...
パネル |
---|
borderColor | #cccccc |
---|
bgColor | #eeeeee |
---|
borderStyle | solid |
---|
|
<Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
checkAddress="false" handlerSSL="false" cookieProps="http">
(省略)
<!-- Session diagnostic service. -->
<Handler type="Session" Location="/Session" showAttributeValues="false"/>
<!-- JSON feed of discovery information. --> <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
<SessionInitiator type="Chaining" Location="/DS" isDefault="true" id="DS"> <SessionInitiator type="SAML2" template="bindingTemplate.html"/> <SessionInitiator type="Shib1"/> <!-- <SessionInitiator type="SAMLDS" URL="https://ex-ds.ecloud.nii.ac.jp/WAYF"/ > --> <SessionInitiator type="SAMLDS" URL="https://test-ds.gakunin.nii.ac.jp/WAYF" /> </SessionInitiator>
</Sessions>
|
...
パネル |
---|
borderColor | #cccccc |
---|
bgColor | #eeeeee |
---|
borderStyle | solid |
---|
|
<!-- Allows overriding of error template information/filenames. You can also add attributes with values that can be plugged into the templates. -->
<Errors supportContact="root@localhost"
helpLocation="/about.html"
styleSheet="/shibboleth-sp/main.css"/>
<!-- Example of remotely supplied batch of signed metadata. --> <!-- --> <!-- <MetadataProvider type="XML" uri="https://ex-ds.ecloud.nii.ac.jp/fed/ex-fed-metadata.xml" --> <MetadataProvider type="XML" uri="https://metadata.gakunin.nii.ac.jp/gakunin-test-metadata.xml" backingFilePath="federation-metadata.xml" reloadInterval="7200" <MetadataFilter type="RequireValidUntil" maxValidityInterval="1296000"/> < <!-- <MetadataFilter type="Signature" certificate="/etc/shibboleth/cert/ex-fed.crt"/> --> <MetadataFilter type="Signature" certificate="/etc/shibboleth/cert/gakunin-test-signer-2011.cer"/> </MetadataProvider> <!-- -->
<!-- Example of locally maintained metadata. --> <!-- <MetadataProvider type="XML" file="partner-metadata.xml"/> --> |
...
パネル |
---|
borderColor | #cccccc |
---|
bgColor | #eeeeee |
---|
borderStyle | solid |
---|
|
cd /opt/shibboleth-idp/credentials
wget https://metadata.gakunin.nii.ac.jp/gakunin-test-signer-2011.cer |
② relying-party.xmlのメタデータと証明書を変更します。xmlのメタデータ自動ダウンロード設定を変更します。
パネル |
---|
borderColor | #cccccc |
---|
bgColor | #eeeeee |
---|
borderStyle | solid |
---|
|
<!-- ========================================== -->
<!-- Metadata Configuration -->
<!-- ========================================== -->
<!--
<metadata:MetadataProvider MetadataProvider the combining other MetadataProviders -->
<metadata:MetadataProvider id="ShibbolethMetadata" xsi:type="metadata:ChainingMetadataProvider">
(省略)
<!-- Example metadata provider. -->
<!-- Reads metadata from a URL and store a backup copy on the file system. -->
<!-- Validates the signature of the metadata and filters out all by SP entities in order to save memory -->
<!-- To use: fill in 'metadataURL' and 'backingFile' properties on MetadataResource element --> <!-- --> <!-- <metadata:MetadataProvider id="URLMD" xsi:type="metadata:FileBackedHTTPMetadataProvider"
metadataURL="https://ex-ds.ecloud.nii.ac.jp/fed/ex-fed-metadata.xml"
<!-- test fed backingFile="/opt/shibboleth-idp/metadata/some-metadata.xml">
-->
--> <metadata:MetadataProvider id="URLMD" xsi:type="metadata:FileBackedHTTPMetadataProvider"
metadataURL="https://metadata.gakunin.nii.ac.jp/gakunin-test-metadata.xml"
backingFile="/opt/shibboleth-idp/metadata/some-metadata.xml"> <metadata:MetadataFilter xsi:type="metadata:ChainingFilter"> <metadata:MetadataFilter xsi:type="metadata:RequiredValidUntil" maxValidityInterval="P15D" > /> <metadata:MetadataFilter xsi:type="metadata:SignatureValidation" trustEngineRef="shibboleth.MetadataTrustEngine" requireSignedMetadata="true" /> <metadata:MetadataFilter xsi:type="metadata:EntityRoleWhiteList"> <metadata:RetainedRole>samlmd:SPSSODescriptor</metadata:RetainedRole> </metadata:MetadataFilter> </metadata:MetadataFilter> </metadata:MetadataProvider> <!-- -->
</metadata:MetadataProvider>
|
③ relying-party.xmlの証明書の設定を変更します。
パネル |
---|
borderColor | #cccccc |
---|
bgColor | #eeeeee |
---|
borderStyle | solid |
---|
|
<!-- ========================================== -->
<!-- Security Configurations -->
<!-- ========================================== -->
<security:Credential id="IdPCredential" xsi:type="security:X509Filesystem">
<security:PrivateKey>/opt/shibboleth-idp/credentials/server.key</security:PrivateKey>
<security:
...
<!--
<security:Certificate>/opt/shibboleth-idp/credentials/ ex-fedserver.crt</security:Certificate>
-->
</security:Credential> <!-- test fed-->
<!-- Trust engine used to evaluate the signature on loaded metadata. -->
<!-- -->
<security:TrustEngine id="shibboleth.MetadataTrustEngine" xsi:type="security:StaticExplicitKeySignature">
<security:Credential id="MyFederation1Credentials" xsi:type="security:X509Filesystem">
<!--
<security:Certificate>/opt/shibboleth-idp/credentials/ex-fed.crt</security:Certificate>
-->
<security:Certificate>/opt/shibboleth-idp/credentials/gakunin-test-signer-2011.cer</security:Certificate>
</security: Certificate > Credential>
</security:TrustEngine>
<!-- -->
|
④ ③ tomcatを再起動します。
パネル |
---|
borderColor | #cccccc |
---|
bgColor | #eeeeee |
---|
borderStyle | solid |
---|
|
service tomcat6 restart |
④ ⑤ テストフェデレーションの接続テスト用SP https://test-sp1.gakunin.nii.ac.jp にアクセスします。
...