Configure Shibboleth SP

After you’ve installed the Shibboleth SP package, you will need to configure it. Please check if the installation process generated a key-pair:

/etc/shibboleth/sp-key.pem
/etc/shibboleth/sp-cert.pem

If those are not present, you can generate the SSL key-pair yourself, or use the provided keygen.sh tool. Please see the Shibboleth SP documentation for further information.

Next, you will need to configure the /etc/shibboleth/shibboleth2.xml. Set an entityID for the SP:

<ApplicationDefaults entityID="mySpEntityId" ...>

Set up the SessionInitiator:

<SSO entityID="https://idp.example.org/idp/shibboleth"> SAML2 SAML1 </SSO>

See https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPServiceSSO for more information.

Next, configure the /etc/shibboleth/attribute-map.xml to map incoming attributes to server environment variables that ultimately Joomla will use for authentication. Shimla requires the fullname, email, and username attributes to be able to authenticate the user into Joomla:

<Attribute name="fullname" id="fullname"/>
<Attribute name="email" id="email"/>
<Attribute name="username" id="username"/>

See https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAddAttribute for more information.

Finally, add the following to Joomla’s virtual host block to enable Shibboleth:

<Location />
 authtype shibboleth
 require shibboleth
</Location>