To make Shibboleth work properly, a couple of steps are required.
First of all, we need to create a certificate. Doing so is important to choose the length of the certificate, as follows:
shib-keygen -y NUMBER_OF_YEARS
After this, you'll need to copy the file that has just been created at /etc/shibboleth/sp-key.pem
to your Identity Provider.
Be sure that in /etc/shibboleth/shibboleth2.xml
the environment variable REMOTE_USER
is not set; otherwise, local users will not be able to log in.
Restart Shibboleth as follows to apply the changes:
service shibd restart
To make Shibboleth work properly, we need to ensure that, after every reboot, it will be executed automatically. To do so, run the following code:
chkconfig shibd on