Versions Compared

Old Version 2

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version Current

changes.mady.by.user Ian Young

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Installing the Centralized Discovery Service

Note

This section describes the Centralized Discovery Service, which is primarily intended for use by identity federations and other large groups wishing to providing a backstop discovery service. Outside this scope, it is very limited. Individual service providers, in particular, are recommended to install the Embedded Discovery Service.

Before You Begin

The first question you should ask is whether you need to install the DiscoveryService. If you're working in a non-Java environment, you may find it easier to build a selection page in a more native fashion.  The SP also supports the Embedded Discovery Service which is usually a better choice for SPs which need to implement discovery.

If you do decide to install you should find out all the metadata sources you may need.

...

this service, you'll need to collect the metadata sources that will contain the IdPs that users will select from. If you're planning to use SAML 2.0 or other protocols not supported by the old WAYF model, you may also need to provide metadata about your SPs to enable the DS to safely interact with the SP.

Which Protocol?

The Discovery Service will automatically select between handle both the legacy Shibboleth AuthnRequest message (so-called "WAYF -Mode" (in which is intercepts and handles a AuthnRequest messagemode") and the full Discovery Service Protocol.

No explicit configuration is neededrequired to select the right protocol.

Performing the Install

The Shibboleth Discovery Service, version 1.2.01, is a standard Java web application.

  1. Download and decompress the Discovery Service package from Internet2 the Shibboleth Download siteUnzip the package.
  2. Change into the newly created IdP distribution directory.
  3. Endorse Xerces and Xalan by copying the contents of the endorsed directory  directory to the approriate appropriate place on the web Server (for tomcat this is $TOMCAT_ROOT\common\endorsed).Edit install.properties to control: Where to install the configuration files.
  4. Whether the install will delete any previous installation.
  5. Run either ./ant install.sh (on Unix systems) or ant install.bat (on Windows systems) as a suitably authorised user authorized user. This user must have the ability to create the IdP Discovery Service home directory identified in the previous step.
  6. Configure the Discovery Service to point to the metadata sources you identified above as described here.
  7. Deploy the Discovery Service .WAR file, located in the Discovery Service's Home directory.
  8. Further Configuration configuration is described here.