The goal of the project is to provide a OpenID Connect OP extension to Shibboleth IdP V3. The work is done as part of task T3.1A OpenID Connect Federation in GN4-2 JRA3 project.
The Shibboleth IdP 3.4 installed by this project is extended to act as a OpenID Connect provider.
- Java 7+
- Apache Maven 3
- Vagrant
The maven project needs to be built first. The ansible scipts will then perform first installation of Shibboleth Idp V3, after which the extensions are installed.
git clone https://github.com/CSCfi/shibboleth-idp-oidc-extension
cd shibboleth-idp-oidc-extension/
mvn package
vagrant up
You need to be root to access all the necessary files.
vagrant ssh
sudo su -
By following log entries it should be possible to get an idea of the execution.
tail -f /opt/shibboleth-idp/logs/idp-process.log
Fastest way to test installation is to use preconfigured mod_auth_openidc client for authentication sequence that may be triggered on self test page https://192.168.0.150
By modifying both the authentication request - /etc/httpd/conf.d/auth_openidc.conf - and the Shib OIDC OP extension configuration as described in Wiki you should be able to try different response types and claim sets just to name few.
The LDAP user is Ted Tester, in Finnish:
user:teppo
password:testaaja
See Wiki