8-36
UserGuide for Cisco Digital Media Manager5.4.x
OL-15762-05
Chapter8 Authentication and Federated Identity
Procedures
Example: Configure Shibboleth to Interoperate with CiscoDMSBefore You Begin
•
Obtain a digital identity certificate from a well-known CA, install it on your IdP hostsystem, and
then enableSSL.
Procedure
Step6
Cause
CiscoDMS to
trust OpenAM.
See the “Import IdP Metadata into DMM” topic.
Step7
Use the Linux
CLI to export IdP
metadata.
wget --no-check-certificate
https://<IdP_serverip>:<service_port>/opensso/saml2/jsp/exportmetad ata.jsp -O
dms_idp_config.xml
Step8
Stop. You have completed this procedure.
1. Also, DMS-Admin includes a feature to test the configuration of your IdP. In the case of OpenAM, this testing feature uses ECP and fails in its absence.
2. We provide a downloadable ECP implementation as a courtesy to you. Alternatively, you can obtain ECP from another source at your discretion.
Step1
Obtain and install
Shibboleth.
a.
Go to http://www.shibboleth.net/downloads/identity-provider/latest/.
b.
Download the latest Identity Provider software package, such as
shibboleth-identityprovider-2.3.0-bin.zip.
c.
Extract the downloaded archive, and then make the installer script within it, named
install.sh, executable. For example:
$ unzip shibboleth-identityprovider-2.3.0-bin.zip
$ cd shibboleth-identityprovider-2.3.0
$ chmod u+x install.sh
d.
Run the script to install Shibboleth.
$ ./install.sh
•
The installer will prompt you to specify the installation directory. Its default is
/opt/shibboleth-idp.
•
In addition, it will prompt you to enter your Shibboleth system’s FQDN, such as
shibboleth.example.com.
Respond appropriately to these prompts.
Shibboleth is now installed and you have completed its basic configuration. Your new
Shibboleth system contains these subfolders.
/opt/shibboleth-idp/bin/
/opt/shibboleth-idp/conf/
/opt/shibboleth-idp/credentials/
/opt/shibboleth-idp/lib/
/opt/shibboleth-idp/logs/
/opt/shibboleth-idp/metadata/
/opt/shibboleth-idp/war/