tiqr
子ページ
  • Installing Shibbolized Tiqr

比較バージョン

古いバージョン 42

changes.mady.by.user Takeshi Nishimura

保存しました

次と比較

新しいバージョン 43

changes.mady.by.user Takeshi Nishimura

保存しました

キー

  • この行は追加されました。
  • この行は削除されました。
  • 書式設定が変更されました。

...

  • httpd's logs in /var/log/httpd
  • PHP's logs in syslog or whatever you configured at /etc/php.ini
  • tiqrzend's login logs /opt/tiqrzend/application/logs/

...

Building the IdP extension requires Apache Maven. You can build the extension outside where IdP resides, but you need the same Java environment to build the extenion extension there.

Here is how to install Apache Maven 3.5.0 in /opt/ directory.

...

コード ブロック
$ ls
pom.xml  src
$ mvn -DskipTests=false clean package
... (a lot of logs) ...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.683 s
[INFO] Finished at: 2017-09-05T16:41:39+09:00
[INFO] Final Memory: 24M/361M
[INFO] ------------------------------------------------------------------------
$ ls
pom.xml  src  target
$ ls target/
classes  maven-archiver  tiqrshibauthn-2.0.jar

Here, tiqrshibauthn-2.0.jar in target/ is what we want.

...

From this step, we assume you logged in the host where IdP resides as root. You should also prepare IdP's installation package unpacked somewhere.

...

root

...

.

...

Before going forward, we recommend to stop Tomcat.

...

Place tiqrshibauthn-2.0.jar in IdP installer's /opt/shibboleth-idp/edit-webapp/WEB-INF/lib/ directory.

コード ブロック
<servlet>
# cp -i .../tiqrshibauthn-2.0.jar /opt/shibboleth-idp/edit-webapp/WEB-INF/lib/

Add the following XML content in `/opt/shibboleth-idp/edit-webapp/WEB-INF/web.xml`. If you don't have the web.xml file, copy from `/opt/shibboleth-idp/webapp/WEB-INF/web.xml` in advance.

コード ブロック
<servlet>
    <servlet-  <servlet-name>TiqrShibAuthnHandler</servlet-name>
    <servlet-class>jp.gakunin.tiqrshib.TiqrShibAuthnServlet</servlet-class>
    <load-on-startup>4</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>TiqrShibAuthnHandler</servlet-name>
    <url-pattern>/Authn/TiqrShib</url-pattern>
</servlet-mapping>

...

Depending on your Tomcat configuration, you may need to copy `idp.war` in `/usr/java/tomcat`$CATALINA_BASE/webapps/` and remove `idp/` directory there.

コード ブロック
# cp -f /opt/shibboleth-idp/war/idp.war /usr/java/tomcat/$CATALINA_BASE/webapps/
# rm -rf /usr/java/tomcat$CATALINA_BASE/webapps/idp

Also depending on your Tomcat version, you may need to remove temporary files.

コード ブロック
# rm -rf $CATALINA_BASE/webapps/idp $CATALINA_BASE/work/Catalina/localhost/idp

Configure IdP for the Extension

...

Create `flows/authn/tiqrshib/` directory and copy some relevante relevant XML files. Then edit copied files so they become ready for tiqrshib authentication.

...

Change secrets shared between tiqrzend and the IdP extentionextension.

  • On tiqrzend side, modify resources.tiqrshib.encryption.key and resources.tiqrshib.encryption.iv.
  • On the extension side, modify AES_KEY and AES_IV in TiqrShibConstants.java in the IdP extension.

Note that the modification requires recreating jar file and IdP package re-installationbuild.

Metadata for Tiqr Server

...

  • resources.tiqr.identifier
  • resources.tiqr.name
  • resources.tiqr.logoUrl

Consult to the officitial official document (https://tiqr.org/tiqr-simplesaml-integration-guide) for more information.

...