...
- httpd's logs in /var/log/httpd
- PHP's logs in syslog or whatever you configured at /etc/php.ini
- tiqrzend's login logs /opt/tiqrzend/application/logs/
...
Building the IdP extension requires Apache Maven. You can build the extension outside where IdP resides, but you need the same Java environment to build the extenion extension there.
Here is how to install Apache Maven 3.5.0 in /opt/ directory.
...
コード ブロック |
---|
$ ls pom.xml src $ mvn -DskipTests=false clean package ... (a lot of logs) ... [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 1.683 s [INFO] Finished at: 2017-09-05T16:41:39+09:00 [INFO] Final Memory: 24M/361M [INFO] ------------------------------------------------------------------------ $ ls pom.xml src target $ ls target/ classes maven-archiver tiqrshibauthn-2.0.jar |
Here, tiqrshibauthn-2.0.jar
in target/ is what we want.
...
From this step, we assume you logged in the host where IdP resides as root. You should also prepare IdP's installation package unpacked somewhere.
...
root
...
.
...
Before going forward, we recommend to stop Tomcat.
...
Place tiqrshibauthn-2.0.jar in IdP installer's /opt/shibboleth-idp/edit-webapp/WEB-INF/lib/
directory.
コード ブロック |
---|
<servlet> # cp -i .../tiqrshibauthn-2.0.jar /opt/shibboleth-idp/edit-webapp/WEB-INF/lib/ |
Add the following XML content in `/opt/shibboleth-idp/edit-webapp/WEB-INF/web.xml`. If you don't have the web.xml file, copy from `/opt/shibboleth-idp/webapp/WEB-INF/web.xml` in advance.
コード ブロック |
---|
<servlet> <servlet- <servlet-name>TiqrShibAuthnHandler</servlet-name> <servlet-class>jp.gakunin.tiqrshib.TiqrShibAuthnServlet</servlet-class> <load-on-startup>4</load-on-startup> </servlet> <servlet-mapping> <servlet-name>TiqrShibAuthnHandler</servlet-name> <url-pattern>/Authn/TiqrShib</url-pattern> </servlet-mapping> |
...
Depending on your Tomcat configuration, you may need to copy `idp.war` in `/usr/java/tomcat`$CATALINA_BASE/webapps/` and remove `idp/` directory there.
コード ブロック |
---|
# cp -f /opt/shibboleth-idp/war/idp.war /usr/java/tomcat/$CATALINA_BASE/webapps/ # rm -rf /usr/java/tomcat$CATALINA_BASE/webapps/idp |
Also depending on your Tomcat version, you may need to remove temporary files.
コード ブロック |
---|
# rm -rf $CATALINA_BASE/webapps/idp $CATALINA_BASE/work/Catalina/localhost/idp |
Configure IdP for the Extension
...
Create `flows/authn/tiqrshib/` directory and copy some relevante relevant XML files. Then edit copied files so they become ready for tiqrshib authentication.
...
Change secrets shared between tiqrzend and the IdP extentionextension.
- On tiqrzend side, modify resources.tiqrshib.encryption.key and resources.tiqrshib.encryption.iv.
- On the extension side, modify AES_KEY and AES_IV in TiqrShibConstants.java in the IdP extension.
Note that the modification requires recreating jar file and IdP package re-installationbuild.
Metadata for Tiqr Server
...
- resources.tiqr.identifier
- resources.tiqr.name
- resources.tiqr.logoUrl
Consult to the officitial official document (https://tiqr.org/tiqr-simplesaml-integration-guide) for more information.
...