CAF – Common IdP and SP Configuration Settings

Common steps for both the Shibboleth IdP and SP are to fetch the FIM Signing Key and to also configure Production and or Test aggregate fetching and validation.  These steps shape the foundation for the base configurations in CAF, which may branch into more in-depth information and links.

Fetching FIM Signing Key

Fetch the certificate from the FIM Operations URL using cURL:

curl https://caf-shib2ops.ca/CoreServices/caf_metadata_verify.crt -o md-signer.crt

Note: Windows users may need to install a cURL tool, see:  http://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/objectstorage/restrict_rw_accs_cntainers_REST_API/files/installing_curl_command_line_tool_on_windows.html#summary

  • For the IdP, place the file in %{idp.home}/conf/credentials/md-signer.crt
  • For the SP, place the file in /etc/shibboleth/md-signer.crt