目次 |
---|
添付ファイル |
---|
Purpose
The purpose of this document is to install and validate the (global) mAP environment.
...
Table 2‑1 Required Software
Software Name | Version | Notes |
CentOS (64bit) | 7.2 | Operating System |
Shibboleth-SP | 2.5.5 | Service Provider |
Shibboleth-IdP | 2.4.5 | Identity Provider |
Apache HTTP Server | 2.4 (*1) | WEB Server |
Java | OpenJDK 7.0.85 | IdP Executable Environment |
Apache Tomcat | 7.0.54 (*1) | Servlet Container |
MariaDB | 5.5.44 (*1) | Relational Database |
Postfix | 2.10 (*1) | Mail Transfer Agent |
PHP | 5.4.16 (*1) | Programing Language |
*1 Latest version of yum package as of 2015/2/29
Installing Shibboleth SP
Please install Shibboleth SP while referring to the install guide.
...
* If the MariaDB has already been installed as the initial component, you can skip this process.
Setup /etc/my.cnf
コード ブロック |
---|
[mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock user=mysql symbolic-links=0 old_passwords=1 character-set-server = utf8 [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid [mysql] character-set-server = utf8 |
...
コード ブロック |
---|
$ sudo systemctl start mariadb.service $ sudo systemctl enable mariadb.service |
Create Database
コード ブロック |
---|
$ mysql -u root CREATE DATABASE vo; GRANT ALL PRIVILEGES ON vo.* TO 'vouser'@'localhost' IDENTIFIED BY 'YOUR OWN PASSWORD'; |
...
コード ブロック |
---|
$ sudo yum install php $ sudo yum install php-devel php-gd php-mbstring php-pdo $ sudo yum install php-mysql php-xml $ sudo systemctl restart httpd.service |
...
Setting Up Timezone
Add timezone in /etc/php.ini . Parameter “Asia/Tokyo” should be changed depending on your local time.
...
Download required files from following URL.
Please contact GakuNin Office if authentication is requested. |
...
Modify Setting
attribute-map.xml
Add the following line or make sureisMemberOf
attribute is recognized.コード ブロック language xml <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" id="isMemberOf"/>
attribute-policy.xml
Add the following rule beforeattributeID="*"
line.コード ブロック language xml <!-- isMemberOf --> <afp:AttributeRule attributeID="isMemberOf"> <afp:PermitValueRule xsi:type="AttributeIssuerString" value="https://[Host Name of the SP]/idp/shibboleth"/> </afp:AttributeRule>
Modify “[Host Name of the SP]” to this server host name.
shibboleth2.xml
Add MetadataProvider.コード ブロック language xml <!-- Example of locally maintained metadata. --> <!-- Metadata of this IdP --> <MetadataProvider type="XML" file="/opt/shibboleth-idp/metadata/idp-metadata.xml"/>
And add SimpleAggregation AttributeResolver after
<AttributeResolver type="Query" subjectMatch="true"/>
line.コード ブロック <!-- Uses eduPersonPrincipalName from IdP to query, and asks for isMemberOf. --> <AttributeResolver type="SimpleAggregation" attributeId="eppn" format="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"> <Entity>https://[Host Name of the IdP]/idp/shibboleth</Entity> </AttributeResolver>
Modify “[Host Name of the IdP]” to this server host name.
...
Download required file from following URL.
Please contact GakuNin Office if authentication is required. https://mariadb.com/my_portal/download/java-client Please download trustany-ssl-1.0.x.jar from wiki.shibboleth.net: |
Modify Configuration
- attribute-resolver.xml
Modify“SALT”to appropriate random values.
Setup database password to be the same one with “6. Installing and Setting Up MariaDB.
Modify “Host name of the IdP” to this server host name. relying-party.xml
Add MetadataProvider for SP which utilize this mAP system.コード ブロック language xml <metadata:MetadataProvider id="SP" xsi:type="metadata:ResourceBackedMetadataProvider"> <metadata:MetadataResource xsi:type="resource:FilesystemResource" file="/etc/shibboleth/metadata/sp-metadata.xml" /> </metadata:MetadataProvider>
...
Overwrite the configuration files.
...
Download files from the following URL.
...
Deployment
コード ブロック |
---|
$ unzip cloudgateway-1.0.zip $ sudo mv map /usr/local/. |
...
- /usr/local/map/app/config/database.php
In the 'password' => '', set the password defined at “6. Installing and Setting Up MariaDB” - /usr/local/map/app/config/mail.php
In the 'host' => '', set the SMTP server.
In the $from, $this->from, set the FROM address of the email which will be send from this server.
In the $footer_jp_map, $footer_jp_test, $footer_eng_map and $footer_eng_test, modify to the appropriate sentences as you want. - /usr/local/map/app/config/system.php
In the "host" and the host of "loginlink" in $config["production"], $config["test"], set the host name of this server. Registration of System Administrator
Create a new account by accessing to the following URL.
https://HOTS-NAME-OF-THIS-SERVER/map/
After selecting the IdP and then login, create a new account.
Register the Administrator of the Database.コード ブロック $ mysql -u vouser vo -pYOUR-OWN-PASSWORD mysql> select id,name,mail from accounts; Find your ID by the above command, and then and execute the following SQL to your ID. mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(YOUR-ACCOUNT-ID, 1, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP()); Example) mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 1, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP());
Registration of IdP administrators
...
コード ブロック |
---|
$ mysql -u vouser vo -pYOUR-OWN-PASSWORD mysql> insert into sp_administrators(eppn, host_name, entityid, created) values('YOUR-ePPN', 'HOST-NAME-OF-UTILIZED-SP', 'ENTITY-ID-OF-UTILIZED-SP', NOWUTC_TIMESTAMP()); Example1)Registration for researchmap and kyouindb mysql> insert into sp_administrators(eppn, host_name, entityid, created) \ values('xxxx@kyoto-u.ac.jp', 'researchmap.jp', 'https://researchmap.jp/shibboleth-sp', NOWUTC_TIMESTAMP()); mysql> insert into sp_administrators(eppn, host_name, entityid, created) \ values('xxxx@kyoto-u.ac.jp', 'kyouindb.iimc.kyoto-u.ac.jp', \ 'https://kyouindb.iimc.kyoto-u.ac.jp/shibboleth-sp', NOWUTC_TIMESTAMP()); Exmaple2) Registration for test-meatmail.nii.ac.jp and test-map-sp1.nii.ac.jp mysql> insert into sp_administrators(eppn, host_name, entityid, created) \ values('xxxxxx@ebook-idp.nii.ac.jp', 'test-meatmail.nii.ac.jp', \ 'https://test-meatmail.nii.ac.jp/shibboleth-sp', NOWUTC_TIMESTAMP()); mysql> insert into sp_administrators(eppn, host_name, entityid, created) \ values(' xxxxxx@ebook-idp.nii.ac.jp', 'test-map-sp1.nii.ac.jp', \ 'https://test-map-sp1.nii.ac.jp/shibboleth-sp', NOWUTC_TIMESTAMP()); |
Create SP Connector
Create SP Connector of the utilized SP by executing the following SQL.
コード ブロック |
---|
$ mysql -u vouser vo -pYOUR-OWN-PASSWORD mysql> insert into groups(group_key,name,introduction,active,public,openmember,\ inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,\ created,modified) values('GROUP-KEY', 'SERVICE-NAME', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP()); Example1)Researchmap and kyouindb mysql> insert into groups(group_key,name,introduction,active,public,openmember,\ inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \ values('researchmap', 'Researchmap', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP()); mysql> insert into groups(group_key,name,introduction,active,public,openmember,\ inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified \ ) values('kyouindb', 'kyouindb', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP()); Example2)test-meatmail.nii.ac.jp and test-map-sp1.nii.ac.jp mysql> insert into groups(group_key,name,introduction,active,public,openmember,\ inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \ values('test-meatmail.nii.ac.jp', 'test-meatmail.nii.ac.jp', '', \ 0, 1, 1, 1, 0, 2, 0, 2, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP()); mysql> insert into groups(group_key,name,introduction,active,public,openmember,\ inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \ values('test-map-sp1.nii.ac.jp', 'test-map-sp1.nii.ac.jp', '', \ 0, 1, 1, 1, 0, 2, 0, 2, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP()); |
...
Register the administrator of SP Connector to the database.
コード ブロック |
---|
$ mysql -u vouser vo -pYOUR-OWN-PASSWORD mysql> select id,name,mail from accounts; mysql> select id,group_key,name from groups where sp=1; Find your ID and Group table ID by the search com"mand above and then put it in the "YOUR-ACCOUNT-ID"and "GroupID" in the following SQL. mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(YOUR-ACCOUNT-ID, GroupID, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP()); Example) In case of creating 3 SP Connectors mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 2, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP()); mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 3, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP()); mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 4, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP()); |
Connection between SP Connecor and SP.
...
コード ブロック |
---|
$ mysql -u vouser vo -pYOUR-OWN-PASSWORD Search utilizes SP Connector ID. mysql> select id, name from groups where sp = 1; Search utilizes SP ID mysql> select id, name from sp_hosts; Based on the search result, register connecting information between SP Connector and SP. insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \ values(SP-CONNECTOR-ID, SP-ID, 'SERVICE-URL', NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP(), 'SERVICE-NAME'); ・SP Connector ID:ID of groups table ・SP ID:ID of sp_hosts table Example1)Researchmap and kyouindb mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \ values(2, 3, 'http://researchmap.jp/', NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP(), 'Researchmap'); mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \ values(3, 15, 'http://kyouindb.iimc.kyoto-u.ac.jp/', NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP(), 'kyouindb'); Example2)test-meatmail.nii.ac.jp and test-map-sp1.nii.ac.jp mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \ values(2, 80, 'https://test-meatmail.nii.ac.jp/', NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP(), 'Test-MeatMail'); mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \ values(3, 175, 'https://test-map-sp1.nii.ac.jp/', NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP(), 'Test-mAP-SP1'); |
...
Automatic Connection of SP Connector
...
コード ブロック |
---|
$ mysql -u vouser vo -pYOUR-OWN-PASSWORD Obtain ID by searching SP Connector mysql> select id, name from groups where sp = 1; Set the found ID in the following SQL and then execute. mysql> insert into sp_auto_connectors(groupid,created) values(FOUND-ID, NOWUTC_TIMESTAMP()); Example) mysql> insert into sp_auto_connectors(groupid,created) values(2, NOWUTC_TIMESTAMP()); mysql> insert into sp_auto_connectors(groupid,created) values(3, NOWUTC_TIMESTAMP()); |
...
Attribute Consent Setting for SP Connector
...
コード ブロック |
---|
$ mysql -u vouser vo -pYOUR-OWN-PASSWORD Obtain ID by searching SP Connector mysql> select id, name from groups where sp = 1; Set ID for SP Connector in the following SQL and then execute. mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\ language,organization,created,modified) values(FOUND-ID, 1, 1, 1, 1, 1, 1, 1, 1, NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP()); Example) select id, name from groups where sp = 1; +----+-------------------------+ | id | name | +----+-------------------------+ | 2 | xxxxxxx | | 3 | yyyyyyy | | 4 | zzzzzzz | mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\ language,organization,created,modified) values(2, 1, 1, 1, 1, 1, 1, 1, 1, NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP()); mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\ language,organization,created,modified) values(3, 1, 1, 1, 1, 1, 1, 1, 1, NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP()); mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\ language,organization,created,modified) values(4, 1, 1, 1, 1, 1, 1, 1, 1, NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP()); |
Importing the Account Data from the Existing Database
...
コード ブロック |
---|
LOCAL-ID(SPS-ID)<<TAB>>ePPN<<TAB>>DISPLAY-NAME(NAME) ... |
...
Import command is as follows.
...