Tuesday, July 02, 2013

Changing Shibboleth Hostname

Introduction

When we change the hostname, for example: idp.example.com to idp.example2.com, we need to change the definition in configuration file and also the SSL certificate. The information below, lists which files are needed to be changed.

Changing IDP hostname

When we change the IDP hostname, the following files should be edited:
  • edit shibboleth2.xml on SP server
  • edit relying-party.xml (IDP SSL cert path)
  • edit idp-metadata.xml (hostname and ssl cert)
  • edit apache conf (SSL cert path)
After that, restart both IDP and SP services.

Changing SP hostname

When we change the SP hostname, the following files should be edited:
  • edit shibboleth2.xml (SSL cert path)
  • edit relying-party.xml on IDP server (copy SP SSL cert and edit SSL cert path)
  • edit attribute-filter.xml on IDP server
  • edit apache conf (SSL cert path)
  • import SP certificate to the java keystore (keytool -import -trustcacerts -alias "newspcrt" -file newsp.crt -keystore /usr/lib/jvm/USED_JAVA_DIR/jre/lib/security/cacerts)
After that, restart both IDP and SP services.

No comments: