Child pages
  • InCommon Shibboleth IdP Training - Preparation
Skip to end of metadata
Go to start of metadata

There's not much needed to prepare for the TIER Shibboleth IdP Training.  Read on...


The main decision to make is what OS you would like running inside your container (and hence on your build VM for this class).  We recommend Linux, as that is, by far, the most prevalent OS for deployed containers in the world today and is the leanest container.  That said, we do have a Windows container available that runs the latest version of the Shibboleth IdP on the official Windows 'servercore' container.


Do you want to learn how to deploy the IdP container in a highly-available way using docker swarm?  If so, it will be a bit more work and you will need to claim 2 VMs (of the same OS).

About this class...

In this class, your will be assigned a linux VM via a google sheet (URL provided by instructors), where you'll enter your initials next to an IP address.  That's your VM!  These are operated in AWS.  You can just SSH into this VM like any other.  The login is shibboleth/shibboleth.  Please change that password so that we don't get any security emails from Amazon.  (smile)

You're asked in both the IdP and SP training materials to select a hostname.  This is to simulate deploying an actual IdP/SP, so it's looking for something like '', but you can make up any name you want, provided it has three parts (the name doesn't need to be based on a real domain since we'll use hosts files to resolve them).  It seems less confusing to use different names for idp and sp day...

  • IMPORTANT: You will need hosts file entries for your selected special names, pointing to your external IP address (from the Google sheet)
    • Windows: c:\windows\system32\drivers\etc\hosts
    • Linux: /etc/hosts

You'll first download some files to get you started, then you'll build, run, test, change, etc a container-based Shibboleth IdP.  You'll test that IdP against the classroom "federation".

Next, we'll use those same starter files to do the same for the SP.

Finally, we'll have our IdP and SP trust each other.  

Concerning the files you'll download, the main folders that you'll be working in are the 'idp' folder on the first day, then the 'sp' folder to start the second day.  The final exercise will require both folders.  

Inside both of the 'idp' and 'sp' folders is what you need to build a container.  All of the configuration is deployed into the container at build time.  This configuration is contained in the 'container_files' directory inside both the 'idp' and 'sp' folders.

The IdP configuration is a bit more difficult (there is a hierarchy of several folders that altogether represent the configuration for the container) and we'll use a ConfigBuilder service to get started with that.  The SP's config is simpler and all of the files are in the 'container_files' directory.

Next step: Claim your VM(s)

The instructors will post a link to a google sheet that contains IP addresses of training machines, along with their relevant OS and a place for a student's name/initials/etc.  Find a VM (or two if doing HA) with no name/initials and place your name/initials in the provided column to claim your VMs.  These will be solely yours during the training and will remain available for approximately 2 weeks afterwards.

The best bet for this class is to do everything under 'sudo' by creating a root shell (either 'sudo -i' or 'sudo /bin/bash').

  • No labels