目次

Purpose

The purpose of this document is to install and validate the (global) mAP environment.

...

Table 2‑1 Required Software

*1 Latest version of yum package as of  2015/2/29 

Installing Shibboleth SP

Please install Shibboleth SP while referring to the install guide.

...

* If the MariaDB has already been installed as the initial component, you can skip this process.

Setup /etc/my.cnf

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
symbolic-links=0
 
old_passwords=1
character-set-server = utf8
 
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
 
[mysql]
character-set-server = utf8

...

$ sudo systemctl start mariadb.service 
$ sudo systemctl enable mariadb.service

Create Database

$ mysql -u root
CREATE DATABASE vo;
GRANT ALL PRIVILEGES ON vo.* TO 'vouser'@'localhost' IDENTIFIED BY 'YOUR OWN PASSWORD';

...

$ sudo yum install php
$ sudo yum install php-devel php-gd php-mbstring php-pdo
$ sudo yum install php-mysql php-xml
$ sudo systemctl restart httpd.service

...

Setting Up Timezone

Add timezone in /etc/php.ini . Parameter “Asia/Tokyo” should be changed depending on your local time.

...

Download required files from following URL.

...

Modify Setting

• attribute-map.xml
  Add the following line or make sure isMemberOf attribute is recognized.

  コード ブロック
  language xml
  <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" id="isMemberOf"/>

• attribute-policy.xml
  Add the following rule before attributeID="*" line.

  コード ブロック
  language xml
  <!-- isMemberOf --> <afp:AttributeRule attributeID="isMemberOf"> <afp:PermitValueRule xsi:type="AttributeIssuerString" value="https://[Host Name of the SP]/idp/shibboleth"/> </afp:AttributeRule>

  Modify “[Host Name of the SP]” to this server host name.

• shibboleth2.xml
  Add MetadataProvider.

  コード ブロック
  language xml
  <!-- Example of locally maintained metadata. --> <!-- Metadata of this IdP --> <MetadataProvider type="XML" file="/opt/shibboleth-idp/metadata/idp-metadata.xml"/>

  And add SimpleAggregation AttributeResolver after <AttributeResolver type="Query" subjectMatch="true"/>line.

  コード ブロック
  <!-- Uses eduPersonPrincipalName from IdP to query, and asks for isMemberOf. --> <AttributeResolver type="SimpleAggregation" attributeId="eppn" format="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"> <Entity>https://[Host Name of the IdP]/idp/shibboleth</Entity> </AttributeResolver>

  Modify “[Host Name of the IdP]” to this server host name.

...

Download required file from following URL.

Modify Configuration

• attribute-resolver.xml
  Modify“SALT”to appropriate random values.
  Setup database password to be the same one with “6. Installing and Setting Up MariaDB.
  Modify “Host name of the IdP” to this server host name.

• relying-party.xml
  Add MetadataProvider for SP which utilize this mAP system.

  コード ブロック
  language xml
  <metadata:MetadataProvider id="SP" xsi:type="metadata:ResourceBackedMetadataProvider"> <metadata:MetadataResource xsi:type="resource:FilesystemResource" file="/etc/shibboleth/metadata/sp-metadata.xml" /> </metadata:MetadataProvider>

...

Overwrite the configuration files.

...

Download files from the following URL.

...

Deployment

$ unzip cloudgateway-1.0.zip
$ sudo mv map /usr/local/.

...

• /usr/local/map/app/config/database.php
  In the 'password' => '',  set the password defined at “6. Installing and Setting Up MariaDB”
• /usr/local/map/app/config/mail.php
  In the 'host' => '',　set the SMTP server.
  In the $from, $this->from, set the FROM address of the email which will be send from this server.
  In the $footer_jp_map, $footer_jp_test, $footer_eng_map and $footer_eng_test, modify to the appropriate sentences as you want.
• /usr/local/map/app/config/system.php
  In the "host" and the host of "loginlink" in $config["production"], $config["test"], set the host name of this server.

• Registration of System Administrator
  Create a new account by accessing to the following URL.
  https://HOTS-NAME-OF-THIS-SERVER/map/
  After selecting the IdP and then login, create a new account.
  
  Register the Administrator of the Database.

  コード ブロック

  $ mysql -u vouser vo -pYOUR-OWN-PASSWORD mysql> select id,name,mail from accounts; Find your ID by the above command, and then and execute the following SQL to your ID. mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(YOUR-ACCOUNT-ID, 1, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP()); Example) mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 1, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP());

Registration of IdP administrators

...

$ mysql -u vouser vo -pYOUR-OWN-PASSWORD

mysql> insert into sp_administrators(eppn, host_name, entityid, created) 
values('YOUR-ePPN', 'HOST-NAME-OF-UTILIZED-SP', 
'ENTITY-ID-OF-UTILIZED-SP', NOWUTC_TIMESTAMP());


Example1）Registration for researchmap and kyouindb
mysql> insert into sp_administrators(eppn, host_name, entityid, created) \
values('xxxx@kyoto-u.ac.jp', 'researchmap.jp', 'https://researchmap.jp/shibboleth-sp', NOWUTC_TIMESTAMP());

mysql> insert into sp_administrators(eppn, host_name, entityid, created) \
values('xxxx@kyoto-u.ac.jp', 'kyouindb.iimc.kyoto-u.ac.jp', \
'https://kyouindb.iimc.kyoto-u.ac.jp/shibboleth-sp', NOWUTC_TIMESTAMP());



Exmaple2) Registration for test-meatmail.nii.ac.jp and test-map-sp1.nii.ac.jp
mysql> insert into sp_administrators(eppn, host_name, entityid, created) \
values('xxxxxx@ebook-idp.nii.ac.jp', 'test-meatmail.nii.ac.jp', \
'https://test-meatmail.nii.ac.jp/shibboleth-sp', NOWUTC_TIMESTAMP());

mysql> insert into sp_administrators(eppn, host_name, entityid, created) \
values(' xxxxxx@ebook-idp.nii.ac.jp', 'test-map-sp1.nii.ac.jp', \
'https://test-map-sp1.nii.ac.jp/shibboleth-sp', NOWUTC_TIMESTAMP());

Create SP Connector

Create SP Connector of the utilized SP by executing the following SQL.

$ mysql -u vouser vo -pYOUR-OWN-PASSWORD
mysql> insert into groups(group_key,name,introduction,active,public,openmember,\
inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,\
created,modified) values('GROUP-KEY', 'SERVICE-NAME', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP());

Example1）Researchmap and kyouindb
mysql> insert into groups(group_key,name,introduction,active,public,openmember,\
inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \
values('researchmap', 'Researchmap', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP());

mysql> insert into groups(group_key,name,introduction,active,public,openmember,\
inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified \
) values('kyouindb', 'kyouindb', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP());


Example2）test-meatmail.nii.ac.jp and test-map-sp1.nii.ac.jp
mysql> insert into groups(group_key,name,introduction,active,public,openmember,\
inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \
values('test-meatmail.nii.ac.jp', 'test-meatmail.nii.ac.jp', '', \
0, 1, 1, 1, 0, 2, 0, 2, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP());

mysql> insert into groups(group_key,name,introduction,active,public,openmember,\
inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \
values('test-map-sp1.nii.ac.jp', 'test-map-sp1.nii.ac.jp', '', \
0, 1, 1, 1, 0, 2, 0, 2, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP());

...

Register the administrator of SP Connector to the database.

$ mysql -u vouser vo -pYOUR-OWN-PASSWORD
mysql> select id,name,mail from accounts;
mysql> select id,group_key,name from groups where sp=1;

Find your ID and Group table ID by the search com"mand above and then put it in the "YOUR-ACCOUNT-ID"and "GroupID" in the following SQL.
mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(YOUR-ACCOUNT-ID, GroupID, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP());

Example) In case of creating 3 SP Connectors
mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 2, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP());
mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 3, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP());
mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 4, 1, NOWUTC_TIMESTAMP(), NOWUTC_TIMESTAMP());

Connection between SP Connecor and SP.

...

$ mysql -u vouser vo -pYOUR-OWN-PASSWORD

Search utilizes SP Connector ID.
mysql> select id, name from groups where sp = 1;

Search utilizes SP ID
mysql> select id, name from sp_hosts;

Based on the search result, register connecting information between SP Connector and SP.
insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \
values(SP-CONNECTOR-ID, SP-ID, 'SERVICE-URL', NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP(), 'SERVICE-NAME');

・SP Connector ID：ID of groups table
・SP ID：ID of sp_hosts table


Example1）Researchmap and kyouindb
mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \
values(2, 3, 'http://researchmap.jp/', NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP(), 'Researchmap');

mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \
values(3, 15, 'http://kyouindb.iimc.kyoto-u.ac.jp/', NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP(), 'kyouindb');

Example2）test-meatmail.nii.ac.jp and test-map-sp1.nii.ac.jp
mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \
values(2, 80, 'https://test-meatmail.nii.ac.jp/', NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP(), 'Test-MeatMail');
mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \
values(3, 175, 'https://test-map-sp1.nii.ac.jp/', NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP(), 'Test-mAP-SP1');

...

Automatic Connection of SP Connector

...

$ mysql -u vouser vo -pYOUR-OWN-PASSWORD

Obtain ID by searching SP Connector
mysql> select id, name from groups where sp = 1;

Set the found ID in the following SQL and then execute.
mysql> insert into sp_auto_connectors(groupid,created) values(FOUND-ID, NOWUTC_TIMESTAMP());

Example）
mysql> insert into sp_auto_connectors(groupid,created) values(2, NOWUTC_TIMESTAMP());
mysql> insert into sp_auto_connectors(groupid,created) values(3, NOWUTC_TIMESTAMP());

...

Attribute Consent Setting for SP Connector

...

$ mysql -u vouser vo -pYOUR-OWN-PASSWORD


Obtain ID by searching SP Connector
mysql> select id, name from groups where sp = 1;


Set ID for SP Connector in the following SQL and then execute.
mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\
language,organization,created,modified) values(FOUND-ID, 1, 1, 1, 1, 1, 1, 1, 1, NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP());


Example)
select id, name from groups where sp = 1;
+----+-------------------------+
| id | name                    |
+----+-------------------------+
|  2 | xxxxxxx                 |
|  3 | yyyyyyy                 |
|  4 | zzzzzzz                 |
mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\
language,organization,created,modified) values(2, 1, 1, 1, 1, 1, 1, 1, 1, NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP());
mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\
language,organization,created,modified) values(3, 1, 1, 1, 1, 1, 1, 1, 1, NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP());
mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\
language,organization,created,modified) values(4, 1, 1, 1, 1, 1, 1, 1, 1, NOWUTC_TIMESTAMP(),NOWUTC_TIMESTAMP());

Importing the Account Data from the Existing Database

...

LOCAL-ID(SPS-ID)<<TAB>>ePPN<<TAB>>DISPLAY-NAME(NAME)
...

...

Import command is as follows.

...