tiqr
子ページ
  • Installing Shibbolized Tiqr

比較バージョン

古いバージョン 33

changes.mady.by.user (not used) KUROSAKA Shoichi

保存しました

次と比較

新しいバージョン 34

changes.mady.by.user Takeshi Nishimura

保存しました

キー

  • この行は追加されました。
  • この行は削除されました。
  • 書式設定が変更されました。

...

Following document instructs how to install shibbolized Tiqr in the IdP environment. You don't have to hack the IdP itself. It works as an external login handler. Please feel free to contact us (tiqr at meatmail.jp) if you have any difficulty while installing this.

情報

This document was updated to use urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered instead of urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract for authentication context.

 

目次

注意

In order to connect tiqr and shibboleth accounts, this shibbolized tiqr utilizes "title" and "street" attributes in the LDAP, each of which corresponds to "isActive" and "secret" values of Tiqr, respectively. Please modify these attributes appropriately depending on your environment. You can realize it by customizing /var/tiqrzenddemo/library/tiqrShibLdap.php

...

コード ブロック
<!-- Servlet protected by container used for TiqrShib authentication -->
    <servlet>
        <servlet-name>TiqrShibAuthHandler</servlet-name>
        <servlet-class>tiqrshibAuthn</servlet-class>
            <init-param>
                 <param-name>authnMethod</param-name>
                 <param-value>urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract<MobileTwoFactorUnregistered</param-value>
            </init-param>
        <load-on-startup>3</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>TiqrShibAuthHandler</servlet-name>
        <url-pattern>/Authn/TiqrShib</url-pattern>
    </servlet-mapping>

...

コード ブロック
<ph:LoginHandler xsi:type="ph:ExternalAuthn"
                     externalAuthnPath="/Authn/TiqrShib" >

    <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract<MobileTwoFactorUnregistered</ph:AuthenticationMethod>
</ph:LoginHandler>

...

Add ="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContractMobileTwoFactorUnregistered" in SessionInitiator

コード ブロック
<SessionInitiator type="Chaining" Location="/DS" isDefault="true" id="tiqrshiblogin" authnContextClassRef="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContractMobileTwoFactorUnregistered">
               <SessionInitiator type="SAML2" template="bindingTemplate.html"/>
               <SessionInitiator type="Shib1"/>
               <SessionInitiator type="SAMLDS" URL="https://DS SERVER/ds/WAYF"/>
            </SessionInitiator>

...