Shibboleth Demo

Using our Shibboleth Demo

These instructions assume you have already downloaded and started our Shibboleth Demo VMs.

In this demo, you will login to a make-believe Student Portal Service Provider (SP) with a student login ID/password to access content that is Shibboleth-protected.  We have also included a second test SP (Faculty Portal) so you can see what happens when you login with a student ID/password and try to access content that you are not authorized to view.

We don’t offer support for this demo, but we’d love to hear your feedback.  Contact us to let us know what you think of our demo, or to learn more about our Shibboleth training, support and integration services.

We made a video of our demo to help you walk through the steps below.

 

  1. In the client VM window, open the web browser
  2. Click on the bookmark for “SP1 -- Student Portal”
  3. Follow the “Click Here to access secured content link”
  4. You are redirected to the IdP, which prompts you to login.  We have provided you with several test login IDs and passwords so you can see how a SP interprets different values of the “Scoped Identifier” attribute passed from the IdP to the SP.  First, try logging in with one of the student IDs (eg. nick/nick123)
  5. After you have successfully logged in to the student portal, you will see the message “Welcome to the Student Portal”
  6. To see the Scoped Identifier attributes passed from the IdP to the SP, follow this link: https://shibdemo-sp1.test.edu/Shibboleth.sso/Session
  7. If you try to browse to the Faculty Portal SP after you have logged in as a student, you should see an error message since you originally logged in as a student
  8. To repeat the demo using a different login ID, close the web browser to logout

Since you are working with a fully functional Shibboleth installation, you are now ready to start exploring advanced configurations like adding attributes to the IdP or releasing additional attributes to the SPs.

InCommon hosts a good web site with information for how to configure both the IdP and SP: https://spaces.internet2.edu/display/ShibInstallFest/Home.

To view the configuration or experiment with making changes, you can login to the Shibboleth IdP and SP VMs using the username/password root/idmiroot.

On the IdP virtual machine, you can find the Apache/Tomcat and Shibboleth IdP software under /opt.  On the SP virtual machine, you can find the Shibboleth configuration files in the standard location -- /etc/shibboleth for config files and /var/log/shibboleth for log files.

If you want to experiment with adding users to LDAP, bind information is available in /opt/shibboleth-idp-2.3.3/conf/login.config.  You can also access LDAP via phpLDAPadmin.  There is a bookmark for phpLDAPadmin in the client VM web browser.