Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

shibboleth_sp (3) Versions 0.1.0

Install and configure Shibboleth SP

Policyfile
Berkshelf
Knife
cookbook 'shibboleth_sp', '= 0.1.0', :supermarket
cookbook 'shibboleth_sp', '= 0.1.0'
knife supermarket install shibboleth_sp
knife supermarket download shibboleth_sp
README
Dependencies
Quality -%

Description

Installs the Shibboleth SAML SP and Apache module

Requirements

Platform

Tested and developed on CentOS

Cookbooks

Requires an install of Apache that reads /etc/httpd/conf.d, like the one
that comes with most RedHat-like systems.

Attributes

  • node["shibboleth_sp"]["entityid"] - The entityID to use for this SP. If
    set, entityid_domain is ignored.

  • node["shibboleth_sp"]["entityid_domain"] - The DNS domain name suffix to
    append to the system's hostname to generate an entityID. Ignored if
    entityid is set.

  • node["shibboleth_sp"]["idp_entityid"] - The entityID of the SAML IdP to
    authenticate to. WAYF is not yet supported.

  • node["shibboleth_sp"]["remote_metadata"] - A list of URLs from which to
    download and load metadata. If using HTTP URLs, you should also use
    metadata signature checking, which is not yet supported by this cookbook.

  • node["shibboleth_sp"]["local_metadata"] - A list of local files from
    which to load metadata. Each file listed here should be placed in
    files/default/.

  • node["shibboleth_sp"]["protected_paths"] - A list of absolute paths on
    the Apache server which should require Shibboleth authentication, each of
    which should end with a slash. Set this to / if you want the entire web
    server protected. Optional authentication is not yet supported.

  • node["shibboleth_sp"]["cert_file"] - The name of a PEM certificate file
    to be used by the SP. The file should be placed in files/default/. If this
    attribute is not set, a certificate will be automatically generated.

  • node["shibboleth_sp"]["cert_file"] - The name of a PEM private key file
    to be used by the SP. The file should be placed in files/default/. If this
    attribute is not set, a key will be automatically generated.

  • node["shibboleth_sp"]["user"] - The user that shibd runs as. Defaults
    to shibd.

  • node["shibboleth_sp"]["local_attribute_map"] - Set to true if you want
    to use a custom attribute-map.xml file. If you do, also place it in
    files/default/.

Usage

Either set entityid_domain to your organization's domain name to
auto-generate entityIDs from server hostnames, or set entityid directly.

Set one or both of remote_metadata and local_metadata to load metadata
for your IdP.

Set idp_entityid to match your IdP.

Set protected_paths to include the paths you want to require
authentication.

If you want to use an existing SSL certificate and private key, place them
in files/default/ and set cert_file and key_file with their names. This
is necessary if the SP will be spread across multiple load-balanced systems
using the same entityID.

Here is an example node configuration:

{
  "name": "shibboleth-sp",
  ...
  "run_list": [
    ...
    "recipe[shibboleth-sp]"
  ],
  "override_attributes": {
    ...
    "shibboleth_sp": {
      "entityid_domain": "ucsf.edu",
      "local_metadata": "idp-metadata.xml",
      "idp_entityid": "urn:mace:incommon:ucsf.edu",
      "protected_paths": [ "/secure/" ],
      "local_attribute_map": true
    }
  }
}

License and Author

Author:: Elliot Kendall (elliot.kendall@ucsf.edu)

Copyright:: 2013, Regents of the University of California

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

No quality metric results found