GakuNinmAPpublic

ページ ツリー

比較バージョン

古いバージョン 11

changes.mady.by.user yamaji@nii.ac.jp

保存しました

次と比較

新しいバージョン 12

changes.mady.by.user yamaji@nii.ac.jp

保存しました

キー

  • この行は追加されました。
  • この行は削除されました。
  • 書式設定が変更されました。

...

Installing the Application

...

Download files from the following URL.
コード ブロック
https://forge.gakunin.nii.ac.jp/svn/GakuNinmAP/local-map/ui/

...


Please obtain an account from GakuNin Office if authentication is requested.

...


map.zip

...

Deployment

...

コード ブロック
$ unzip map.zip

...


$ sudo mv map /usr/local/.

 

...

Initial Setting
コード ブロック
# Announce Information

...


$ cd /usr/local/map

...


$ mkdir -p app/webroot/tmp/

...


$ touch app/webroot/tmp/announce.txt

...


$ sudo chown -R apache.apache app/webroot/tmp

...

 



# Privillege

...


$ sudo chown -R apache.apache /usr/local/map/app/tmp

...


$ sudo chmod +x /usr/local/map/cake/console/cake

...


$ sudo chmod +x /usr/local/map/app/vendors/shells/*.php

...


$ sudo chmod -R 777 /usr/local/map/app/tmp/cache

...

 



# Group Icons

...


$ sudo mkdir -p app/tmp/uploads/group/original

...


$ sudo mkdir -p app/tmp/uploads/group/thumbnails

...


$ sudo mkdir -p app/tmp/uploads/group/temp

...


$ sudo chown -R apache.apache app/tmp/uploads/group

...

 



# Deletion of Log Files and Cache Files

...


$ sudo rm -rf app/tmp/cache/models/*

...


$ sudo rm -rf app/tmp/cache/persistent/*

...


$ sudo rm -rf app/tmp/cache/views/*

...


$ sudo rm -rf app/tmp/logs/*

...

 



# Copy of Configuration Files

...


$ cp app/config/database.template.php app/config/database.php

...


$ cp app/config/core.template.php app/config/core.php

...

 

# Deletion of Files for Development (if exist)

...




# Deletion of Files for Development (if exist)
$ rm app/config/local.php

...

 
 
 
...
Configuration of httpd.conf
Include following configuration in /etc/httpd/conf/httpd.conf
 コード ブロック
<VirtualHost _default_:80>
...

  Redirect permanent / https://[HOST-NAME-OF-THIS-SERVER]/
...

</VirtualHost>
...
 


Alias /map "/usr/local/map"
...

<Directory "/usr/local/map">
...

  Order allow,deny
...

  Allow from all
...

  Options ExecCGI FollowSymLinks
...

  AllowOverride All
...

</Directory>
...
 


<Location "/map">
...

  AuthType shibboleth
...

  ShibRequireSession Off
...

  require shibboleth
...

</Location>
...
 


<Location /idp/Authn/RemoteUser>
...

  AuthType shibboleth
...

  ShibRequireSession On
...

  Require valid-user
...

  ShibRequestSetting requireSessionWith DSforRemoteUser
...

</Location>
...
Restart
...
 コード ブロック
$ sudo /etc/init.d/httpd stop
...

$ sudo /etc/init.d/httpd start
...
...
Database Configuration
 コード ブロック
$ mysql -u root vo < /usr/local/map/ddl/ddl.sql
...

$ mysql -u root vo < /usr/local/map/ddl/alter.sql
...

$ mysql -u root vo < /usr/local/map/ddl/index.sql
...

$ mysql -u root vo < /usr/local/map/ddl/init_system_admin.sql
...

$ mysql -u root vo
...

Open /usr/local/map/ddl/stored_procedure.sql and copy & paste the contents.
 
 
 
...
Application Configuration File
...
  • /usr/local/map/app/config/database.php
...
  • In the 'database' => '',  set the password defined at “6. Installing and Setting Up MySQL”
 
...
  • /usr/local/map/app/config/mail.php
...
  • In the 'host' => '', set the SMTP server.
...
  • In the $from, $this->from, set the FROM address of the email which will be send from this server.
...
  • In the $footer_jp_map, $footer_jp_test, $footer_eng_map and $footer_eng_test, modify to the appropriate sentences as you want.
 
...
  • /usr/local/map/app/config/system.php
    In the "host" and the host of "loginlink" in $config["production"], $config["test"], set the host name of this server.
 
...
  • Registration of System Administrator
    Create a new account by accessing to the following URL.
    https://HOTS-NAME-OF-THIS-SERVER/map/
    After selecting the IdP and then login, create a new account.
 

  • Register the Administrator of the Database.
     コード ブロック
    $ mysql -u vouser vo
...
  •  -pYOUR-OWN-PASSWORD
...
 
  • 

mysql> select id,name,mail from accounts;
...
  • 
Find your ID by the above command, and then and execute the following SQL to your ID.
...
  • 
mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(YOUR-ACCOUNT-ID, 1, 1, NOW(), NOW());
...
 
  • 

Example)
...
  • 
mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 1, 1, NOW(), NOW());
 
 
 
...
Registration of SP
By the following commands, SP information which if a part of the federaton member will be registered in the sp_hosts table of the database.
 コード ブロック
$ cd /usr/local/map/cake/console
...

$ ./cake -app /usr/local/map/app sp_host /var/cache/shibboleth/federation-metadata.xml
If you would like to register the SP which is not a member of the federation, it’s easy to add the SP in the /var/cache/shibboleth/federation-metadata.xml and then execute the above command.
 
Register SP Administrator in the Datbase.
 コード ブロック
$ mysql -u vouser vo
...
 -pYOUR-OWN-PASSWORD
...
 


mysql> insert into sp_administrators(eppn, host_name, entityid, created) 
values('YOUR-ePPN', 'HOST-NAME-OF-UTILIZED-SP', 
'ENTITY-ID-OF-UTILIZED-SP', NOW());
...
 
Example1)Registration for researchmap and kyouindb
...



Example1)Registration for researchmap and kyouindb
mysql> insert into sp_administrators(eppn, host_name, entityid, created) \
...

values('xxxx@kyoto-u.ac.jp', 'researchmap.jp', 'https://researchmap.jp/shibboleth-sp', NOW());
...
 


mysql> insert into sp_administrators(eppn, host_name, entityid, created) \
...

values('xxxx@kyoto-u.ac.jp', 'kyouindb.iimc.kyoto-u.ac.jp', \
...

'https://kyouindb.iimc.kyoto-u.ac.jp/shibboleth-sp', NOW());
...
 
 




Exmaple2) Registration for test-meatmail.nii.ac.jp and test-map-sp1.nii.ac.jp
...

mysql> insert into sp_administrators(eppn, host_name, entityid, created) \
...

values('xxxxxx@ebook-idp.nii.ac.jp', 'test-meatmail.nii.ac.jp', \
...

'https://test-meatmail.nii.ac.jp/shibboleth-sp', NOW());
...
 


mysql> insert into sp_administrators(eppn, host_name, entityid, created) \
...

values(' xxxxxx@ebook-idp.nii.ac.jp', 'test-map-sp1.nii.ac.jp', \
...

'https://test-map-sp1.nii.ac.jp/shibboleth-sp', NOW());
...
 
...
 
...
Create SP Connector
Create SP Connector of the utilized SP by executing the following SQL.
 コード ブロック
$ mysql -u vouser vo
...
 -pYOUR-OWN-PASSWORD
...

mysql> insert into groups(group_key,name,introduction,active,public,openmember,\
...

inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,\
...

created,modified) values('GROUP-KEY', 'SERVICE-NAME', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW());
...
 


Example1)Researchmap and kyouindb
...

mysql> insert into groups(group_key,name,introduction,active,public,openmember,\
...

inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \
...

values('researchmap', 'Researchmap', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW());
...
 


mysql> insert into groups(group_key,name,introduction,active,public,openmember,\
...

inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified \
...

) values('kyouindb', 'kyouindb', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW());
...
 



Example2)test-meatmail.nii.ac.jp and test-map-sp1.nii.ac.jp
...

mysql> insert into groups(group_key,name,introduction,active,public,openmember,\
...

inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \
...

values('test-meatmail.nii.ac.jp', 'test-meatmail.nii.ac.jp', '', \
...

0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW());
...
 


mysql> insert into groups(group_key,name,introduction,active,public,openmember,\
...

inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \
...

values('test-map-sp1.nii.ac.jp', 'test-map-sp1.nii.ac.jp', '', \
...

0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW());
 
Create SP Connector to Global mAP by executing the following SQL.
 コード ブロック
$ mysql -u vouser vo
...
 -pYOUR-OWN-PASSWORD
...

mysql>insert into groups(group_key,name,introduction,active,public,openmember,\
...

inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \
...

values('gakunin-map ', 'GakuNin-mAP', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW());
...
 


Exmaple) Test mAP
...

mysql>insert into groups(group_key,name,introduction,active,public,openmember,\
...

inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \
...

values('test-map ', 'Test-mAP', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW());
...
 
...
 
Register the administrator of SP Connector to the database.
 コード ブロック
$ mysql -u vouser vo
...
 -pYOUR-OWN-PASSWORD
...

mysql> select id,name,mail from accounts;
...

mysql> select id,group_key,name from groups where sp=1;
...
 


Find your ID and Group table ID by the search
...
 com"mand above and then put it in the
...
 "YOUR-ACCOUNT-
...
ID"and "GroupID" in the following SQL.
mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(
...
YOUR-ACCOUNT-ID, GroupID, 1, NOW(), NOW());
...
 


Example) In case of creating 3 SP Connectors
...

mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 2, 1, NOW(), NOW());
...

mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 3, 1, NOW(), NOW());
...

mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 4, 1, NOW(), NOW());
 
 
 
 
...
Connection between SP Connecor and SP.
Connect SP Connector and SP by executing the following SQL.
 コード ブロック
$ mysql -u vouser vo
...
 -pYOUR-OWN-PASSWORD
...
 


Search utilizes SP Connector ID.
...

mysql> select id, name from groups where sp = 1;
...
 


Search utilizes SP ID
...

mysql> select id, name from sp_hosts;
...
 


Based on the search result, register connecting information between SP Connector and SP.
...

insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \
...

values(SP-CONNECTOR-ID, SP-ID, 'SERVICE-URL', NOW(),NOW(), 'SERVICE-NAME');
...
 


・SP Connector ID:ID of groups table
...

・SP ID:ID of sp_hosts
...
 
 
Example1)Researchmap and kyouindb
...
 table


Example1)Researchmap and kyouindb
mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \
...

values(2, 3, 'http://researchmap.jp/', NOW(),NOW(), 'Researchmap');
...
 


mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \
...

values(3, 15, 'http://kyouindb.iimc.kyoto-u.ac.jp/', NOW(),NOW(), 'kyouindb');
...
 


Example2)test-meatmail.nii.ac.jp and test-map-sp1.nii.ac.jp
...

mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \
...

values(2, 80, 'https://test-meatmail.nii.ac.jp/', NOW(),NOW(), 'Test-MeatMail');
...

mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \
...

values(3, 175, 'https://test-map-sp1.nii.ac.jp/', NOW(),NOW(), 'Test-mAP-SP1');
...
 
...
 
Connect SP Connector and Global mAP(SP) by executing the following commands.
 コード ブロック
$ mysql -u vouser vo
...
 -pYOUR-OWN-PASSWORD
...
 


Search SP Connector ID of Global mAP
...

mysql> select id, name from groups where sp = 1 and group_key='gakunin-map';
...
 


Search SP ID of Global mAP
...

mysql> select id, name from sp_hosts where name='map.gakunin.nii.ac.jp';
...
 


Based on the search result, register the connecting information between SP Connector and SP.
...

mysql> insert into group_sphosts(group_id,sp_id,created,modified,service_name) \
...

values(SP-CONNECTOR-ID, SPのID, NOW(),NOW(), 'SERVICE-NAME');
...
 


Example 1)GakuNin mAP
...

mysql> insert into group_sphosts(group_id,sp_id,created,modified,service_name) \
...

values(4, 14, NOW(),NOW(), 'GakuNin-mAP');
...
 


Example2)Test mAP
...

mysql> insert into group_sphosts(group_id,sp_id,created,modified,service_name) \
...

values(4, 48, NOW(),NOW(), 'Test-mAP');
 
 
 
 
...
Automatic Connection of SP Connector
This enables users to utilize SP (ex. Researchmap, kyouindb) by connecting SP connector automatically when the user create new group.
 コード ブロック
$ mysql -u vouser vo
...
 -pYOUR-OWN-PASSWORD
...
 


Obtain ID by searching SP Connector
...

mysql> select id, name from groups where sp = 1;
...
 


Set the found ID in the following SQL and then execute.
...

mysql> insert into sp_auto_connectors(groupid,created) values(FOUND-ID, NOW());
...
 
Example)
...


Example)
mysql> insert into sp_auto_connectors(groupid,created) values(2, NOW());
...

mysql> insert into sp_auto_connectors(groupid,created) values(3, NOW());
 
Enable to utilize it also via Global mAP
 コード ブロック
$ mysql -u vouser vo
...
 -pYOUR-OWN-PASSWORD
...
 


Search ID of SP Connector of Global mAP.
...

mysql> select id, name from groups where sp = 1 and group_key='gakunin-map';
...
 


Set the found ID in the following SQL and then execute.
...

mysql> insert into sp_auto_connectors(groupid,created) values(FOUND-ID, NOW());
...
 
Example)
...


Example)
insert into sp_auto_connectors(groupid,created) values(4, NOW());
...
 
 
...
Attribute Consent Setting for SP Connector
Set the consent information which will be utilized by the SP Connector
 コード ブロック
$ mysql -u vouser vo
...
 -pYOUR-OWN-PASSWORD
...
 
Obtain ID by searching SP Connector
mysql> select id, name from groups where sp = 1;
 
Set ID for SP Connector in the following SQL and then execute.
...



Obtain ID by searching SP Connector
mysql> select id, name from groups where sp = 1;


Set ID for SP Connector in the following SQL and then execute.
mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\
...

language,organization,created,modified) values(FOUND-ID, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW());
...
 



Example)
...

select id, name from groups where sp = 1;
...

+----+-------------------------+
...

| id
...
 | name                    |
+----+-------------------------+
...

|
...
  2
...
|  3 | yyyyyyy                 |
|  4 | zzzzzzz                 |
...
 | xxxxxxx                 |
|  3 | yyyyyyy                 |
|  4 | zzzzzzz                 |
mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\
...

language,organization,created,modified) values(2, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW());
...

mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\
...

language,organization,created,modified) values(3, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW());
...

mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\
...

language,organization,created,modified) values(4, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW());
...
 
...
 
Importing the Account Data from the Existing Database
...
Format of the TSV is as follows
Note that display name have to be within 50 characters.
 コード ブロック
LOCAL-ID(SPS-ID)<<TAB>>ePPN<<TAB>>DISPLAY-NAME(NAME)
...

...
 
Import command is as follows.
 コード ブロック
$ export TERM=vt100
...

$ cd /usr/local/map/cake/console
...

$ ./cake -app /usr/local/map/app kyoto_u_ac_jp_import [TSV-FILE-NAME] [IdP-ENTITY-ID]
...
 


Example 1)Normal Execution
...

$ export TERM=vt100
...

$ cd /usr/local/map/cake/console
...

$ ./cake -app /usr/local/map/app kyoto_u_ac_jp_import \
...

/var/local/map/tmp/kyoto-u.ac.jp.sample.tsv \
...

https://authidp1.iimc.kyoto-u.ac.jp/idp/shibboleth
...
 


Example 2)Send Email after Execution
...

$ export TERM=vt100
...

$ cd /usr/local/map/cake/console
...

$ ./cake -app /usr/local/map/app kyoto_u_ac_jp_import \
...

/var/local/map/tmp/kyoto-u.ac.jp.sample.tsv \
...

https://authidp1.iimc.kyoto-u.ac.jp/idp/shibboleth | mail -s "Import Result" EMAIL-ADDRESS
Metadata
If you need to connect with Global mAP, it is required to incorporate this IdP metadata into the GlobalmAP.
...
/opt/shibboleth-idp/metadata/idp-metadata.xml 
Validation
...
Authentication
Confirm the authentication page after accessing to the following URL.
https://HOST-NAME-OF-THIS-SERVER/secure/attr.php
 
...
SP
After integrating the metadata of this SP into the related SPs and/or Global mAP, you can check the connecting test.
...