########################################################################################################################
# README TO FOLLOW THE INSTRUCTION TO INSTALL AND CONFIGURE SHIBBOLETH SERVICE PROVIDER.
#########################################################################################################################

Run the script "04_Shibboleth_Install_Config.sh" run as root user.
-------------------------------------------------------------------------------------------------------------------------

Prerequisites:
-------------------------------------------------------------------------------------------------------------------------
1. Install Shibboleth-SP on the Oracle HTTP Server machine.
2. Requires Internet access to Install Shibboleth-SP.
3. Requires the front-end e.g., Load Balancer SSL Certificates used for signing and encryption.
4. SAML IDP Metadata XML file is required to be placed in the respective automation script folder.

Installation:
-------------------------------------------------------------------------------------------------------------------------
Navigate to: https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335537/Installation
Select Linux and Navigate to: https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335547/LinuxInstall
Select "Install from RPM" and Navigate to: https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335566/RPMInstall
Select the Link: https://shibboleth.net/downloads/service-provider/RPMS/
Select the Supported Platform: CentOS 8
Click on Generate Button.

-------------------------------------------------------------------------------------------------------------------------
[shibboleth]
name=Shibboleth (CentOS_8)
# Please report any problems to https://shibboleth.atlassian.net/jira
type=rpm-md
mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/CentOS_8
gpgcheck=1
gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
        https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
enabled=1
-------------------------------------------------------------------------------------------------------------------------
Save the generated text as /etc/yum.repos.d/shibboleth.repo
-------------------------------------------------------------------------------------------------------------------------

Install Shibboleth-SP:
-------------------------------------------------------------------------------------------------------------------------
yum -y install shibboleth.x86_64

Configuration:
-------------------------------------------------------------------------------------------------------------------------
1. All the required files for configuration are copied to the server.
2. Original files (shibboleth2.xml and attribute-map.xml) are taken backup.
3. shibboleth2.xml.sample and attribute-map.xml.sample files are copied from the script location to the server.
4. Shibboleth SP Configuration is done based on the shibboleth2.xml and attribute-map.xml files.
5. SAML IDP Metadata xml file should be copied to the shibdFiles folder prior to the script execution.
6. Load Balancer SSL Certificates are used for Signing and Encryption of the SP Metadata and SAML Assertions.
7. Copy the certificates of the Load Balancer or OHS which ever is the frontend to the shibdFiles folder.
8. If the SAML SP environment is a clustered environment, cookies and cluster configuration is also done.
9. Restart the shibboleth sp services:
	/bin/systemctl stop shibd.service
	/bin/systemctl start shibd.service


SAML SP Metadata Information:
-------------------------------------------------------------------------------------------------------------------------
The Oracle HTTP Server with Shibboleth-SP is Configured."
Use below Service Provider End Points to Configure with the SAML Identity Provider."
EntityID: https://${LoadBalancerDNS}/analytics/shibboleth"
AssertionConsumerService: https://${LoadBalancerDNS}/Shibboleth.sso/SAML2/POST"
SingleLogoutService: https://${LoadBalancerDNS}/Shibboleth.sso/SLO/POST"
Signing or Encryption Certificate:" Use the same Load Balancer Certificate placed in the folder: $Software_Location/ohsFiles/certs"
To download the SAML Service Provider Metadata Use the below URL after configuring the Load Balancer."
https://${LoadBalancerDNS}/Shibboleth.sso/Metadata"
-------------------------------------------------------------------------------------------------------------------------


Run the script "05_OHS_Config_SSO.sh" run as oracle user.
-------------------------------------------------------------------------------------------------------------------------

OHS Configuration for SSO:
-------------------------------------------------------------------------------------------------------------------------
1. Copy the SSL certficates of the Load Balancer or OHS (which ever is the frontend) to the ohsFiles/certs folder path.
2. Using the Load Balancer certificates, wallet for OHS is created.
3. Other files placed in the ohsFiles folder are used to configure OHS with performance settings, compression and caching.
4. OAS Server is configured as the Backend server.
5. Copy the Load Balancer Server certificate, privatekey, CA Intermediate and CA Root certificates to ohsFiles/certs.
6. Using the certificates, PFX file is created.
6. If you already have the pfx file, place it in the ohsFiles/certs folder.
7. Using the PFX files, JKS keystore is created.
7. If you already have the JKS Keystore, place the JKS keystore instead of the pfx/certificates.
8. Uses the JKS keystore and creates the eWallet.
9. copies the configuration files to the OHS_INSTANCE_HOME location.
10. SSO Logout info is configured in the logout.html page which set the SP SSO Logout, and requires you to enter the IDP Logoff URL and Post Logoff URL as the variable values.
11. Restarts the OHS and enables it for SSO.

Information:
-------------
1. The OHS is configured as a frontend for a single OAS node in the environment. the environment can be either a single node or clustered OAS env.
2. Automation configure the OHS1 as frontend to OAS1 and OHS2 as frontend to OAS2. Further a Load Balancer will do the Load Balancing between the OHS1 and OHS2.
3. If you want OHS1 to do Load Balancing between OAS1 and OAS2 nodes, you need to comment the include "analytics.conf" statement in the httpd.conf and add include statements for analyticsclustered.conf and workers.conf.
4. Edit the workers.conf file to have the bacend OAS servers and its port no's.

NOTE:
-----
Each of the scripts have a parameter section, where we need to enter the values suitable for your configuration. Mostly these are self explanatory.  

