Enabling Shibboleth authentication for an account Guidance needed

mobcdi

Well-Known Member
Jul 13, 2009
109
0
66
I would like to enable Shibboleth authentication on an account by account basis and would like the forums guidance on how to do it

I'm running WHM 11.26.20 on CentOS 5.5
Apache version 2.2.15
PHP version 5.3.2
 

mobcdi

Well-Known Member
Jul 13, 2009
109
0
66
Would there be any specific cPanel issues with using Shibboleth or setting it up on a host where the OS updates are managed by WHM?

I would also welcome any real world experiences of installing, configuring, managing Shibboleth on a cPanel host
 

mobcdi

Well-Known Member
Jul 13, 2009
109
0
66
As part of the Shibboleth (Shibb) installation Apaches http.conf and SSL needs to be configured but I would like to avoid breaking cPanel's so I was hoping I could ask the questions here and forum users would be able to advise how and where best to make the necessary changes.

From looking at the apache config file in /etc/httpd/conf.d/shib.conf its looking to load a module mod_shib /usr/lib/shibboleth/mod_shib_22.so but also httpd.conf needs to have the UseCanonicalName and ServerName directive(s) are properly configured and SSL is enabled.

Can someone advise where best to integrate the changes needed so they work with the existing cPanel setup?

Can I install or load the mod_shib_22.so module using WHM's EasyApache or should I use the include editor instead?
 

mobcdi

Well-Known Member
Jul 13, 2009
109
0
66
Best way to modify Apache conf without causing future problems with cPanel Updates

I need to modify httpd.conf in the following ways
  • Add directive Use CanonicalName
  • Ensure ServerName directive is properly set
  • Make sure SSL is enabled
  • Load a module called mod_shib

I want the mod to be available for all accounts on the server and if possible look at integrating it into WHM/Account creation and admin down the line

Should i use the include editor in WHM and if so under which section or is there a better place or method to make these changes?

Sorry about the double thread earlier, didn't do it to spam just separate specific topic out
 
Last edited:

mobcdi

Well-Known Member
Jul 13, 2009
109
0
66
Had a quick look at the httpd.conf as created and managed by EasyApache

Servername is set both inside & outside the virtualhost sections but always to the same value so not too concerned about that

UseCanonicalName is set to Off in the virtualhost with server aliases for cpanel, whm, webmail and webdisk and no where else

My questions now are
Is it better to edit the virualhost entries only for the site(s) I need the module to run instead of making a site wide change and where would be best to do that?
Where would be best to load module if i choose to enable server wide (pre main, pre virtualhost or post virtualhost) or does it matter?
Where should i set the UseCanonicalName directive to On to avoid the opposite directive in the virtualhost entry for cPanel?
how do I know SSL is enabled (I set ssl certs for WHM and cpanel using WHM)
 
Last edited: