{"id":39076523,"url":"https://github.com/cloud-gov/shibboleth-boshrelease","last_synced_at":"2026-01-17T18:27:05.319Z","repository":{"id":37851989,"uuid":"67160936","full_name":"cloud-gov/shibboleth-boshrelease","owner":"cloud-gov","description":"IdP using Shibboleth as a BOSH release","archived":false,"fork":false,"pushed_at":"2025-10-07T13:52:28.000Z","size":417,"stargazers_count":2,"open_issues_count":1,"forks_count":1,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-10-07T15:35:40.739Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloud-gov.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2016-09-01T19:41:11.000Z","updated_at":"2025-10-07T13:52:31.000Z","dependencies_parsed_at":"2024-04-09T21:46:46.181Z","dependency_job_id":"c54c4098-a366-482f-b284-c0164f9fa23f","html_url":"https://github.com/cloud-gov/shibboleth-boshrelease","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cloud-gov/shibboleth-boshrelease","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-gov%2Fshibboleth-boshrelease","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-gov%2Fshibboleth-boshrelease/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-gov%2Fshibboleth-boshrelease/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-gov%2Fshibboleth-boshrelease/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloud-gov","download_url":"https://codeload.github.com/cloud-gov/shibboleth-boshrelease/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-gov%2Fshibboleth-boshrelease/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28515479,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T17:57:59.192Z","status":"ssl_error","status_checked_at":"2026-01-17T17:57:52.527Z","response_time":85,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-17T18:27:04.649Z","updated_at":"2026-01-17T18:27:05.310Z","avatar_url":"https://github.com/cloud-gov.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# BOSH Release for Shibboleth v4\n\nThis is an identity provider suitable for use as a SAML provider in CloudFoundry.\n\n## Configuring the IdP tomcat instance\n\nBy default tomcat is configured to use SSL with a self-signed certificate and will be started on port 8443.\n\n### Using your own certificate\n\nAdd the following properties to a file called `my-secrets.yml`:\n\n``` yaml\n---\nproperties:\n  idp:\n    sslCertificate: | # Specifies your SSL certificate\n        -----BEGIN CERTIFICATE-----\n        YOUR CERT HERE\n        -----END CERTIFICATE-----\n    sslPrivateKey: | # Specifies your private key. The key must be a passphrase-less key.\n        -----BEGIN RSA PRIVATE KEY-----\n        YOUR KEY HERE\n        -----END RSA PRIVATE KEY-----\n```\n\n### Generating a self-signed certificate\n\n1. Generate your private key with any passphrase\n\n```shell\nopenssl genrsa \\\n        -aes256 \\\n        -out server.key \\\n        1024\n```\n\n2. Remove passphrase from key\n\n```shell\nopenssl rsa \\\n        -in server.key \\\n        -out server.key\n```\n\n3. Generate certificate signing request for CA\n\n`openssl req -x509 -sha256 -new -key server.key -out server.csr`\n\n4. Generate self-signed certificate with 365 days expiry-time\n\n```shell\nopenssl x509 \\\n        -sha256 \\\n        -days 365\n        -in server.csr \\\n        -signkey server.key \\\n        -out selfsigned.crt\n```\n\n### Create the SAML Signing Key and Certificate\n\nThe main key underlying most IdPs is the digital signing key. This is a private\nkey used to sign SAML messages.  The certificate is just a convenient container\nfor the public key. In Shibboleth, or any compliant SAML system, the content of\nthe certificate other than the key is totally ignored.\n\n\u003e Protect your private signing key!\n\u003e Make no mistake, a compromised signing key allows anybody with the key to impersonate your IdP and by extension all of its users.\n\n1. Generate your SAML signing key and certificate\n\n```shell\nopenssl req -new \\\n            -x509 \\\n            -nodes \\\n            -newkey rsa:2048 \\\n            -keyout key.pem \\\n            -days 365 \\\n            -subj '/CN=hostname.example.org' \\\n            -out cert.pem\n```\n\nAdd the following properties to the `my-secrets.yml` file:\n\n```yaml\n---\nproperties:\n  idp:\n    signing:\n      key: | # Specifies your private SAML signing key\n        YOUR KEY HERE\n      cert: | # Specifies your public SAML certificate.\n        YOUR CERT HERE\n    encryption:\n      key: | # Specifies your private SAML encryption key\n        YOUR KEY HERE\n      cert: | # Specifies your public SAML encryption certificate.\n        YOUR CERT HERE\n```\n\nYou now suffix this file path to the `make_manifest` command:\n\n```\n./templates/make_manifest warden my-secrets.yml\nbosh -n deploy\n```\n\n### Notes\n\n- The property `idp.port` can't be set to `8989` because this port is used by\n  BOSH to monitor the server.\n\n## Using the UAA database with shibboleth for authentication\n\nFor more information on how to leverage a UAA database, please see the\n[cg-deploy-shibboleth][cg-deploy-shibboleth] documentation which leverages this\nrelease.\n\n## Usage\n\nSee [cg-deploy-shibboleth][cg-deploy-shibboleth] for a sample deployment.\n\n[cg-deploy-shibboleth]: https://github.com/cloud-gov/cg-deploy-shibboleth \"cloud.gov Concourse deployment pipeline for cloud-gov/shibboleth-boshrelease\"\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloud-gov%2Fshibboleth-boshrelease","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloud-gov%2Fshibboleth-boshrelease","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloud-gov%2Fshibboleth-boshrelease/lists"}