cookbook 'shibboleth_sp', '~> 0.1.2'
shibboleth_sp (3) Versions 0.1.2 Follow1
Install and configure Shibboleth SP
cookbook 'shibboleth_sp', '~> 0.1.2', :supermarket
knife supermarket install shibboleth_sp
knife supermarket download shibboleth_sp
Description
Installs the Shibboleth SAML SP and Apache module
Requirements
Platform
Tested and developed on CentOS
Cookbooks
Requires an install of Apache that reads /etc/httpd/conf.d, like the one
that comes with most RedHat-like systems.
Attributes
node["shibboleth_sp"]["entityid"]
- The entityID to use for this SP. If
set,entityid_domain
is ignored.node["shibboleth_sp"]["entityid_domain"]
- The DNS domain name suffix to
append to the system's hostname to generate an entityID. Ignored if
entityid
is set.node["shibboleth_sp"]["idp_entityid"]
- The entityID of the SAML IdP to
authenticate to. WAYF is not yet supported.node["shibboleth_sp"]["remote_metadata"]
- A list of URLs from which to
download and load metadata. If using HTTP URLs, you should also use
metadata signature checking, which is not yet supported by this cookbook.node["shibboleth_sp"]["local_metadata"]
- A list of local files from
which to load metadata. Each file listed here should be placed in
files/default/.node["shibboleth_sp"]["protected_paths"]
- A list of absolute paths on
the Apache server which should require Shibboleth authentication, each of
which should end with a slash. Set this to/
if you want the entire web
server protected.node["shibboleth_sp"]["optional_paths"]
- A list of absolute paths on
the Apache server which should support but not require Shibboleth
authentication, each of which should end with a slash. In other words,
these locations will get environment variables for attributes from already
existing Shibboleth sessions, but not force people to log in if they have no
existing session. Set this to/
if you want the entire web server to
support Shibboleth auth.node["shibboleth_sp"]["cert_file"]
- The name of a PEM certificate file
to be used by the SP. The file should be placed in files/default/. If this
attribute is not set, a certificate will be automatically generated.node["shibboleth_sp"]["cert_file"]
- The name of a PEM private key file
to be used by the SP. The file should be placed in files/default/. If this
attribute is not set, a key will be automatically generated.node["shibboleth_sp"]["user"]
- The user that shibd runs as. Defaults
toshibd
.node["shibboleth_sp"]["local_attribute_map"]
- Set to true if you want
to use a custom attribute-map.xml file. If you do, also place it in
files/default/.
Usage
Either set entityid_domain
to your organization's domain name to
auto-generate entityIDs from server hostnames, or set entityid
directly.
Set one or both of remote_metadata
and local_metadata
to load metadata
for your IdP.
Set idp_entityid
to match your IdP.
Set protected_paths
to include the paths you want to require
authentication.
If you want to use an existing SSL certificate and private key, place them
in files/default/ and set cert_file
and key_file
with their names. This
is necessary if the SP will be spread across multiple load-balanced systems
using the same entityID.
Here is an example node configuration:
{
"name": "shibboleth-sp",
...
"run_list": [
...
"recipe[shibboleth-sp]"
],
"override_attributes": {
...
"shibboleth_sp": {
"entityid_domain": "ucsf.edu",
"local_metadata": "idp-metadata.xml",
"idp_entityid": "urn:mace:incommon:ucsf.edu",
"protected_paths": [ "/secure/" ],
"optional_paths": [ "/" ],
"local_attribute_map": true
}
}
}
License and Author
Author:: Elliot Kendall (elliot.kendall@ucsf.edu)
Copyright:: 2013, Regents of the University of California
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
0.1.2 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
0.1.2 failed this metric
Contributing File Metric
0.1.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
0.1.2 failed this metric
Foodcritic Metric
0.1.2 failed this metric
FC064: Ensure issues_url is set in metadata: shibboleth_sp/metadata.rb:1
FC065: Ensure source_url is set in metadata: shibboleth_sp/metadata.rb:1
FC066: Ensure chef_version is set in metadata: shibboleth_sp/metadata.rb:1
FC069: Ensure standardized license defined in metadata: shibboleth_sp/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
0.1.2 failed this metric
FC065: Ensure source_url is set in metadata: shibboleth_sp/metadata.rb:1
FC066: Ensure chef_version is set in metadata: shibboleth_sp/metadata.rb:1
FC069: Ensure standardized license defined in metadata: shibboleth_sp/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.1.2 passed this metric
0.1.2 passed this metric
Testing File Metric
0.1.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
0.1.2 failed this metric
Version Tag Metric
0.1.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.2 failed this metric