Shibfest Hands-On Preparation
Thank you for your participation in the Shibboleth Installfest hosted by FNAL. Nate Klingenstein (ndk@internet2.edu) from Internet2 will be your instructor for the two-day event, though we'll also have guest lecturers on federation topics particularly relevant to the DoE community. We'll be installing the IdP on VM's and testing with an SP that is local. By the end of the installfest, we hope you will leave with an understanding of federated identity, installation and configuration of the IdP, and the basics of application integration.
To accomplish these aims, we ask that all participants be acquainted with Tomcat, LDAP, Linux (CentOS, in our case) and a shell text editor of their choice. Fermilab will have an operational VM prepared for every participant, so familiarity with VMWare Player would be helpful.
Important: Although we will provide the VMs, (hands-on) participants must bring their own laptops. In addition, it would be helpful if participants install in advance VMPlayer (version 3.0 or higher) on their machines. To avoid compatibility issues, we recommend a recent Windows host OS, on which the VMs were tested. Finally, a basic working understanding of XML is also extremely beneficial for working with the configuration files and the protocol.
http://w3schools.com/xml/default.asp
Network Connectivity
To ensure a secure and uneventful hands-on workshop, Fermilab has created a separate private network for the Shibboleth services, not accessible from the outside. This way, your virtual machines (which expose services) are protected from any attacks that may originate from the Internet.
To allow participants to access the Internet (e-mail, web surfing) the following configuration will be used:
· the wireless interface of each laptop will be allowed to connect to the Internet, after a short MAC registration process that is done on-line. Your laptop (host OS) will enter the Fermilab public visitor network.
· the VMs used for training (which will run as guest OS) will NOT have access to the wireless interface: they will be bound to the wired interface in bridged mode. Specific details about the configuration will be provided at the beginning of the hands-on installation.
Please make sure that your laptop has both the wireless and wired interfaces functional. Also, please make sure that at least one USB port is functional, as we will distribute VM images on USB drives.
Important: All machines that use the FNAL network most comply with the FNAL Policy on Computing available at http://security.fnal.gov/policies/cpolicy.html. Specifically, please disable (in your host OS) any services that your laptop may offer which are not necessary during the installation. In particular, please ensure that you do NOT have SSH services enabled that permit password authentication. Otherwise, your machine will be detected by FNAL scanners and blocked from network access, and you will not have access to e-mail, web, etc (you will still be able to perform the hands-on installation though).
To speed things up, it would help if participants were familiar with procedures for configuring a static host name on your host OS and basic Linux network configuration commands (ipconfig, route) as well as configuration of static hosts (/etc/hosts) in Linux.
For any questions or concerns regarding networking and machine configurations, please email Gabriel Ghinita at gghinita@fnal.gov. Also, if you are not familiar with some of the procedures mentioned above, please send an email to Gabriel and he will be available to assist you with configuration of your machine on the morning of the first workshop day.