DiscoJuice Standalone + Shibboleth SP = Help!
131 views
Skip to first unread message
Marco Malavolti
Jul 4, 2013, 10:56:09 AM7/4/13
to disco...@googlegroups.com
Hi guys,
my name is Marco Malavolti and I collaborate with Consortium GARR for IDEM Italian Federation.
While surfing on the web to research a new Discovery Service for the Federation, my eyes are fallen down on the DiscoJuice. I think it is a very nice tool. :)
But...
The IDEM Italian Federation collect mostly Shibboleth entities and few simpleSAMLphp entities.
Today our WAYF collects the Federation IdPs into a single, large, metadata.xml files.
I would try yours Discovery Service DiscoJuice, standalone version, on my Service Provider Shibboleth 2.4.3.
I've followed this instructions, but I don't understand how configure it to display our IdPs.
Can someone guide me to the victory?
I need to be guided step-by-step because I'm quite new on these technologies, but not too much.
I would understand very well how the DiscoJuice Discovery Standalone functions.
Excuse me for my bad english, I hope to improve it in the next future. :)
Thank You very much for your great job!
Best Regards,
Marco Malavolti
Marco Malavolti
Jan 21, 2014, 9:20:49 AM1/21/14
to disco...@googlegroups.com
This a piece of working code for your DiscoJuice 3.0 (Central Discovery Service version) with Shibboleth SPs:
On the "cds.example.org" we have:
============== /etc/apache2/sites-enable/default-ssl ==============
DocumentRoot /var/www
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
On the "cds.example.org" we have:
============== /etc/apache2/sites-enable/default-ssl ==============
DocumentRoot /var/www
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
=========================================================
================ /var/www/DS/index.html ======================
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Select your login provider – DiscoJuice</title>
<script type="text/javascript"
src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
<script type="text/javascript" language="javascript"
src="//cdn.discojuice.org/engine/discojuice-stable.min.js"></script>
<script type="text/javascript" language="javascript"
src="//cdn.discojuice.org/engine/idpdiscovery.js"></script>
<link rel="stylesheet" type="text/css"
href="//cdn.discojuice.org/css/discojuice.css" />
<style type="text/css">
body {
text-align: center;
}
div.discojuice {
text-align: left;
position: relative;
width: 600px;
margin-right: auto;
margin-left: auto;
}
</style>
<script type="text/javascript">
$("document").ready(function() {
$.getJSON('/data/acl.json', function(acl) {
var options = {
"title": "Select your provider",
"feeds": ["edugain","garr-test"]
};
var djc = DiscoJuice.Hosted.getConfig(options);
djc.always = true;
djc.callback = IdPDiscovery.setup(djc, acl);
$("body").DiscoJuice(djc);
});
});
</script>
</head>
<body style="background: #e8e8e8">
</body>
</html>
=====================================================
================ /var/www/DS/data/acl.json ================
[ "sp1.example.org" , "ssp-sp2.example.org" , "sp3.example.org" ]
=====================================================
And, into the shibboleth2.xml on the SPs (sp1, sp3), we add this (if it is not exists):
<!-- An example supporting the new-style of discovery service. -->
<SessionInitiator type="Chaining" Location="/DS" id="DS" relayState="cookie" isDefault="true">
<SessionInitiator type="SAML2" acsIndex="1" template="bindingTemplate.html"/>
<SessionInitiator type="Shib1" acsIndex="5"/>
<SessionInitiator type="SAMLDS" URL="https://cds.example.org/DS"/>
</SessionInitiator>
Notice the "DS" and the isDefault="true" keywords.
I hope this can help other people to use Discojuice 3.0.
Best Regards,
Marco
================ /var/www/DS/index.html ======================
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Select your login provider – DiscoJuice</title>
<script type="text/javascript"
src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
<script type="text/javascript" language="javascript"
src="//cdn.discojuice.org/engine/discojuice-stable.min.js"></script>
<script type="text/javascript" language="javascript"
src="//cdn.discojuice.org/engine/idpdiscovery.js"></script>
<link rel="stylesheet" type="text/css"
href="//cdn.discojuice.org/css/discojuice.css" />
<style type="text/css">
body {
text-align: center;
}
div.discojuice {
text-align: left;
position: relative;
width: 600px;
margin-right: auto;
margin-left: auto;
}
</style>
<script type="text/javascript">
$("document").ready(function() {
$.getJSON('/data/acl.json', function(acl) {
var options = {
"title": "Select your provider",
"feeds": ["edugain","garr-test"]
};
var djc = DiscoJuice.Hosted.getConfig(options);
djc.always = true;
djc.callback = IdPDiscovery.setup(djc, acl);
$("body").DiscoJuice(djc);
});
});
</script>
</head>
<body style="background: #e8e8e8">
</body>
</html>
=====================================================
================ /var/www/DS/data/acl.json ================
[ "sp1.example.org" , "ssp-sp2.example.org" , "sp3.example.org" ]
=====================================================
And, into the shibboleth2.xml on the SPs (sp1, sp3), we add this (if it is not exists):
<!-- An example supporting the new-style of discovery service. -->
<SessionInitiator type="Chaining" Location="/DS" id="DS" relayState="cookie" isDefault="true">
<SessionInitiator type="SAML2" acsIndex="1" template="bindingTemplate.html"/>
<SessionInitiator type="Shib1" acsIndex="5"/>
<SessionInitiator type="SAMLDS" URL="https://cds.example.org/DS"/>
</SessionInitiator>
Notice the "DS" and the isDefault="true" keywords.
or, for simpleSAMLphp SP (ssp-sp2):
=================== /var/simplesamlphp/config/authsources.php ============================
....
'discoURL' => 'https://cds.example.org/DS',
=================================================================================
I hope this can help other people to use Discojuice 3.0.
Best Regards,
Marco
--
You received this message because you are subscribed to the Google Groups "DiscoJuice" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discojuice+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Reply all
Reply to author
Forward
0 new messages