Latest Release‎ > ‎

Sign-on Methods

This page discusses how to enable or disable authenticating to the GridShib-CA with different web sign-on methods. Currently supported methods are:
  • Shibboleth
  • OpenID

Enabling a Method

To enable a method, do the following:

  1. In gridshib-ca.conf, make sure the method appears in the AuthMethods section with am appropriate value, e.g.:
    • Shibboleth = ${ShibProtectedURL}/shib.cgi
    • OpenId = ${GridShibCAURL}/openid.cgi
  2. In policy.conf, make sure a section for the method appears with at least one valid IdPNameSpace subsection.
  3. Do the following specific steps for the given method:
    • Shibboleth: Be sure you have Shibboleth configured for your Apache installation.
    • OpenID: You need to make sure openid/openid-consumer-secret exists, as specified by value of ConsumerSecretFilename in the OpenId section of gridshib-ca.conf. You can create this file by using bin/create-openid-consumer-secret.pl in your GridShib-CA configuration directory.

Disabling a Method

To disable a method, do the following:
  1. In gridshib-ca.conf, remove the method from  the AuthMethods section.
  2. In policy.conf, remove the section for the method.

Comments