Trustbuilder MFA by inWebo
Trustbuilder MFA by inWebo
Breadcrumbs

Shibboleth Identity Provider 3

This is the procedure to integrate inWebo multi factor authentication service in "Shibboleth Identity provider"

Warning: this document refers to an “inWebo Shibboleth plugin” - This component is no longer supported. We recommend using integrations based on standard protocols such as SAML or OIDC.

Requirements

  1. Shibboleth Identity Provider 3.2.1  
    "Shibboleth Identity Provider is an open-source project that provides Single Sign-On services and extends reach into other organizations and new services through authentication of users and securely providing appropriate data to requesting services." 

  2. Oracle Sun JDK 1.8

  3. (JCE) Unlimited Strength Jurisdiction Policy Files

How to install inWebo Shibboleth plugin

To install the plugin you have to follow this procedure:

  1. Unpack inWebo Shibboleth plugin in a Temp directory

    unzip iw-shibboleth-*.zip -d /tmp/

  2. Copy inWebo directories in Shibboleth
    copy the `edit-webapp`, `flow`, `conf` and `views` directories from the distribution into `${idp.home}`

    cd iw-shibboleth-*
cp -R * ${idp.home}

  3. Modify inWebo "inwebo.properties" file

    Path `${idp.home}/conf/inwebo.properties` 

    for your InWebo configuration, you have to input the following details

    inwebo.api.certificate.path= <The_path_of_your_inWebo_certificate_file>
inwebo.api.certificate.password= <Your_certificate_passphrase>
inwebo.api.service.id= <Your_inWebo_service_ID>

  4. Modify Shibboleth "idp.properties" file

    Path: `${idp.home}/conf/idp.properties`

    You have to edit the following properties:  

    1. idp.additionalProperties

      You have to add ", /conf/inwebo.properties" at the end of the line

      idp.additionalProperties= /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/inwebo.properties

    2. idp.authn.flowsYou have to add "|inWebo"

      idp.authn.flows= Password|inWebo


    3. idp.authn.flows.initialUncomment the line and change with inWebo

      idp.authn.flows.initial = inWebo

  5. Modify Shibboleth "web.xml" file

    Path: `${idp.home}/edit-webapp/WEB-INF/web.xml`

    If you don't have this file, you can copy from `${idp.home}/webapp/WEB-INF/web.xml`

    1. In the first section <context-param>
      You have to add : "classpath*:/META-INF/shibboleth-idp/inwebo-global-config.xml," in contextConfigLocation <param-value>

      <context-param>
	<param-name>contextConfigLocation</param-name>
	<param-value>classpath*:/META-INF/shibboleth-idp/inwebo-global-config.xml,${idp.home}/system/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/config.xml</param-value>
</context-param>

    2. In the <servlet> section, idp<servlet-name>You have to add : "classpath*:/META-INF/shibboleth-idp/inwebo-webflow-config.xml," in contextConfigLocation <param-value>

      <servlet>
	<servlet-name>idp</servlet-name>
	<init-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>classpath*:/META-INF/shibboleth-idp/inwebo-webflow-config.xml,${idp.home}/system/conf/mvc-beans.xml,${idp.home}/system/conf/webflow-			config.xml</param-value>
	</init-param>
</servlet>

  6. Modify Shibboleth "authn-messages.properties" file

    Path: `${idp.home}/messages/authn-messages.properties`

    You have to add the following properties:

    # inWebo messages
idp.login.inwebo.push.send = Send Push Authentication
idp.login.inwebo.connect.message = Connecting...

  7. Rebuild shibboleth IdP war file

    cd ${idp.home}/bin
./build.sh

  8. Restart App Server (tomcat or jetty)

How to debug

Modifying shibboleth "logback.xml" file

Path `${idp.home}/conf/logback.xml`

add after `<logger name="net.shibboleth.idp" level="INFO"/>' the following section:

<!-- Logs inWebo →
<logger name="com.inwebo" level="DEBUG"/>
<logger name="org.glassfish.jersey" level="DEBUG"/>