My recommendation to you is to look at deploying the Embedded Discovery Service. We put it together precisely with people in your situation in mind - a single SP, a need for discovery but no desire to have to work with Tomcat and go through the not inconsiderable pain of a Centralized DS deployment).
Additionally the EDS is rather more up-to-date with respect to recent advances in metadata content as well.
You *do* need to be running the latest V2 Shibboleth SP (2.4 IIRC) (Or a selected set of other vendor SPs), but with that in place you should get a basic discovery up in an afternoon.
PLEASE ask follow up question either here or in the shib users list. It is absolutely essential to us (the shibboleth developers) that EDS deployment be as easy as possible and if you have problems it will be due to our documentation or packaging or both.
> -----Original Message-----
> From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of
> Colleen Romero
> Sent: 10 May 2011 16:36
> To: [log in to unmask]
> Subject: Shibboleth service in a private federation
> I have been experimenting with the Shibboleth service provider v2 software, and have successfully
> configured Moodle 1.9 to authenticate against the TestShib identity provider. In this configuration
> the entityid of the TestShib IDP is hard coded into the SessionInitiator node in shibboleth2.xml.
> My ultimate aim is to use Shibboleth to authenticate against shared services within a private
> federation, i.e. members authenticate against their identity providers to access services on my
> server. I do not expect a large number of members, so in the initial stages I will use a local
> metadata file which I will edit manually.
> I have a few questions:
> 1. Do I need to install a full-blown discovery service on my server? Considering that the federation
> membership will be small, it will be quite easy for me to build a web form with a list of members for
> users to select their home institution.
> 2. If I can use a web form, can anyone point me to information on how the form will be invoked, what
> information it will return etc.?
> 3. I have installed the discovery service software, but I get a java.lang.NoClassDefFoundError. The
> log refers to org.apache.xerces, so I thought it could be related to the custom xerces and xalan
> class libraries included with the service provider software which I had copied to the tomcat/endorsed
> folder. I tried adding tomcat/endorsed to common.loader in catalina.properites. When that failed I
> copied the xalan and xerces jar files to the tomcat/lib folder, but that did not work either. Any
> Any help would be greatly appreciated. I would be willing to send copies of any configuration or log
> files if necessary.