Vagrant box - Shibboleth IdP3 + SP 3.x testing environment
Shibboleth SP / IdP are almost on factory settings. So IdP wont release any attributes to the SP. IdP will release couple of attributes to the Shibboleth SP (uid, mail, sn, cn, givenName)
- Virtualbox (or other vagrant compliant virtualization "engine")
- CentOS 7
- httpd 2.4.x
- (Azul) OpenJDK 8 (Update 181)
- Tomcat 8.5.34
- Shibboleth Service Provider (SP) 3.0.2
- Shibboleth Identity Provider (IdP) 3.3.3
- OpenLDAP
- phpLdapAdmin
- Google Authenticator module:
https://github.com/korteke/Shibboleth-IdP3-TOTP-Auth
All programs are provisioned to vagrant box with Ansible
Before you can run this box you need to install Vagrant and Ansible to your host computer:
- https://servercheck.in/blog/running-ansible-within-windows EDIT: Tested with these instructions + (https://github.com/geerlingguy/JJG-Ansible-Windows/blob/master/windows.sh), but nogo. I will investigate this later
- Founded way to tackle this problem. Will test and push changes.
You need to add Vagrant box ip address to the hosts-file (linux /etc/hosts, windows c:\windows\system32\drivers\etc\hosts)
192.168.0.120 vagrant.local
- Execute "vagrant up" and wait that the ansible run has completed, expected outcome:
PLAY RECAP ********************************************************************
default : ok=66 changed=61 unreachable=0 failed=0
Open browser and navigate to the address "https://vagrant.local/secure/" this URL is secured with Shibboleth SP, so that will redirect you to the Shibboleth IdP where you need to authenticate.
You can use following users to test this setup:
- johnd / Password1
- janed / Password1
Google Authenticator flow can be tested with URL: https://vagrant.local/Shibboleth.sso/totp or https://vagrant.local/Shibboleth.sso/totp?target=/secure
Latter URL will redirect you to the so simple PHP-site where you can see your attributes & headers.
Google Authenticator seed for "johnd" = G24YUKCHHXRDWCPR
QR-code:
After authentication you will be redirected back to https://vagrant.local/secure/. There is a simple PHP site which will show your environment variables and http headers.
You can use phpLdapAdmin application to manage users that are allowed to authenticate. It can be found https://vagrant.local/ldapadmin. Authenticate with user: "cn=manager,dc=vagrant,dc=local" password: "Password1"
- Shibboleth IdP - /opt/shibboleth-idp
- Shibboleth SP - /etc/shibboleth
- Apache httpd - /etc/httpd
- Java - /opt/zulu8.31.0.1-jdk8.0.181-linux_x64
- Tomcat - /opt/apache-tomcat-8.5.34
- OpenLDAP - /etc/openldap