : "classpath*:/META-INF/shibboleth-idp/inwebo-webflow-config.xml," in contextConfigLocation <param-value>

CODE

<servlet>
	<servlet-name>idp</servlet-name>
	<init-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>classpath*:/META-INF/shibboleth-idp/inwebo-webflow-config.xml,${idp.home}/system/conf/mvc-beans.xml,${idp.home}/system/conf/webflow-			config.xml</param-value>
	</init-param>
</servlet>

Modify Shibboleth "authn-messages.properties" file
Path: `${idp.home}/messages/authn-messages.properties`
You have to add the following properties:
CODE
```
# inWebo messages
idp.login.inwebo.push.send = Send Push Authentication
idp.login.inwebo.connect.message = Connecting...
```
Rebuild shibboleth IdP war file
CODE
```
cd ${idp.home}/bin
./build.sh
```
Restart App Server (tomcat or jetty)

How to debug

Modifying shibboleth "logback.xml" file

Path `${idp.home}/conf/logback.xml`

add after `<logger name="net.shibboleth.idp" level="INFO"/>' the following section:

CODE

<!-- Logs inWebo →
<logger name="com.inwebo" level="DEBUG"/>
<logger name="org.glassfish.jersey" level="DEBUG"/>