Menu

Chef Supermarket

Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

View our collection of guides, documentation, and articles

Cookbooks
Advanced Options

Select Badges

Select Supported Platforms

RSS

shibboleth_sp (3) Versions 0.1.1

Install and configure Shibboleth SP

Berkshelf
Policyfile
Knife 
cookbook 'shibboleth_sp', '= 0.1.1'
cookbook 'shibboleth_sp', '= 0.1.1', :supermarket
knife supermarket install shibboleth_sp
knife supermarket download shibboleth_sp
README
Dependencies
Quality -%

Description

Installs the Shibboleth SAML SP and Apache module

Requirements

Platform

Tested and developed on CentOS

Cookbooks

Requires an install of Apache that reads /etc/httpd/conf.d, like the one that comes with most RedHat-like systems.

Attributes

  • node["shibboleth_sp"]["entityid"] - The entityID to use for this SP. If set, entityid_domain is ignored.

  • node["shibboleth_sp"]["entityid_domain"] - The DNS domain name suffix to append to the system's hostname to generate an entityID. Ignored if entityid is set.

  • node["shibboleth_sp"]["idp_entityid"] - The entityID of the SAML IdP to authenticate to. WAYF is not yet supported.

  • node["shibboleth_sp"]["remote_metadata"] - A list of URLs from which to download and load metadata. If using HTTP URLs, you should also use metadata signature checking, which is not yet supported by this cookbook.

  • node["shibboleth_sp"]["local_metadata"] - A list of local files from which to load metadata. Each file listed here should be placed in files/default/.

  • node["shibboleth_sp"]["protected_paths"] - A list of absolute paths on the Apache server which should require Shibboleth authentication, each of which should end with a slash. Set this to / if you want the entire web server protected. Optional authentication is not yet supported.

  • node["shibboleth_sp"]["cert_file"] - The name of a PEM certificate file to be used by the SP. The file should be placed in files/default/. If this attribute is not set, a certificate will be automatically generated.

  • node["shibboleth_sp"]["cert_file"] - The name of a PEM private key file to be used by the SP. The file should be placed in files/default/. If this attribute is not set, a key will be automatically generated.

  • node["shibboleth_sp"]["user"] - The user that shibd runs as. Defaults to shibd.

  • node["shibboleth_sp"]["local_attribute_map"] - Set to true if you want to use a custom attribute-map.xml file. If you do, also place it in files/default/.

Usage

Either set entityid_domain to your organization's domain name to auto-generate entityIDs from server hostnames, or set entityid directly.

Set one or both of remote_metadata and local_metadata to load metadata for your IdP.

Set idp_entityid to match your IdP.

Set protected_paths to include the paths you want to require authentication.

If you want to use an existing SSL certificate and private key, place them in files/default/ and set cert_file and key_file with their names. This is necessary if the SP will be spread across multiple load-balanced systems using the same entityID.

Here is an example node configuration:

{
  "name": "shibboleth-sp",
  ...
  "run_list": [
    ...
    "recipe[shibboleth-sp]"
  ],
  "override_attributes": {
    ...
    "shibboleth_sp": {
      "entityid_domain": "ucsf.edu",
      "local_metadata": "idp-metadata.xml",
      "idp_entityid": "urn:mace:incommon:ucsf.edu",
      "protected_paths": [ "/secure/" ],
      "local_attribute_map": true
    }
  }
}

License and Author

Author:: Elliot Kendall (elliot.kendall@ucsf.edu)

Copyright:: 2013, Regents of the University of California

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

No quality metric results found


Elliot Kendall Elliot Kendall

Details

View Source

Updated March 18, 2013 Created on

Platforms

  • centos >= 0.0.0

License

BSD

Download Cookbook