...
- Installation of Shibboleth SP
- Deployment of TiqrShib
- Deployment of Related Library
- Modification of Library
- Configuration of Apache
- Configuration of TiqrShib Handler in Shibboleth
- Initial Setting of TiqrShib
...
注意 |
---|
In order to connect tiqr and shibboleth accounts, this shibbolized tiqr utilizes "title" and "street" attributes in the LDAP, each of which corresponds to "isActive" and "secret" values of Tiqr, respectively. Plase modify these attribute appropriately for your environment. You can realize it by chaning /var/tiqrzenddemo/library/tiqrShibLdap.php |
1. Installation of Shibboleth SP in IdP Server
...
コード ブロック |
---|
<ph:LoginHandler xsi:type="ph:ExternalAuthn"
externalAuthnPath="/Authn/TiqrShib" >
<ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract</ph:AuthenticationMethod>
</ph:LoginHandler>
|
...
Make Username/PasswordHandler as default handler
Addition in /usr/java/tomcat/webapps/idp/WEB-INF/web.xml
コード ブロック |
---|
<!-- Servlet for doing Username/Password authentication -->
<servlet>
<servlet-name>UsernamePasswordAuthHandler</servlet-name>
<servlet-class>edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet</servlet-class>
<init-param>
<param-name>authnMethod</param-name>
<param-value>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</param-value>
</init-param>
<load-on-startup>3</load-on-startup>
</servlet>
|
...
Add SessionInitiator in shibboleth2.xml
コード ブロック |
---|
<!-- Special SessionInitiator for Tiqr!!! -->
<SessionInitiator type="SAML2" Location="/TiqrShib" id="siid1" entityID="https://simptest2.nec.test/idp/shibboleth" template="bindingTemplate.html" authnContextClassRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
|
...
Add ="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract" in SessionInitiator
コード ブロック |
---|
<SessionInitiator type="Chaining" Location="/DS" isDefault="true" id="tiqrshiblogin" authnContextClassRef="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract">
<SessionInitiator type="SAML2" template="bindingTemplate.html"/>
<SessionInitiator type="Shib1"/>
<SessionInitiator type="SAMLDS" URL="https://DS SERVER/ds/WAYF"/>
</SessionInitiator>
|
...