Configuring Shibboleth as a SAML2 Identity Provider

In this post I am going to share the steps to configure shibboleth as SAML2 IDP. Hope that would be useful for you also. I’m using Ubuntu 14.04 LTS as my Operating System. However, it should work with other systems as well.

  1. Download Shibboleth IDP : Link
  2. Once you have downloaded the file, extract it into your local file system.
  3. Go to <SHIBBOLETH_HOME>/bin  directory and run the script (run install.bat if you are on Windows). This would install Shibboleth into the given location in your file system. You would be promoted with few questions as in following. Note: If you do not provide a fully qualified host name during installation, an error may occur. Basically, it should exactly match the format suggested by Shibboleth, i.e.,  (there is a regex pattern in the build.xml  file. You can modify it as per your requirements).
  4. We will refer to the installation path that you provide as <SHIBBOLETH_HOME>. Also, this installation would create a key-store and idp.war  file that can be found in  <SHIBBOLETH_HOME>/credentials and <SHIBBOLETH_HOME>/war directories respectively.
  5. Configure a user store with shibboleth. We can use LDAP based existing user store for this.
  6. Open the login.config file that is found in the <SHIBBOLETH_HOME>/conf/ directory and configure your LDAP user store details. The following is a sample configuration for an LDAP user store (LDAP used in WSO2 IS).
  7. Enable the username/password login handler in the by un-commenting below section of  <SHIBBOLETH_HOME>/conf/handler.xml file.
  8. Configure logging level from the <SHIBBOLETH_HOME>/conf/logging.xml file. All the logs files would be saved in the <SHIBBOLETH_HOME>/logs directory. This may be helpful when troubleshooting any issues.
  9. Deploy the idp.war found in  <SHIBBOLETH_IDP_HOME>/war/ in a web application server (i.e. copy idp.war to <TOMCAT_HOME>/webapps)
  10. Enable HTTPS in Apache Tomcat. To do this, edit the <TOMCAT_HOME>/conf/server.xml file and configure the HTTPS connector as below.
  11. Copy /endorsed directory and it’s content of previously extracted shibboleth setup to CATALINA_HOME/endorsed (i.e. /usr/share/tomcat7/endorsed).
  12. Re-Start the Apache Tomcat server.
  13. Check the status of the server by using the : https://localhost:8443/idp/status
  14. Now Shibboleth is configured. However, there are some additional steps that might come in handy.Please note, By default, Shibboleth adds Transient ID as NameID in the Subject element of the SAML Assertion. (The Transient ID attribute definition exposes a randomly generated, short-lived, opaque identifier that can later be mapped back to the user by a Transient principal connector.)However, if you want to add the login name in to the SAML Assertion , you need to do following configuration.
  15. To configure the principal Id as the NameID in the SAML Assertion, In <SHIBBOLETH_HOME>/conf/attribute-resolver.xml, comment out <resolver:AttributeDefinition id="transientId">
    and add the following instead:
  16. To configure a new policy for the principal Id, In <SHIBBOLETH_HOME>/conf/attribute-filter.xml, comment out <afp:AttributeFilterPolicy id="releaseTransientIdToAnyone">
    and add the following instead:
  17. That’s it, Shibboleth is now configured as a SAML2 Identity Provider.

Simple Chat Application Using Jaggery Framework

In this blog post, it’s going to guide you through the steps which involve in creating a simple chat application using WSO2‘s Jaggery Framework.

What is Jaggery?

Jaggery is a framework, which offers a completely Javascript way to write all parts of Web applications and services as a way to minimize impedance mismatches across different layers of the Web application and API development experience while closing the gap between Web apps from Web services by allowing one to create both applications and APIs at the same time.

Functionality of the Chat Application

In this tutorial, it will only focus on providing these basic requirements for the Chat application.

  • Create a chat room with a unique id.
  • Join existing chat-room using it’s unique id.
  • Have multiple chat rooms opened in multiple tabs.
  • Kick off users from the chat room.

Continue reading Simple Chat Application Using Jaggery Framework