Versions Compared

Old Version 2

changes.mady.by.user Andrijana Todosijevic

Saved on

compared with

New Version Current

changes.mady.by.user Andrijana Todosijevic

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
printablefalse

Introduction

This quick install guide explains how a SAML based identity federation can deploy a Shibboleth Metadata Aggregator, or a pyFF Federation Feeder, in order to download, process and republish metadata. This is in particular useful in the context of eduGAIN where it is recommended that participating federations download metadata from mds.edugain.org, process and republish it for their local federation. Therefore, this guide will focus on the eduGAIN use case but it can also be used easily for different but similar applications

...

  1. First, download the directory structure and the necessary files for this distribution. Download the file: File:EduGAIN-Metadata-Processing.zip

  2. Unarchive the distribution:

    unzip eduGAIN-Metadata-Processing.zip
  3. Change the working directory:
    cd eduGAIN-Metadata-Processing
  4. Download latest version of the Shibboleth Metadata Aggregator Command Line Interface:
    wget http://shibboleth.net/downloads/metadata-aggregator/latest/aggregator-cli-0.9.2-bin.zip
    wget http://shibboleth.net/downloads/metadata-aggregator/latest/aggregator-cli-0.9.2-bin.zip.asc
  5. Verify fingerprint of the downloaded ZIP file:
    gpg aggregator-cli-0.9.2-bin.zip.asc
    The resulting output should be that the signature was created by “Ian A. Young <ian@iay<ian@iay.org.uk>” uk>” with key D7079C77.
  6. Unarchive the downloaded file
    unzip aggregator-cli-0.9.2-bin.zip
  7. Create a symlink
    ln -s aggregator-cli-0.9.2 aggregator-cli
    In order to verify eduGAIN metadata, it is necessary to provide the eduGAIN signing certificate to the Metadata Aggregator.
  8. Check the signature of the eduGAIN signer certificate:
    openssl x509 -fingerprint -in pki/eduGAIN-signer-ca.pem
    The SHA1 Fingerprint should be 8B:81:7A:0C:F3:F8:35:2F:85:91:9F:11:37:14:3F:98:91:8C:F8:34
  9. Adapt the main configuration in conf/mda.properties
    This file allows a very simple configuration of the eduGAIN Metadata Processing tool by setting a few properties. These properties then are used in the conf/mda.xml file that is a standard Spring context. More advanced configuration can be done directly in the file mda.xml. In the mda.properties file the parameters BasePath, EntitiesDescriptor, RegistrationAuthorityFilter, SigningKey and SigningCert should be set at minimum.

...