注意 |
---|
If you are using TiqrShib version 2.0, we strongly recommend you update it to 2.1 or later. |
Following document instructs how to install Shibbolized Tiqr (or "tiqrshib") in the IdP environment. Please feel free to contact us (tiqr at meatmail.jp) if you have any difficulty during installation.
目次 |
---|
About Enviroment
This instruction is for Shibbolized Tiqr 2.2. Shibbolized Tiqr is tested under the following environment.
- CentOS 7.35
- httpd 2.4
- PHP 5.4
- Oracle JDK 1.8
- Apache Maven 3.2
- Tomcat 89.0
- Shibboleth IdP 3.34.10
- Shibboleth SP 23.60
This document assumes Shibboleth IdP and SP are configured and ready for SAML SSO; IdP should be able to authenticate users per SP's authn request, and supply users' attributes back to SP appropriately. Some attributes must be supplied to SP because Shibbolized Tiqr implicitly requires them:
...
https://meatwiki.nii.ac.jp/confluence/pages/viewpage.action?pageId=20021624 (in Japanese)
Installation
Install Dependent Yum Packages
...
コード ブロック |
---|
$ mkdir -p /opt/tiqrzend/db/ $ sqlite3 /opt/tiqrzend/db/secrets.db sqlite> CREATE TABLE IF NOT EXISTS tiqrshibsecrets ( ...> `id` integer NOT NULL PRIMARY KEY AUTOINCREMENT, ...> `uid` text NOT NULL UNIQUE, ...> `secret` text DEFAULT NULL, ...> `isActive` integer DEFAULT NULL); sqlite> , ...> `loginattempts` integer DEFAULT NULL, ...> `isBlocked` integer DEFAULT NULL); sqlite> (exit) $ sudo chown -R apache: /opt/tiqrzend/db $ sudo chmod -R go-rwx /opt/tiqrzend/db |
Configure httpd
Modify /etc/httpd/conf.d/ssl.conf (or whatever httpd config file you prefer) so httpd contain the following settings:
...
コード ブロック |
---|
$ ls pom.xml src $ mvn -DskipTests=false clean package ... (a lot of logs) ... [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 1.683 s [INFO] Finished at: 2017-09-05T16:41:39+09:00 [INFO] Final Memory: 24M/361M [INFO] ------------------------------------------------------------------------ $ ls pom.xml src target $ ls target/ classes maven-archiver tiqrshibauthn-2.02.jar |
Here, tiqrshibauthn-2.0x.jar
in target/ is what we want.
...
コード ブロック |
---|
# systemctl stop tomcat |
Place tiqrshibauthn-2.0x.jar in /opt/shibboleth-idp/edit-webapp/WEB-INF/lib/
directory.
コード ブロック |
---|
# cp -i .../tiqrshibauthn-2.0?.jar /opt/shibboleth-idp/edit-webapp/WEB-INF/lib/ |
...
Also depending on your Tomcat version, you may need to remove temporary files.
コード ブロック |
---|
# rm -rfr $CATALINA_BASE/webapps/idp $CATALINA_BASE/work/Catalina/localhost/idp |
...
コード ブロック |
---|
idp.authn.flows=Password|tiqrshib |
Add sessionCookiePath="/"
in Context
element in `$CATALINA_BASE/conf/Catalina/localhost/idp.xml` in order to be able to check JSESSIONID in PHP side. E.g.:
コード ブロック | ||
---|---|---|
| ||
<Context docBase="/opt/shibboleth-idp/war/idp.war"
privileged="true"
antiResourceLocking="false"
swallowOutput="true"
sessionCookiePath="/">
...
</Context> |
Finally, start Tomcat.
コード ブロック | ||
---|---|---|
| ||
# systemctl start tomcat |
...