Setting up a Shibboleth service provider

Setting up your production system

  1. Your production service provider should be set up just like your test service provider. Make sure you have a suitable DNS name (e.g. https://dienst.uni-konstanz.de)
     
  2. Request a server certificate for this DNS name. Please make sure you select the "Shibboleth IdP SP" profile on the form
     
  3. Create a suitable, unique provider ID for your production service provider (e.g. https://dienst-test.uni-konstanz.de/shibboleth-sp)
     
  4. Fill out the application form to have your production service provider integrated into either the university's or the DFN-AAI's production federation. The Shibboleth team will contact you and work with you on the next steps

Using your production system

  1. Adapt the configuration files from your test service provider to fit your production system
     
  2. Use the metadata for the production DFN-AAI federation where the metadata for all IDPs are stored:
     
  3. Use the DFN-AAI certificate in PEM format to verify the signature of DFN-AAI metadata:
     
  4. Adapt the configuration file used in your test system for the Apache web server to fit your production system
     
  5. Test access to the protected websites or web applications
     
  6. Test whether the respective websites or web applications process the authorization data