January 12, 2009

shibboleth appliances

Recently I did three shibboleth virtual appliances. Man, that was tough! I configured a Shibboleth Identity provider on a Xen virtual machine, and two Shibboleth Service Providers on two other Xen machines.

That was a prototype for a company that wanted to evaluate Shibboleth as a Credential Provider so they can be authenticated on different web applications and share some common attributes.

The IDP (Identity provider) were two java applications that run on a Tomcat container and the Service Provider were one C++ application running as a daemon and one Apache module. They all have to be compiled and configured. There were a lot of certificate exchanging and also an ldap backend for the attributes.

It was a very interesting project. The most difficult part was that some stuff were missing on the documentation and the mailing lists were unuseful, but I succeed!

No comments: