Installing a Shibboleth 2 SP in Ubuntu 11.04 within VirtualBox

I run what I refer to as a “private cloud” on my Macbook Pro using VirtualBox. It houses a number of VM related to the development work I am doing at any one time. Teamed up with TotalTerminal, Macfusion, SublimeText2, OSX bind and some other bits and pieces I get really productive environment that allows me to work anywhere I happen to be, online or offline.

Today I’ve been adding a new machine to that mix to run a Shibboleth 2.3 SP within Apache to front up some work I’m doing in the rails space. All was up and running in an hour. I’m using Ubuntu 11.04 server.

  1. Start with a base Ubuntu 11.04 server image
  2. Ensure the VM has guest additions installed to manage time sync and other interactions with the host. 
    sudo apt-get update
sudo apt-get install virtualbox-ose-guest-utils
sudo /etc/init.d/virtualbox-ose-guest-utils start
  3. Install the Shibboleth SP packages 
    sudo apt-get install shibboleth-sp2-schemas libshibsp-dev
sudo apt-get install libshibsp-doc libapache2-mod-shib2 opensaml2-tools
  4. Generate your host certificate (replace the -h value with your server address) 
    cd /etc/shibboleth
sudo shib-keygen -h aaf.dev.bradleybeddoes.com
  5. Register your service and crypto with your Federation. In my case I can do this using the Federation Registry deployed by the AAF
  6. Modify your local Shibboleth and Apache configuration as per your Federations local requirements. Below is a copy of my VirtualHost as an example (using lazy sessions): 
    <VirtualHost 10.0.0.1:80>
	ServerAdmin bradleybeddoes@gmail.com
	ServerName aaf.dev.bradleybeddoes.com

	ErrorLog ${APACHE_LOG_DIR}/aaf.dev.error.log
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/aaf.dev.access.log combined

	DocumentRoot /var/www/aaf.dev
	<Directory /var/www/aaf.dev>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>

        <Location />
                AuthType shibboleth
                ShibRequestSetting requireSession false
                ShibUseHeaders On
                Require shibboleth
        </Location>

</VirtualHost>
  7. Enable the shibboleth SP module and your site 
    sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod shib2
sudo a2ensite aaf.dev.bradleybeddoes.com
  8. Restart Apache and you’re ready to go. Navigating to /secure as a test should have you directed off to the federation and all working nicely. If problems persist please see your friendly local log files :)

Now simply integrate your rails infrastructure with Apache and your ready to go. Be sure to turn on ShibUseHeaders within your app space if you’re using ProxyPass through to Unicorn like me.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s