Easing the pain of Shibboleth integration with Shibboleth's Lil Helper

Let's face it, you're looking at this blog post because you've been roped into migrating some crusty enterprise authentication system to the new thing higher education seems to be switching to--Shibboleth.  If you've kept up in the space of open standard authentication systems like OpenID, OAuth, or OAuth2, you might be thinking, "How hard can it be, its just another auth standard?".

Unfortunately, Shibboleth is a ugly beast of an auth standard [seemingly] designed to stab you in the face with XML violence.  Its vocabulary is confusing, its configuration is wacky, and there are a million esoteric errors that provide little value in troubleshooting--in summary, it's harder than it looks.  That's why I wrote Shibboleth's Lil Helper (slh), a tool that automates the generation of Apache/IIS Shibboleth Native Service Provider configuration and metadata files.

Over the last year, our organization (Academic Support Resources) has used this tool to migrate 20 sites, 6 Apache and IIS servers, across 4 languages and have helped at least 5 departments within the University of Minnesota get setup using SLH and migrating their own infrastructure.  So far, SLH seems to solve more problems than it creates, and most folks that have used it have been pretty stoked.

Last week I had got three more phone calls asking for help with Shibboleth and SLH--I decided I ought do something to decrease the amount of time I spend walking people through the process.  The following is my attempt at making my actual self obsolete through a digital representation of myself, :).

Using Shibboleth's Lil Helper for Shibboleth Native SP integration with Apache or IIS

1. Skim the Documentation and follow the install instructions on your development machine
2. Skim the Presentation to understand end-to-end process of integrating Shibboleth with Apache or IIS with Shibboleth's Lil Helper
3. Watch and hack along with these screencasts
   All of these screencasts tackle different aspects of integrating an Linux-Apache server with the Shibboleth Native SP and the IdP server.  Though there are some minor differences between integration with IIS and Apache, this content should still be useful for illustrating the key steps in the process. Apologies in advance for the scrappy nature of these screen casts; there are certainly not as refined as I'd like, the resolution is shabby, etc.

• 01-Intro and Shibboleth Native SP before and after enabling on web-server (6m)
• 02-Rubygem installed config.rb initialized git repo created (3m)
• 03-Configuring the SP server with shibboleth2 xml and shib_apach conf (13m)
• 04-verify and generate your metadata (5m)
• 05-integrating with target language (5m)

Please consider commenting on this post or the Github Wiki with any snags, corrections, or tips that might be useful for others when integrating Shibboleth with Shibboleth's Lil Helper.