Shibboleth authentication set up in i2b2

[Srividhya Asuri]

Hello everyone,

Have you set up Shibboleth sso set up for your i2b2 instance?

I'm in the process of setting this up and I'm stuck on one of the steps in the documentation.

We are on Ubuntu 22/Jammy

There is this step in the docs:

<MetadataProvider type="XML" validate="true" path="federation-metadata.xml"/>

The doc says : Remember to replace federation-metadata.xml with the name of your IdP metadata file located in the directory /etc/shibboleth.

I see these files in my /etc/shibboleth

attrChecker.html      console.logger           globalLogout.html       native.logger       security-policy.xml  shibd.logger
attribute-map.xml     discoveryTemplate.html   i2b2-shib-metadata.xml  partialLogout.html  sessionError.html    sslError.html
attribute-policy.xml  example-metadata.xml     localLogout.html        postTemplate.html   shibboleth2.xml
bindingTemplate.html  example-shibboleth2.xml  metadataError.html      protocols.xml       shibboleth2.xml.bk

I created i2b2-shib-metadata.xml by copying example-metadata.xml and I've edited i2b2-shib-metadata.xml best I can. 

If anyone can help with editing the "MetadataProvider" tag, that would be great. 

thank you!
Vidhya

[Kevin Bui]

Hello,

The  federation-metadata.xml file contains information about the IdP that the service provider (SP) needs for communication.  You should obtain this information (file) from your IdP.

Kevin

[Srividhya Asuri]

Thank you, Kevin.

So - our support tech gave me a couple of urls which he said should have all the information I should need.

I was able to get the metadata information from one of the two urls I was provided. Instead of a file, I think we were supposed to just download the metadata from that url. I think my main issue is that I don't understand Shib terminology :) But I'll learn now :)

Thanks again. I'll probably have more questions later but for now, I'll try and continue with the steps in the documentation. 

--
You received this message because you are subscribed to the Google Groups "i2b2 Install Help" group.
To unsubscribe from this group and stop receiving emails from it, send an email to i2b2-install-h...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/i2b2-install-help/bf742dde-b8e4-4729-9a8a-675adb335bc1n%40googlegroups.com.

[Srividhya Asuri]

I think I have misconfigured something in my Shib set up and if I browse to  https://i2b2.cctsedc.uky.edu/Shibboleth.sso/Metadata (Our url is  https://i2b2.cctsedc.uky.edu) I see this.

shibsp::ConfigurationException

The system encountered an error at Mon Oct 27 10:32:52 2025

To report this problem, please contact the site administrator at root@localhost.

Please include the following message in any email:

shibsp::ConfigurationException at (https://i2b2.cctsedc.uky.edu/Shibboleth.sso/Metadata)

Shibboleth handler invoked at an unconfigured location.

The support tech I'm working with can only provide me with 2 urls.

EntityID: "https://ukidp.uky.edu/bridge" and  Metadata url: "https://ukidp.uky.edu/idp/shibboleth".

I copied the output of https://ukidp.uky.edu/idp/shibboleth into an xml file. I then made a copy of example-metadata.xml and renamed it to i2b2-shib-metadata.xml. I then edited i2b2-shib-metadata.xml to contain the information in https://ukidp.uky.edu/idp/shibboleth.

I have used https://ukidp.uky.edu/bridge as the value for entityID in shibboleth2.xml.

Can anyone help with fixing my config? I'm on Ubuntu 22, so the documentation is not a 1:1 match, but in general I'm able to locate similar config files. I only mention it in the hopes of someone noticing an Ubuntu specific config that I'm missing.

thanks for reading my long email! :)

-Vidhya