...
Installing Attribute Provider (IdP)
Installing the Application
Importing the Account Data from the Existing Database
Metadata
Validation
Back Up First
$ sudo cp /etc/shibboleth/attribute-map.xml /etc/shibboleth/attribute-map.xml.bk
$ sudo cp /etc/shibboleth/attribute-policy.xml /etc/shibboleth/attribute-policy.xml.bk
$ sudo cp /etc/shibboleth/shibboleth2.xml /etc/shibboleth/shibboleth2.xml.bk
Then Copy
$ sudo cp attribute-map.xml /etc/shibboleth/.
$ sudo cp attribute-policy.xml /etc/shibboleth/.
$ sudo cp shibboleth2.xml /etc/shibboleth/.
$ sudo mkdir /var/www/html/secure
$ sudo cp attr.php /var/www/html/secure/.
$ sudo mkdir /var/www/html/js
Shibboleth IdP which has been installed in section 5 will be configured for Attribute Provider.
Download required file from following URL.
コード ブロック |
---|
https://forge.gakunin.nii.ac.jp/svn/GakuNinmAP/local-map/idp-conf/
Please obtain an account from GakuNin Office if authentication is requested.
attribute-filter.xml
attribute-resolver.xml
handler.xml
internal.xml
relying-party.xml
https://forge.gakunin.nii.ac.jp/svn/GakuNinmAP/local-map/idp-lib/
Please obtain an account from GakuNin Office if authentication is requested.
mysql-connector-java-5.1.10.jar |
Modify Configuration
- attribute-resolver.xml
Modify“SALT”to appropriate random values.
Setup database password to be the same one with “6. Installing and Setting Up MySQL”.
Modify “Host name of the IdP”to this server host name. - relying-party.xml
Modify “Host name of the IdP” to this server host name.
Define SP metadata which utilize local mAP system.
Define the metadata of Global mAP(https://map.gakunin.nii.ac.jp/idp/shibboleth)
* In general, the metadata of the Global mAP is automatically integrated if the IdP ingest the federation metadata.
Overwrite the configuration files.
コード ブロック |
---|
Back Up First
$ cd /opt/shibboleth-idp/conf
$ sudo cp attribute-filter.xml attribute-filter.xml.bk
$ sudo cp attribute-resolver.xml attribute-resolver.xml.bk
$ sudo cp handler.xml handler.xml.bk
$ sudo cp internal.xml internal.xml.bk
$ sudo cp relying-party.xml relying-party.xml.bk
Then Copy
$ cd
$ sudo cp attribute-filter.xml /opt/shibboleth-idp/conf/.
$ sudo cp attribute-resolver.xml /opt/shibboleth-idp/conf/.
$ sudo cp handler.xml /opt/shibboleth-idp/conf/.
$ sudo cp internal.xml /opt/shibboleth-idp/conf/.
$ sudo cp relying-party.xml /opt/shibboleth-idp/conf/. |
Metadata Deployment
- The metadata of this SP has already been stored in the following location.
/etc/shibboleth/metadata/sp-metadata.xml - Store the metadata of this IdP in the following location.
/opt/shibboleth-idp/metadata/idp-metadata.xml - Include the metadata of this IdP in the shibboleth2.xml of the SP which utilizes for local mAP.
Deployment of the MySQL driver
コード ブロック |
---|
$ sudo cp mysql-connector-java-5.1.10.jar \
[TOMCAT install directory] /webapps/idp/WEB-INF/lib/.
$ sudo cp mysql-connector-java-5.1.10.jar /opt/shibboleth-idp/lib/. |
Configuration for StoredID
Create table for StoredID in the MySQL database.
https://meatwiki.nii.ac.jp/confluence/display/GakuNinShibInstall/StoredID
“4. Create table in the database (In case of MySQL)”
コード ブロック |
---|
$ mysql -u root vo
mysql> put SQL commands here. |
Back Channel
Configure for back channel by referring to the following instruction.
Create credential
コード ブロック |
---|
# cd /opt/shibboleth-idp/credentials
# openssl pkcs12 -export -out pkcs12.p12 -in idp.crt -inkey idp.key -name HOST-NAME-OF-THIS-SERVER
Enter Export Password: YOUR-OWN-PASSOWRD
Verifying - Enter Export Password: YOUR-OWN-PASSWORD
# keytool -importkeystore -srckeystore pkcs12.p12 -destkeystore keystore.jks \
-srcstoretype pkcs12 -deststoretype jks -srcalias HOST-NAME-OF-THIS-SERVER \
-destalias HOST-NAME-OF-THIS-SERVER -storepass YOUR-OWN-PASSOWRD
Enter source keystore password: YOUR-OWN-PASSOWRD
keystore.jks will be generated. |
* This instruction assume IdP certificate as idp.crt and idp.key.
Back Channel Port
Enable 8443 port in the server.xml of Tomcat configuration file.
Server.xml can be found in the following location if the Tomcat was installed by using yum
コード ブロック |
---|
/usr/share/tomcat6/conf/server.xml |
Add following configuration.
コード ブロック |
---|
<Connector port="8443"
maxHttpHeaderSize="8192"
maxSpareThreads="75"
scheme="https"
secure="true"
clientAuth="want"
SSLEnabled="true"
sslProtocol="TLS"
keystoreFile="/opt/shibboleth-idp/credentials/keystore.jks"
keystorePass="YOUR-OWN-PASSWORD"
truststoreFile="/opt/shibboleth-idp/credentials/keystore.jks"
truststorePass="YOUR-OWN-PASSWORD"
truststoreAlgorithm="DelegateToApplication"/> |
Deployment
コード ブロック |
---|
$ sudo /etc/init.d/tomcat6 stop
$ sudo /etc/init.d/tomcat6 start
Restart SP as well in order to include the metadata of newly configured IdP.
$ sudo /etc/init.d/shibd restart
$ sudo /etc/init.d/httpd restart |
Installing the Application
Importing the Account Data from the Existing Database
Metadata
Validation
$ sudo cp embedded-wayf_config.js /var/www/html/js/.