Revision d189d11c docs/quick-install-admin-guide.rst
b/docs/quick-install-admin-guide.rst | ||
---|---|---|
534 | 534 |
For the ``ASTAKOS_RECAPTCHA_PUBLIC_KEY`` and ``ASTAKOS_RECAPTCHA_PRIVATE_KEY`` |
535 | 535 |
go to https://www.google.com/recaptcha/admin/create and create your own pair. |
536 | 536 |
|
537 |
Shibboleth Setup |
|
538 |
---------------- |
|
539 |
Optionally, Astakos can delegate user authentication to a Shibboleth federation. |
|
540 |
|
|
541 |
To setup shibboleth, install package:: |
|
542 |
|
|
543 |
apt-get install libapache2-mod-shib2 |
|
544 |
|
|
545 |
Change appropriately the configuration files in ``/etc/shibboleth``. |
|
546 |
|
|
547 |
Add in ``/etc/apache2/sites-available/synnefo-ssl``:: |
|
548 |
|
|
549 |
ShibConfig /etc/shibboleth/shibboleth2.xml |
|
550 |
Alias /shibboleth-sp /usr/share/shibboleth |
|
551 |
|
|
552 |
<Location /im/login/shibboleth> |
|
553 |
AuthType shibboleth |
|
554 |
ShibRequireSession On |
|
555 |
ShibUseHeaders On |
|
556 |
require valid-user |
|
557 |
</Location> |
|
558 |
|
|
559 |
and before the line containing:: |
|
560 |
|
|
561 |
ProxyPass / http://localhost:8080/ retry=0 |
|
562 |
|
|
563 |
add:: |
|
564 |
|
|
565 |
ProxyPass /Shibboleth.sso ! |
|
566 |
|
|
567 |
Then, enable the shibboleth module:: |
|
568 |
|
|
569 |
a2enmod shib2 |
|
570 |
|
|
571 |
After passing through the apache module, the following tokens should be available at the destination:: |
|
572 |
|
|
573 |
eppn # eduPersonPrincipalName |
|
574 |
Shib-InetOrgPerson-givenName |
|
575 |
Shib-Person-surname |
|
576 |
Shib-Person-commonName |
|
577 |
Shib-InetOrgPerson-displayName |
|
578 |
Shib-EP-Affiliation |
|
579 |
Shib-Session-ID |
|
580 |
|
|
581 |
Finally, add 'shibboleth' in ``ASTAKOS_IM_MODULES``. |
|
537 |
If you are an advanced user and want to use the Shibboleth Authentication method, |
|
538 |
read the relative :ref:`section <shibboleth-auth>`. |
|
582 | 539 |
|
583 | 540 |
Servers Initialization |
584 | 541 |
---------------------- |
Also available in: Unified diff