Child pages
  • Shibbolizing Wiki

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3
Table of Contents

Overview

This document covers how to Shibbolize the wiki.

Summary of Changed Files (for Confluence only)

Changed Files

Code Block
/web/confluence-3.3.3-std/bin/setenv.sh
/web/confluence-3.3.3-std/conf/server.xml
/web/confluence-3.3.3-std/confluence/WEB-INF/web.xml
/web/confluence-3.3.3-std/confluence/WEB-INF/classes/seraph-config.xml

New Files

Code Block
/web/confluence-3.3.3-std/confluence/logout.jsp
/web/confluence-3.3.3-std/confluence/status.jsp
/web/confluence-3.3.3-std/confluence/WEB-INF/lib/remoteUserAuth-1.7.2.jar
/web/confluence-3.3.3-std/confluence/WEB-INF/classes/remoteUserAuthenticator.properties

Install Shibboleth

See Setting up a Shibboleth SP for setting up Shibboleth itself.

Apache Config Changes

The mod_proxy settings have to be altered to not proxy shibd stuff. So, in ssl.conf (not 100% sure where this is located on prod), add the following before the first ProxyPass directive:

Code Block
ProxyPassMatch ^(/Shibboleth) !
ProxyPassMatch ^(/shibboleth) !
ProxyPassMatch ^(/shibboleth-sp) !

Then change the ProxyPass* directives to the following:

Code Block
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/

Also, at the top of the vhost section in ssl.conf, remove the :443 from the server name.

Install Confluence Shibboleth Plugin

Copy the plugin from wiki-dev. This jar is located at:

Code Block
/web/confluence-3.3.3-std/confluence/WEB-INF/lib/remoteUserAuth-1.7.2.jar

Put it in the same place on production.

Copy the plugin properties file from wiki-dev. This file is located at:

Code Block
/web/confluence-3.3.3-std/confluence/WEB-INF/classes/remoteUserAuthenticator.properties

Put this in the same place on production, as well.

Confluence (Tomcat) Config Changes

server.xml Changes

In /web/confluence-3.3.3-std/conf/server.xml set up a new Connector on port 8009 which uses AJP:

Code Block
<Connector port="8009" protocol="AJP/1.3"
      minSpareThreads="5" maxThreads="256"
      scheme="https" proxyPort="443" tomcatAuthentication="false" />

seraph-config.xml Changes

In /web/confluence-3.3.3-std/confluence/WEB-INF/classes/seraph-config.xml make the following changes:

Code Block
...
<init-param>
      <param-name>login.url</param-name>
      <!-- <param-value>/login.action?os_destination=${originalurl}</param-value> -->
      <param-value>/Shibboleth.sso/DS?target=https%3A%2F%2Fwiki-dev.library.ucsf.edu${originalurl}</param-value>
</init-param>
<init-param>
      <param-name>link.login.url</param-name>
      <!-- <param-value>/login.action</param-value> -->
      <param-value>/Shibboleth.sso/DS?target=https%3A%2F%2Fwiki-dev.library.ucsf.edu${originalurl}</param-value>
</init-param>
...
<!-- <authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/> -->
<authenticator class="shibauth.confluence.authentication.shibboleth.RemoteUserAuthenticator"/>
...

Convert Usernames

http://confluence.atlassian.com/display/CONF33/Changing+Usernames

References