目次 |
---|
Purpose
The purpose of this document is to install and validate the local mAP environment.
...
Installing the Application
Importing the Account Data from the Existing Database
Metadata
...
・ Download files from the following URL.
https://forge.gakunin.nii.ac.jp/svn/GakuNinmAP/local-map/ui/ Please obtain an account from GakuNin Office if authentication is requested. map.zip |
・ Deployment
$ unzip map.zip $ sudo mv map /usr/local/. |
・ Initial Setting
# Announce Information $ cd /usr/local/map $ mkdir -p app/webroot/tmp/ $ touch app/webroot/tmp/announce.txt $ sudo chown -R apache.apache app/webroot/tmp
# Privillege $ sudo chown -R apache.apache /usr/local/map/app/tmp $ sudo chmod +x /usr/local/map/cake/console/cake $ sudo chmod +x /usr/local/map/app/vendors/shells/*.php $ sudo chmod -R 777 /usr/local/map/app/tmp/cache
# Group Icons $ sudo mkdir -p app/tmp/uploads/group/original $ sudo mkdir -p app/tmp/uploads/group/thumbnails $ sudo mkdir -p app/tmp/uploads/group/temp $ sudo chown -R apache.apache app/tmp/uploads/group
# Deletion of Log Files and Cache Files $ sudo rm -rf app/tmp/cache/models/* $ sudo rm -rf app/tmp/cache/persistent/* $ sudo rm -rf app/tmp/cache/views/* $ sudo rm -rf app/tmp/logs/*
# Copy of Configuration Files $ cp app/config/database.template.php app/config/database.php $ cp app/config/core.template.php app/config/core.php
# Deletion of Files for Development (if exist) $ rm app/config/local.php |
・ Configuration of httpd.conf
Include following configuration in /etc/httpd/conf/httpd.conf
<VirtualHost _default_:80> Redirect permanent / https://[HOST-NAME-OF-THIS-SERVER]/ </VirtualHost>
Alias /map "/usr/local/map" <Directory "/usr/local/map"> Order allow,deny Allow from all Options ExecCGI FollowSymLinks AllowOverride All </Directory>
<Location "/map"> AuthType shibboleth ShibRequireSession Off require shibboleth </Location>
<Location /idp/Authn/RemoteUser> AuthType shibboleth ShibRequireSession On Require valid-user ShibRequestSetting requireSessionWith DSforRemoteUser </Location> |
・ Restart
$ sudo /etc/init.d/httpd stop $ sudo /etc/init.d/httpd start |
・ Database Configuration
$ mysql -u root vo < /usr/local/map/ddl/ddl.sql $ mysql -u root vo < /usr/local/map/ddl/alter.sql $ mysql -u root vo < /usr/local/map/ddl/index.sql $ mysql -u root vo < /usr/local/map/ddl/init_system_admin.sql $ mysql -u root vo Open /usr/local/map/ddl/stored_procedure.sql and copy & paste the contents. |
・ Application Configuration File
・/usr/local/map/app/config/database.php
In the 'database' => '', set the password defined at “6. Installing and Setting Up MySQL”
・/usr/local/map/app/config/mail.php
In the 'host' => '', set the SMTP server.
In the $from, $this->from, set the FROM address of the email which will be send from this server.
In the $footer_jp_map, $footer_jp_test, $footer_eng_map and $footer_eng_test, modify to the appropriate sentences as you want.
・/usr/local/map/app/config/system.php
In the "host" and the host of "loginlink" in $config["production"], $config["test"], set the host name of this server.
・ Registration of System Administrator
Create a new account by accessing to the following URL.
https://HOTS-NAME-OF-THIS-SERVER/map/
After selecting the IdP and then login, create a new account.
Register the Administrator of the Database.
$ mysql -u vouser vo –pYOUR-OWN-PASSWORD
mysql> select id,name,mail from accounts; Find your ID by the above command, and then and execute the following SQL to your ID. mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(YOUR-ACCOUNT-ID, 1, 1, NOW(), NOW());
Example) mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 1, 1, NOW(), NOW()); |
・ Registration of SP
By the following commands, SP information which if a part of the federaton member will be registered in the sp_hosts table of the database.
$ cd /usr/local/map/cake/console $ ./cake -app /usr/local/map/app sp_host /var/cache/shibboleth/federation-metadata.xml |
If you would like to register the SP which is not a member of the federation, it’s easy to add the SP in the /var/cache/shibboleth/federation-metadata.xml and then execute the above command.
Register SP Administrator in the Datbase.
$ mysql -u vouser vo –pYOUR-OWN-PASSWORD
mysql> insert into sp_administrators(eppn, host_name, entityid, created) values('YOUR-ePPN', 'HOST-NAME-OF-UTILIZED-SP', 'ENTITY-ID-OF-UTILIZED-SP', NOW());
Example1)Registration for researchmap and kyouindb mysql> insert into sp_administrators(eppn, host_name, entityid, created) \ values('xxxx@kyoto-u.ac.jp', 'researchmap.jp', 'https://researchmap.jp/shibboleth-sp', NOW());
mysql> insert into sp_administrators(eppn, host_name, entityid, created) \ values('xxxx@kyoto-u.ac.jp', 'kyouindb.iimc.kyoto-u.ac.jp', \ 'https://kyouindb.iimc.kyoto-u.ac.jp/shibboleth-sp', NOW());
Exmaple2) Registration for test-meatmail.nii.ac.jp and test-map-sp1.nii.ac.jp mysql> insert into sp_administrators(eppn, host_name, entityid, created) \ values('xxxxxx@ebook-idp.nii.ac.jp', 'test-meatmail.nii.ac.jp', \ 'https://test-meatmail.nii.ac.jp/shibboleth-sp', NOW());
mysql> insert into sp_administrators(eppn, host_name, entityid, created) \ values(' xxxxxx@ebook-idp.nii.ac.jp', 'test-map-sp1.nii.ac.jp', \ 'https://test-map-sp1.nii.ac.jp/shibboleth-sp', NOW()); |
・ Create SP Connector
Create SP Connector of the utilized SP by executing the following SQL.
$ mysql -u vouser vo –pYOUR-OWN-PASSWORD mysql> insert into groups(group_key,name,introduction,active,public,openmember,\ inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,\ created,modified) values('GROUP-KEY', 'SERVICE-NAME', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW());
Example1)Researchmap and kyouindb mysql> insert into groups(group_key,name,introduction,active,public,openmember,\ inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \ values('researchmap', 'Researchmap', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW());
mysql> insert into groups(group_key,name,introduction,active,public,openmember,\ inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified \ ) values('kyouindb', 'kyouindb', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW());
Example2)test-meatmail.nii.ac.jp and test-map-sp1.nii.ac.jp mysql> insert into groups(group_key,name,introduction,active,public,openmember,\ inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \ values('test-meatmail.nii.ac.jp', 'test-meatmail.nii.ac.jp', '', \ 0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW());
mysql> insert into groups(group_key,name,introduction,active,public,openmember,\ inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \ values('test-map-sp1.nii.ac.jp', 'test-map-sp1.nii.ac.jp', '', \ 0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW()); |
Create SP Connector to Global mAP by executing the following SQL.
$ mysql -u vouser vo –pYOUR-OWN-PASSWORD mysql>insert into groups(group_key,name,introduction,active,public,openmember,\ inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \ values('gakunin-map ', 'GakuNin-mAP', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW());
Exmaple) Test mAP mysql>insert into groups(group_key,name,introduction,active,public,openmember,\ inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \ values('test-map ', 'Test-mAP', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW()); |
Register the administrator of SP Connector to the database.
$ mysql -u vouser vo –pYOUR-OWN-PASSWORD mysql> select id,name,mail from accounts; mysql> select id,group_key,name from groups where sp=1;
Find your ID and Group table ID by the search com“mand above and then put it in the “YOUR-ACCOUNT-ID”and “GroupID” in the following SQL. mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(自分のアカウントID, GroupID, 1, NOW(), NOW());
Example) In case of creating 3 SP Connectors mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 2, 1, NOW(), NOW()); mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 3, 1, NOW(), NOW()); mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 4, 1, NOW(), NOW()); |
・ Connection between SP Connecor and SP.
Connect SP Connector and SP by executing the following SQL.
$ mysql -u vouser vo –pYOUR-OWN-PASSWORD
Search utilizes SP Connector ID. mysql> select id, name from groups where sp = 1;
Search utilizes SP ID mysql> select id, name from sp_hosts;
Based on the search result, register connecting information between SP Connector and SP. insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \ values(SP-CONNECTOR-ID, SP-ID, 'SERVICE-URL', NOW(),NOW(), 'SERVICE-NAME');
・SP Connector ID:ID of groups table ・SP ID:ID of sp_hosts table
Example1)Researchmap and kyouindb mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \ values(2, 3, 'http://researchmap.jp/', NOW(),NOW(), 'Researchmap');
mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \ values(3, 15, 'http://kyouindb.iimc.kyoto-u.ac.jp/', NOW(),NOW(), 'kyouindb');
Example2)test-meatmail.nii.ac.jp and test-map-sp1.nii.ac.jp mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \ values(2, 80, 'https://test-meatmail.nii.ac.jp/', NOW(),NOW(), 'Test-MeatMail'); mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \ values(3, 175, 'https://test-map-sp1.nii.ac.jp/', NOW(),NOW(), 'Test-mAP-SP1'); |
Connect SP Connector and Global mAP(SP) by executing the following commands.
$ mysql -u vouser vo –pYOUR-OWN-PASSWORD
Search SP Connector ID of Global mAP mysql> select id, name from groups where sp = 1 and group_key='gakunin-map';
Search SP ID of Global mAP mysql> select id, name from sp_hosts where name='map.gakunin.nii.ac.jp';
Based on the search result, register the connecting information between SP Connector and SP. mysql> insert into group_sphosts(group_id,sp_id,created,modified,service_name) \ values(SP-CONNECTOR-ID, SPのID, NOW(),NOW(), 'SERVICE-NAME');
Example 1)GakuNin mAP mysql> insert into group_sphosts(group_id,sp_id,created,modified,service_name) \ values(4, 14, NOW(),NOW(), 'GakuNin-mAP');
Example2)Test mAP mysql> insert into group_sphosts(group_id,sp_id,created,modified,service_name) \ values(4, 48, NOW(),NOW(), 'Test-mAP'); |
・ Automatic Connection of SP Connector
This enables users to utilize SP (ex. Researchmap, kyouindb) by connecting SP connector automatically when the user create new group.
$ mysql -u vouser vo –pYOUR-OWN-PASSWORD
Obtain ID by searching SP Connector mysql> select id, name from groups where sp = 1;
Set the found ID in the following SQL and then execute. mysql> insert into sp_auto_connectors(groupid,created) values(FOUND-ID, NOW());
Example) mysql> insert into sp_auto_connectors(groupid,created) values(2, NOW()); mysql> insert into sp_auto_connectors(groupid,created) values(3, NOW()); |
Enable to utilize it also via Global mAP
$ mysql -u vouser vo –pYOUR-OWN-PASSWORD
Search ID of SP Connector of Global mAP. mysql> select id, name from groups where sp = 1 and group_key='gakunin-map';
Set the found ID in the following SQL and then execute. mysql> insert into sp_auto_connectors(groupid,created) values(FOUND-ID, NOW());
Example) insert into sp_auto_connectors(groupid,created) values(4, NOW()); |
・ Attribute Consent Setting for SP Connector
Set the consent information which will be utilized by the SP Connector
$ mysql -u vouser vo –pYOUR-OWN-PASSWORD
Obtain ID by searching SP Connector mysql> select id, name from groups where sp = 1;
Set ID for SP Connector in the following SQL and then execute. mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\ language,organization,created,modified) values(FOUND-ID, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW());
Example) select id, name from groups where sp = 1; +----+-------------------------+ | id | name | +----+-------------------------+ | 2 | xxxxxxx | | 3 | yyyyyyy | | 4 | zzzzzzz | mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\ language,organization,created,modified) values(2, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW()); mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\ language,organization,created,modified) values(3, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW()); mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\ language,organization,created,modified) values(4, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW());
|
Importing the Account Data from the Existing Database
If there exist the data in the existing database, it can be imported by means of TSV file.
Format of the TSV is as follows
Note that display name have to be within 50 characters.
LOCAL-ID(SPS-ID)<<TAB>>ePPN<<TAB>>DISPLAY-NAME(NAME) ・・・ |
Import command is as follows.
$ export TERM=vt100 $ cd /usr/local/map/cake/console $ ./cake -app /usr/local/map/app kyoto_u_ac_jp_import [TSV-FILE-NAME] [IdP-ENTITY-ID]
Example 1)Normal Execution $ export TERM=vt100 $ cd /usr/local/map/cake/console $ ./cake -app /usr/local/map/app kyoto_u_ac_jp_import \ /var/local/map/tmp/kyoto-u.ac.jp.sample.tsv \ https://authidp1.iimc.kyoto-u.ac.jp/idp/shibboleth
Example 2)Send Email after Execution $ export TERM=vt100 $ cd /usr/local/map/cake/console $ ./cake -app /usr/local/map/app kyoto_u_ac_jp_import \ /var/local/map/tmp/kyoto-u.ac.jp.sample.tsv \ https://authidp1.iimc.kyoto-u.ac.jp/idp/shibboleth | mail -s "Import Result" EMAIL-ADDRESS |
Metadata
If you need to connect with Global mAP, it is required to incorporate this IdP metadata into the GlobalmAP.
Please send the following IdP metadata to the Global mAP administrator.
/opt/shibboleth-idp/metadata/idp-metadata.xml
Validation
・Authentication
Confirm the authentication page after accessing to the following URL.
https://HOST-NAME-OF-THIS-SERVER/secure/attr.php
・SP
After integrating the metadata of this SP into the related SPs and/or Global mAP, you can check the connecting test.