Installing Shibboleth

We are currently evaluating Shibboleth, a SAML 2.0 standards based Single Sign On (SSO) suit for our web applications. The installation is fairly gritty. This post started out as notes for myself, however it rapidly became apparent that these notes would be useful to others.  I also noticed that this installation was taking multiple days, and that it would be too long for a single post. I will be doing a series of posts on how to do this setup.

Read the rest of this post »

Group Syncronizing Issues with the Directory Utility and the Active Directory Pluggin

Apple LogoAfter we implemented ILM to sync our PeopleSoft data and Active Directory accounts, I was informed by one of our Mac techs that Active Directory groups were no longer syncing with our Mac clients and servers.  Accounts created under our old process would have group memberships updated when they were updated, however the new accounts would not have their group memberships updated.

Read the rest of this post »

Debugging Domain Trust Issues

Trust written on a stone.

Recently we had to redo our development network, so that we can work on our account provisioning to include exchange support. Ultimately we had to rebuild our Active Directory server. In order to migrate our existing accounts from our production environment. To do this, you need to establish a Trust between our two domains, and use the Active Directory Migration Tool.  The process of rebuilding our Active Directory server disrupted our ability to establish a Trust between our two domains.
Read the rest of this post »