>>> On 24/09/2008 at 18:00, in message <[log in to unmask]>,
Paul Campbell <[log in to unmask]> wrote:
> I think I've fixed it. I had missed the 'Attribute Authority
> VirtualHost' section on
> http://www.ukfederation.org.uk/content/Documents/SetupIdP.
>
> Specifically I hadn't added the lines:
>
> SSLVerifyClient optional_no_ca
> SSLVerifyDepth 10
> SSLOptions +StdEnvVars +ExportCertData
>
Wouldn't it be worthwhile for either Janet or Jisc to host a repository somewhere with a complete set of config files comprising:
Shib: resolver.xml, idp.xml and arp.site.xml
Apache: httpd.conf, http-ssl.conf
tomcat: server.xml \webapps\shibboleth\web.xml
That way someone could just pick them up, add the site specific details and would have a working Idp very quickly. OK, I know there are elements of, e.g., resolver.xml which are very site specific as they're dependant on munging local attributes but some collected examples would give a good starting point.
I know all the information is there somewhere in the documentation but its so easy to miss a line or so when you're cutting and pasting from umpteen different sources and having to clip bits of configuration out of a general documentation page.
just my tuppence
Cheers
Andy
The University of Dundee is a registered Scottish charity, No: SC015096
|