How to Create a UBITName Login (Shibboleth-Enabled) Pod

Shibboleth enabled images are provided for PHP and Perl. Tenants developing in languages other than Perl and PHP will be responsible for the installation and configuration of the authentication modules/libraries.

Operating System: Any

Applies To: Faculty or Staff using CaaS (Formerly WebApps)

Last Reviewed: February 10, 2023

Prerequisites

Instructions

  1. Complete the steps for How to create a new pod (aka container)
    • Make sure you select one of the Shibboleth images (php-shib or perl-shib) for step 7
  2. Click Project in the menu on the left
  3. Click Routes in the Inventory section
  4. Select the route for the pod you just created
  5. Select Actions > Edit (upper right corner of your screen)
  6. Find the TLS section in the YAML editor and make sure it matches the following:
    tls:
       termination: edge
       insecureEdgeTerminationPolicy: Redirect
  7. Click Save
  8. Click Actions > Edit Labels
  9. Make sure there is a label containing "shibboleth=true" present
  10. Submit a request to allow your pod to communicate with the central Shibboleth servers using the Containers as a Service project request form.

It may take up to two weeks for your request to be completed.

Using Shibboleth

Shibboleth authentication should be managed using .htaccess files.  A very basic example of how to require Shibboleth authentication is below.  See the links under See also, below, for more details.

.htaccess

 

AuthType shibboleth

ShibRequestSetting requireSession 1

Require valid-user

See also

Still need help?

Contact the UBIT Help Center.