Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status


shibboleth_sp (3) Versions 0.1.1

Install and configure Shibboleth SP

cookbook 'shibboleth_sp', '= 0.1.1', :supermarket
cookbook 'shibboleth_sp', '= 0.1.1'
knife supermarket install shibboleth_sp
knife supermarket download shibboleth_sp
Quality -%


Installs the Shibboleth SAML SP and Apache module



Tested and developed on CentOS


Requires an install of Apache that reads /etc/httpd/conf.d, like the one
that comes with most RedHat-like systems.


  • node["shibboleth_sp"]["entityid"] - The entityID to use for this SP. If
    set, entityid_domain is ignored.

  • node["shibboleth_sp"]["entityid_domain"] - The DNS domain name suffix to
    append to the system's hostname to generate an entityID. Ignored if
    entityid is set.

  • node["shibboleth_sp"]["idp_entityid"] - The entityID of the SAML IdP to
    authenticate to. WAYF is not yet supported.

  • node["shibboleth_sp"]["remote_metadata"] - A list of URLs from which to
    download and load metadata. If using HTTP URLs, you should also use
    metadata signature checking, which is not yet supported by this cookbook.

  • node["shibboleth_sp"]["local_metadata"] - A list of local files from
    which to load metadata. Each file listed here should be placed in

  • node["shibboleth_sp"]["protected_paths"] - A list of absolute paths on
    the Apache server which should require Shibboleth authentication, each of
    which should end with a slash. Set this to / if you want the entire web
    server protected. Optional authentication is not yet supported.

  • node["shibboleth_sp"]["cert_file"] - The name of a PEM certificate file
    to be used by the SP. The file should be placed in files/default/. If this
    attribute is not set, a certificate will be automatically generated.

  • node["shibboleth_sp"]["cert_file"] - The name of a PEM private key file
    to be used by the SP. The file should be placed in files/default/. If this
    attribute is not set, a key will be automatically generated.

  • node["shibboleth_sp"]["user"] - The user that shibd runs as. Defaults
    to shibd.

  • node["shibboleth_sp"]["local_attribute_map"] - Set to true if you want
    to use a custom attribute-map.xml file. If you do, also place it in


Either set entityid_domain to your organization's domain name to
auto-generate entityIDs from server hostnames, or set entityid directly.

Set one or both of remote_metadata and local_metadata to load metadata
for your IdP.

Set idp_entityid to match your IdP.

Set protected_paths to include the paths you want to require

If you want to use an existing SSL certificate and private key, place them
in files/default/ and set cert_file and key_file with their names. This
is necessary if the SP will be spread across multiple load-balanced systems
using the same entityID.

Here is an example node configuration:

  "name": "shibboleth-sp",
  "run_list": [
  "override_attributes": {
    "shibboleth_sp": {
      "entityid_domain": "",
      "local_metadata": "idp-metadata.xml",
      "idp_entityid": "",
      "protected_paths": [ "/secure/" ],
      "local_attribute_map": true

License and Author

Author:: Elliot Kendall (

Copyright:: 2013, Regents of the University of California

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

No quality metric results found