Shibboleth Identity Provider 3


This is the procedure to integrate inWebo multi factor authentication service in "Shibboleth Identity provider"

Requirements

  1. Shibboleth Identity Provider 3.2.1  
    "Shibboleth Identity Provider is an open-source project that provides Single Sign-On services and extends reach into other organizations and new services through authentication of users and securely providing appropriate data to requesting services." 
  2. Oracle Sun JDK 1.8
  3. (JCE) Unlimited Strength Jurisdiction Policy Files

How to install inWebo Shibboleth plugin

To install the plugin you have to follow this procedure:

  1. Unpack inWebo Shibboleth plugin in a Temp directory

    unzip iw-shibboleth-*.zip -d /tmp/
  2. Copy inWebo directories in Shibboleth
    copy the `edit-webapp`, `flow`, `conf` and `views` directories from the distribution into `${idp.home}`

    cd iw-shibboleth-*
    cp -R * ${idp.home}
  3. Modify inWebo "inwebo.properties" file

    Path `${idp.home}/conf/inwebo.properties` 

    for your InWebo configuration, you have to input the following details

    inwebo.api.certificate.path= <The_path_of_your_inWebo_certificate_file>
    inwebo.api.certificate.password= <Your_certificate_passphrase>
    inwebo.api.service.id= <Your_inWebo_service_ID>
  4. Modify Shibboleth "idp.properties" file

    Path: `${idp.home}/conf/idp.properties`

    You have to edit the following properties:  

    1. idp.additionalProperties

      You have to add ", /conf/inwebo.properties" at the end of the line

      idp.additionalProperties= /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/inwebo.properties
    2. idp.authn.flows
      You have to add "|inWebo"

      idp.authn.flows= Password|inWebo
    3. idp.authn.flows.initial
      Uncomment the line and change with inWebo

      idp.authn.flows.initial = inWebo
  5. Modify Shibboleth "web.xml" file

    Path: `${idp.home}/edit-webapp/WEB-INF/web.xml`

    If you don't have this file, you can copy from `${idp.home}/webapp/WEB-INF/web.xml`

    1. In the first section <context-param>
      You have to add : "classpath*:/META-INF/shibboleth-idp/inwebo-global-config.xml," in contextConfigLocation <param-value>

      <context-param>
      	<param-name>contextConfigLocation</param-name>
      	<param-value>classpath*:/META-INF/shibboleth-idp/inwebo-global-config.xml,${idp.home}/system/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/config.xml</param-value>
      </context-param>
    2. In the <servlet> section, idp<servlet-name>
      You have to add : "classpath*:/META-INF/shibboleth-idp/inwebo-webflow-config.xml," in contextConfigLocation <param-value>

      <servlet>
      	<servlet-name>idp</servlet-name>
      	<init-param>
      		<param-name>contextConfigLocation</param-name>
      		<param-value>classpath*:/META-INF/shibboleth-idp/inwebo-webflow-config.xml,${idp.home}/system/conf/mvc-beans.xml,${idp.home}/system/conf/webflow-			config.xml</param-value>
      	</init-param>
      </servlet>
  6. Modify Shibboleth "authn-messages.properties" file

    Path: `${idp.home}/messages/authn-messages.properties`

    You have to add the following properties:

    # inWebo messages
    idp.login.inwebo.push.send = Send Push Authentication
    idp.login.inwebo.connect.message = Connecting...
  7. Rebuild shibboleth IdP war file

    cd ${idp.home}/bin
    ./build.sh
  8. Restart App Server (tomcat or jetty)

How to debug

Modifying shibboleth "logback.xml" file

Path `${idp.home}/conf/logback.xml`

add after `<logger name="net.shibboleth.idp" level="INFO"/>' the following section:

<!-- Logs inWebo →
<logger name="com.inwebo" level="DEBUG"/>
<logger name="org.glassfish.jersey" level="DEBUG"/>