GakuNinmAPpublic

ページ ツリー

比較バージョン

古いバージョン 6

changes.mady.by.user yamaji@nii.ac.jp

保存しました

次と比較

新しいバージョン 7

changes.mady.by.user yamaji@nii.ac.jp

保存しました

キー

  • この行は追加されました。
  • この行は削除されました。
  • 書式設定が変更されました。

...

* If the MySQL has already been installed as the initial component, you can skip this process.

 

Setup /etc/my.cnf
コード ブロック
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
symbolic-links=0
 
old_passwords=1
default-character-set = utf8
 
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
 
[mysql]
default-character-set = utf8

 

Execute
コード ブロック
$ sudo /etc/init.d/mysqld start 
$ sudo chkconfig mysqld on

 

Create Database
コード ブロック
$ mysql -u root
CREATE DATABASE vo;
GRANT ALL PRIVILEGES ON vo.* TO 'vouser'@'localhost' IDENTIFIED BY 'YOUR OWN PASSWORD';

Installing and Setting Up PHP

Please install PHP by using following command.

コード ブロック
$ sudo yum install php
$ sudo yum install php-devel php-gd php-mbstring php-pdo
$ sudo yum install php-mysql php-xml
$ sudo /etc/init.d/httpd restart
コード ブロック
$ sudo yum install php
$ sudo yum install php-devel php-gd php-mbstring php-pdo
$ sudo yum install php-mysql php-xml
$ sudo /etc/init.d/httpd restart

 

Setting Up Timezone

Add timezone in /etc/php.ini . Parameter “Asia/Tokyo” should be changed depending on your local time.

コード ブロック
date.timezone = "Asia/Tokyo"

Installing and Setting Up Mail Server

...

Please install and setup mail server by using Postfix or Sendmail. Following instruction is for Postfix.

Install
コード ブロック
$ sudo yum install postfix
Setup Postfix

Please modify parameters depending on your local environment.

コード ブロック
/etc/postfix/main.cf
Execute
コード ブロック
$ sudo /etc/init.d/postfix start
$ sudo chkconfig postfix on

Installing Attribute Provider (SP)

Shibboleth SP which has been installed in section 4 will be configured for Attribute Provider.

Download required file from following URL.

https://forge.gakunin.nii.ac.jp/svn/GakuNinmAP/local-map/sp-conf/

Please obtain an account from GakuNin Office if authentication is requested.

 

attribute-map.xml

attribute-policy.xml

shibboleth2.xml

attr.php

embedded-wayf_config.js

 

Modify Setting
  • attribute-policy.xml
    Modify “Host Name of the SP” to this server host name.

  • shibboleth2.xml
    Modify “Host Name of the IdP” to your university IdP which authenticate users.
    Certificate and Key files in the “CredentialResolver” also have to be changed depending on theにserver certificate.
    Initial Setting of the CredentialResolver

    コード ブロック
    <CredentialResolver type="File" key="cert/server.key" certificate="cert/server.crt"/>

    * Owner of these files have to be changed as shibd.

 

  • embedded-wayf_config.js
    Modify “Host Name of the Server” to the name of this server.
    Values in wayf_additional_idps also have to be changed.
Copy Files
コード ブロック
Back Up First
$ sudo cp /etc/shibboleth/attribute-map.xml /etc/shibboleth/attribute-map.xml.bk
$ sudo cp /etc/shibboleth/attribute-policy.xml /etc/shibboleth/attribute-policy.xml.bk
$ sudo cp /etc/shibboleth/shibboleth2.xml /etc/shibboleth/shibboleth2.xml.bk


Then Copy
$ sudo cp attribute-map.xml /etc/shibboleth/.
$ sudo cp attribute-policy.xml /etc/shibboleth/.
$ sudo cp shibboleth2.xml /etc/shibboleth/.
$ sudo mkdir /var/www/html/secure
$ sudo cp attr.php /var/www/html/secure/.
$ sudo mkdir /var/www/html/js
$ sudo cp embedded-wayf_config.js /var/www/html/js/.
Metadata Deployment
  • Store the metadata of the SP of this server in the following location.
    /etc/shibboleth/metadata/sp-metadata.xml
  • Store the metadata of this IdP of this server in the following location.
    /opt/shibboleth-idp/metadata/idp-metadata.xml
    * shibd have to be restarted after the “10. Installing Attribute Provider (IdP)”since the metadata※of the IdP is not yet generated at this moment.
  • Store the metadata of the IdP which utilizes university authentication.
    /etc/shibboleth-idp/metadata/uni-idp-metadata.xml
  • Federation Metadata
    If required, federation metadata have to be included by the shibboleth2.xml configuration.
Restart
コード ブロック
$ sudo /etc/init.d/shibd restart$ sudo /etc/init.d/httpd restart

Installing Attribute Provider (IdP)

...

Importing the Account Data from the Existing Database

 

Metadata

 

Validation

 

Back Up First

$ sudo cp /etc/shibboleth/attribute-map.xml /etc/shibboleth/attribute-map.xml.bk

$ sudo cp /etc/shibboleth/attribute-policy.xml /etc/shibboleth/attribute-policy.xml.bk

$ sudo cp /etc/shibboleth/shibboleth2.xml /etc/shibboleth/shibboleth2.xml.bk

 

Then Copy

$ sudo cp attribute-map.xml /etc/shibboleth/.

$ sudo cp attribute-policy.xml /etc/shibboleth/.

$ sudo cp shibboleth2.xml /etc/shibboleth/.

$ sudo mkdir /var/www/html/secure

$ sudo cp attr.php /var/www/html/secure/.

$ sudo mkdir /var/www/html/js

$ sudo cp embedded-wayf_config.js /var/www/html/js/.