The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Enabling Shibboleth authentication for an account Guidance needed

Discussion in 'General Discussion' started by mobcdi, Oct 26, 2010.

  1. mobcdi

    mobcdi Well-Known Member

    Joined:
    Jul 13, 2009
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    I would like to enable Shibboleth authentication on an account by account basis and would like the forums guidance on how to do it

    I'm running WHM 11.26.20 on CentOS 5.5
    Apache version 2.2.15
    PHP version 5.3.2
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,451
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  3. mobcdi

    mobcdi Well-Known Member

    Joined:
    Jul 13, 2009
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    Would there be any specific cPanel issues with using Shibboleth or setting it up on a host where the OS updates are managed by WHM?

    I would also welcome any real world experiences of installing, configuring, managing Shibboleth on a cPanel host
     
  4. mobcdi

    mobcdi Well-Known Member

    Joined:
    Jul 13, 2009
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    As part of the Shibboleth (Shibb) installation Apaches http.conf and SSL needs to be configured but I would like to avoid breaking cPanel's so I was hoping I could ask the questions here and forum users would be able to advise how and where best to make the necessary changes.

    From looking at the apache config file in /etc/httpd/conf.d/shib.conf its looking to load a module mod_shib /usr/lib/shibboleth/mod_shib_22.so but also httpd.conf needs to have the UseCanonicalName and ServerName directive(s) are properly configured and SSL is enabled.

    Can someone advise where best to integrate the changes needed so they work with the existing cPanel setup?

    Can I install or load the mod_shib_22.so module using WHM's EasyApache or should I use the include editor instead?
     
  5. mobcdi

    mobcdi Well-Known Member

    Joined:
    Jul 13, 2009
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    Best way to modify Apache conf without causing future problems with cPanel Updates

    I need to modify httpd.conf in the following ways
    • Add directive Use CanonicalName
    • Ensure ServerName directive is properly set
    • Make sure SSL is enabled
    • Load a module called mod_shib

    I want the mod to be available for all accounts on the server and if possible look at integrating it into WHM/Account creation and admin down the line

    Should i use the include editor in WHM and if so under which section or is there a better place or method to make these changes?

    Sorry about the double thread earlier, didn't do it to spam just separate specific topic out
     
    #5 mobcdi, Feb 7, 2011
    Last edited: Feb 7, 2011
  6. mobcdi

    mobcdi Well-Known Member

    Joined:
    Jul 13, 2009
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    Had a quick look at the httpd.conf as created and managed by EasyApache

    Servername is set both inside & outside the virtualhost sections but always to the same value so not too concerned about that

    UseCanonicalName is set to Off in the virtualhost with server aliases for cpanel, whm, webmail and webdisk and no where else

    My questions now are
    Is it better to edit the virualhost entries only for the site(s) I need the module to run instead of making a site wide change and where would be best to do that?
    Where would be best to load module if i choose to enable server wide (pre main, pre virtualhost or post virtualhost) or does it matter?
    Where should i set the UseCanonicalName directive to On to avoid the opposite directive in the virtualhost entry for cPanel?
    how do I know SSL is enabled (I set ssl certs for WHM and cpanel using WHM)
     
    #6 mobcdi, Feb 7, 2011
    Last edited: Feb 7, 2011
Loading...

Share This Page