GakuNinmAPpublic

ページ ツリー

比較バージョン

古いバージョン 8

changes.mady.by.user yamaji@nii.ac.jp

保存しました

次と比較

新しいバージョン 9

changes.mady.by.user yamaji@nii.ac.jp

保存しました

キー

  • この行は追加されました。
  • この行は削除されました。
  • 書式設定が変更されました。

...

Installing Attribute Provider (IdP)

 

Installing the Application

 

Importing the Account Data from the Existing Database

 

Metadata

 

Validation

 

Back Up First

$ sudo cp /etc/shibboleth/attribute-map.xml /etc/shibboleth/attribute-map.xml.bk

$ sudo cp /etc/shibboleth/attribute-policy.xml /etc/shibboleth/attribute-policy.xml.bk

$ sudo cp /etc/shibboleth/shibboleth2.xml /etc/shibboleth/shibboleth2.xml.bk

 

Then Copy

$ sudo cp attribute-map.xml /etc/shibboleth/.

$ sudo cp attribute-policy.xml /etc/shibboleth/.

$ sudo cp shibboleth2.xml /etc/shibboleth/.

$ sudo mkdir /var/www/html/secure

$ sudo cp attr.php /var/www/html/secure/.

$ sudo mkdir /var/www/html/js

Shibboleth IdP which has been installed in section 5 will be configured for Attribute Provider.

Download required file from following URL.
コード ブロック
https://forge.gakunin.nii.ac.jp/svn/GakuNinmAP/local-map/idp-conf/
Please obtain an account from GakuNin Office if authentication is requested.
attribute-filter.xml
attribute-resolver.xml
handler.xml
internal.xml
relying-party.xml
 
https://forge.gakunin.nii.ac.jp/svn/GakuNinmAP/local-map/idp-lib/
Please obtain an account from GakuNin Office if authentication is requested.
mysql-connector-java-5.1.10.jar
Modify Configuration
  • attribute-resolver.xml
    Modify“SALT”to appropriate random values.
    Setup database password to be the same one with “6. Installing and Setting Up MySQL”.
    Modify “Host name of the IdP”to this server host name.
  • relying-party.xml
    Modify “Host name of the IdP” to this server host name.
    Define SP metadata which utilize local mAP system.
    Define the metadata of Global mAP(https://map.gakunin.nii.ac.jp/idp/shibboleth)
    * In general, the metadata of the Global mAP is automatically integrated if the IdP ingest the federation metadata.

 

 

Overwrite the configuration files.
コード ブロック
Back Up First
$ cd /opt/shibboleth-idp/conf
$ sudo cp attribute-filter.xml attribute-filter.xml.bk
$ sudo cp attribute-resolver.xml attribute-resolver.xml.bk
$ sudo cp handler.xml handler.xml.bk
$ sudo cp internal.xml internal.xml.bk
$ sudo cp relying-party.xml relying-party.xml.bk
 
Then Copy
$ cd
$ sudo cp attribute-filter.xml /opt/shibboleth-idp/conf/.
$ sudo cp attribute-resolver.xml /opt/shibboleth-idp/conf/.
$ sudo cp handler.xml /opt/shibboleth-idp/conf/.
$ sudo cp internal.xml /opt/shibboleth-idp/conf/.
$ sudo cp relying-party.xml /opt/shibboleth-idp/conf/.
Metadata Deployment
  • The metadata of this SP has already been stored in  the following location.
    /etc/shibboleth/metadata/sp-metadata.xml
  • Store the metadata of this IdP in the following location.
    /opt/shibboleth-idp/metadata/idp-metadata.xml
  • Include the metadata of this IdP in the shibboleth2.xml of the SP which utilizes for local mAP.
Deployment of the MySQL driver
コード ブロック
$ sudo cp mysql-connector-java-5.1.10.jar \
[TOMCAT install directory] /webapps/idp/WEB-INF/lib/.
 
$ sudo cp mysql-connector-java-5.1.10.jar /opt/shibboleth-idp/lib/.
Configuration for StoredID

Create table for StoredID in the MySQL database.

https://meatwiki.nii.ac.jp/confluence/display/GakuNinShibInstall/StoredID

“4. Create table in the database (In case of MySQL)”

コード ブロック
$ mysql -u root vo
mysql> put SQL commands here.
Back Channel

Configure for back channel by referring to the following instruction.

Create credential

コード ブロック
# cd /opt/shibboleth-idp/credentials
# openssl pkcs12 -export -out pkcs12.p12 -in idp.crt -inkey idp.key -name HOST-NAME-OF-THIS-SERVER
Enter Export Password: YOUR-OWN-PASSOWRD
Verifying - Enter Export Password: YOUR-OWN-PASSWORD
 
# keytool -importkeystore -srckeystore pkcs12.p12 -destkeystore keystore.jks \
-srcstoretype pkcs12 -deststoretype jks -srcalias HOST-NAME-OF-THIS-SERVER \
-destalias HOST-NAME-OF-THIS-SERVER -storepass YOUR-OWN-PASSOWRD
Enter source keystore password: YOUR-OWN-PASSOWRD
keystore.jks will be generated.

* This instruction assume IdP certificate as idp.crt and idp.key.

Back Channel Port

Enable 8443 port in the server.xml of Tomcat configuration file.

Server.xml can be found in the following location if the Tomcat was installed by using yum

コード ブロック
/usr/share/tomcat6/conf/server.xml

Add following configuration.

コード ブロック
<Connector port="8443"
               maxHttpHeaderSize="8192"
               maxSpareThreads="75"
               scheme="https"
               secure="true"
               clientAuth="want"
               SSLEnabled="true"
               sslProtocol="TLS"
               keystoreFile="/opt/shibboleth-idp/credentials/keystore.jks"
               keystorePass="YOUR-OWN-PASSWORD"
               truststoreFile="/opt/shibboleth-idp/credentials/keystore.jks"
               truststorePass="YOUR-OWN-PASSWORD"
               truststoreAlgorithm="DelegateToApplication"/>
Deployment
コード ブロック
$ sudo /etc/init.d/tomcat6 stop
$ sudo /etc/init.d/tomcat6 start
 
Restart SP as well in order to include the metadata of newly configured IdP.
$ sudo /etc/init.d/shibd restart
$ sudo /etc/init.d/httpd restart

Installing the Application

 

Importing the Account Data from the Existing Database

 

Metadata

 

Validation

 $ sudo cp embedded-wayf_config.js /var/www/html/js/.