IdPQuickInstallCompleteInstall
Next steps
Once the IdP has been tested you need to complete the install. Below are some of the tasks you should consider. You should consult IdPConfiguration for further details.
Configure certificates
A suitable certificate should be installed to protect the browser facing port.
Adding other attributes
You can modify the attributes which are released as per IdPAddAttribute.
Configure your IdP to work with a new federation.
As installed the IdP can be tested against the Testshib SP. In order to run against another federation you need to edit relying-party.xml to
- Remove the references to Testshib
- Add a reference to your Federation's metadata
- Add a reference to the key your Federation operator uses to sign the metadata
There is a program shipped with the installer to automate this operation. Configuration details for the UK Federation and InCommon are available, others may be available from your Federation operator.
To convert an existing installation to run with (for instance) the UK Federation
- Stop tomcat
- Run the setFed program in a Windows command box with a suitable configuration file
Restart tomcat
c:\>cd "Program Files (x86)\Internet2\Shib2IdP\bin" c:\Program Files (x86)\Internet2\Shib2IdP\bin>sc stop tomcat6 c:\Program Files (x86)\Internet2\Shib2IdP\bin>setFed.bat ..\conf\UKFederation-config.xml Entity ID = https://origin.steadingsoftware.net/idp/shibboleth Relying Party configured for UK Federation c:\Program Files (x86)\Internet2\Shib2IdP\bin>sc start tomcat6
Other tasks
Recreating the WAR file
If you change the JavaServer Pages (JSP) files, or need to regenerate the WAR file for any other reason, it suffices to open a command prompt and from within it cd into the Shib2IdpInstall subdirectory of the installation directory and type 'install'.
Installing new versions of the component software (Tomcat and the IdP)
This should be done as per the instructions supplied with the new components.