Installing Shibboleth
We are currently evaluating
Shibboleth, a
SAML 2.0 standards based Single Sign On (SSO) suit for our web applications. The installation is fairly gritty. This post started out as notes for myself, however it rapidly became apparent that these notes would be useful to others. I also noticed that this installation was taking multiple days, and that it would be too long for a single post. I will be doing a series of posts on how to do this setup.
SSL Odities
We have been having a little trouble with our SSL certificate for our public website since the website redesign. On the surface, everything seemed fine. Various versions of IE and Firefox would display the website correctly, on both Mac and PC through an SSL connection. Oddly enough however, when viewed with Safari on SSL we would get this fairly standard error:
This certificate was signed by an unknown authority.
Our certificate was clearly working on 3 out of 4 browsers (Firefox worked on both PC and Mac), yet safari seemed to be a stick in the mud. After searching the internet for a solution for this, it seemed like all solutions for this dealt with the more common problem of this happening on all browsers, not just safari.
After poking through our Trusted Root Certification Authorities, it became apparent that our certificate for www.mica.edu was not actually listed there–despite the certficate being present and working for some browsers.
In order to fix this, we simply removed and reinstalled our certificate from Thawte.