This outline refers to this JIRA issue
A. old-fashioned way
- Install and configure Service Provider direct on the machine
- Install package from distribution repository OR https://wiki.shibboleth.net/confluence/display/SP3/LinuxInstall
- Configure SP → https://wiki.shibboleth.net/confluence/display/SP3/Configuration
- Configure Webserver → https://wiki.shibboleth.net/confluence/display/SP3/WebServers
- At the secured webserver location place the endpoint of „mod-login“ (mod-login-saml?) that takes the submitted attributes (these are exposed in the environment variables) to map to the right user and log him/her in.
B. containerized way
Use the maintainted service provider in a container → good starting point might be this: https://github.internet2.edu/docker/shib-sp
At this point it might be considerable to merge the remaining login logic with its APIs into the SP container or do it vice versa...
Additional considerations may be:
- If an instance is needed to interact with multiple Identity Providers
→ https://wiki.shibboleth.net/confluence/display/EDS10/Embedded+Discovery+Service - If running multiple FOLIO instances on different URLs additional configuration is needed
- Implementing SLO