Compilation and installation of the OpenID Connect plugin is done per the following instructions:

• https://github.com/CSCfi/shibboleth-idp-oidc-extension/wiki/Installing-from-archive

We will review the installation steps but use the pre-installed virtual machines for the remainder of the course.

First configuration 

1. Become root and set the environment variables

   
   

   Code Block
   theme FadeToGrey
   [/opt/shibboleth-idp] sudo -i [/opt/shibboleth-idp] source /etc/default/shibboleth-idp

   
   

2. Set your Shibboleth IdP issuer that is used as your OpenID Provider identifier. Use the IP address provided to you by course personnel

   Code Block
   theme FadeToGrey
   nano /opt/shibboleth-idp/conf/idp-oidc.properties # Set the Open ID Connect Issuer value idp.oidc.issuer = https://xx.xx.xx.xx

   
   

3. Verify the necessary keys. The necessary cryptographic keys are automatically created for you. In actual use you must create your own set of keys. Use https://IP_ADDRESS/idp/profile/oidc/keyset to view the used keys. 

4. Verify the logging level for the OpenID extension. More detailed options available in the extension wiki.

   Code Block
   theme FadeToGrey
   nano +40 /opt/shibboleth-idp/conf/logback.xml <!-- =========================================================== --> <!-- ============== Logging Categories and Levels ============== --> <!-- =========================================================== --> <logger name="org.geant" level="ALL"/>

   
   

5. Restart the IdP to apply the configured settings.

   Code Block
   theme RDark title Hints, Tips and Result collapse true
   [root@gn43-oidcshibop-devel vagrant]# systemctl stop shibboleth-idp [root@gn43-oidcshibop-devel vagrant]# systemctl start shibboleth-idp