|description=Service Provider Installation testing. |setup=
- For testing purposes, a machine (or VM) with 1GB of RAM and 4 GB of free disk space for binaries, data and logs should be plenty.
- The machine needs to be enrolled as an IPA client.
|actions=
Installation
First, install the IPA-client packages:
# yum install ipa-client
If you installed IPA with DNS then configure /etc/resolv.conf to point to it
nameserver xx.xx.xx.xx
Enroll the machine against your IPA master
# ipa-client-install
If you are using the IPA DNS server then it should discover the IPA master and prompt you for credentials to enroll. Use admin and the admin password selected during IPA install.
Install the Ipsilon packages:
# yum install ipsilon
Configure the SP:
# ipsilon-client-install --saml-idp-metadata https://ipa.example.com/idp/saml2/metadata --saml-auth /sp
The metadata will be downloaded from your IDP and since the IDP is on our IPA master, we use that name.
Add the SP to the IDP:
On the IDP launch firefox and authenticate to the IDP as the admin user, http://ipa.example.com/idp/
Select Identity Providers -> SAML2 -> New
Get the metadata from the SP
# cat /etc/httpd/saml2/sp.example.com/metadata.xml
Copy and paste this into the form. The name you give the SP isn't important.
Restart Apache on the SP
# systemctl restart httpd
Verify the basics
Bring up your Firefox window and select admin->Logout
Go the protected site you just created on the SP, http://sp.example.com/sp/
You should be prompted with a form login.
TODO: testing Kerberos |results= All the test steps should end with the specified results. }}