Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms


shibboleth_sp (3) Versions 0.1.0

Install and configure Shibboleth SP

cookbook 'shibboleth_sp', '= 0.1.0'
cookbook 'shibboleth_sp', '= 0.1.0', :supermarket
knife supermarket install shibboleth_sp
knife supermarket download shibboleth_sp
Quality -%


Installs the Shibboleth SAML SP and Apache module



Tested and developed on CentOS


Requires an install of Apache that reads /etc/httpd/conf.d, like the one that comes with most RedHat-like systems.


  • node["shibboleth_sp"]["entityid"] - The entityID to use for this SP. If set, entityid_domain is ignored.

  • node["shibboleth_sp"]["entityid_domain"] - The DNS domain name suffix to append to the system's hostname to generate an entityID. Ignored if entityid is set.

  • node["shibboleth_sp"]["idp_entityid"] - The entityID of the SAML IdP to authenticate to. WAYF is not yet supported.

  • node["shibboleth_sp"]["remote_metadata"] - A list of URLs from which to download and load metadata. If using HTTP URLs, you should also use metadata signature checking, which is not yet supported by this cookbook.

  • node["shibboleth_sp"]["local_metadata"] - A list of local files from which to load metadata. Each file listed here should be placed in files/default/.

  • node["shibboleth_sp"]["protected_paths"] - A list of absolute paths on the Apache server which should require Shibboleth authentication, each of which should end with a slash. Set this to / if you want the entire web server protected. Optional authentication is not yet supported.

  • node["shibboleth_sp"]["cert_file"] - The name of a PEM certificate file to be used by the SP. The file should be placed in files/default/. If this attribute is not set, a certificate will be automatically generated.

  • node["shibboleth_sp"]["cert_file"] - The name of a PEM private key file to be used by the SP. The file should be placed in files/default/. If this attribute is not set, a key will be automatically generated.

  • node["shibboleth_sp"]["user"] - The user that shibd runs as. Defaults to shibd.

  • node["shibboleth_sp"]["local_attribute_map"] - Set to true if you want to use a custom attribute-map.xml file. If you do, also place it in files/default/.


Either set entityid_domain to your organization's domain name to auto-generate entityIDs from server hostnames, or set entityid directly.

Set one or both of remote_metadata and local_metadata to load metadata for your IdP.

Set idp_entityid to match your IdP.

Set protected_paths to include the paths you want to require authentication.

If you want to use an existing SSL certificate and private key, place them in files/default/ and set cert_file and key_file with their names. This is necessary if the SP will be spread across multiple load-balanced systems using the same entityID.

Here is an example node configuration:

  "name": "shibboleth-sp",
  "run_list": [
  "override_attributes": {
    "shibboleth_sp": {
      "entityid_domain": "",
      "local_metadata": "idp-metadata.xml",
      "idp_entityid": "",
      "protected_paths": [ "/secure/" ],
      "local_attribute_map": true

License and Author

Author:: Elliot Kendall (

Copyright:: 2013, Regents of the University of California

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

No quality metric results found