...
Installing the Application
...
Download files from the following URL.
コード ブロック |
---|
https://forge.gakunin.nii.ac.jp/svn/GakuNinmAP/local-map/ui/ |
...
Please obtain an account from GakuNin Office if authentication is requested. |
...
map.zip |
...
Deployment
...
コード ブロック |
---|
$ unzip map.zip |
...
$ sudo mv map /usr/local/. |
...
Initial Setting
コード ブロック |
---|
# Announce Information |
...
$ cd /usr/local/map |
...
$ mkdir -p app/webroot/tmp/ |
...
$ touch app/webroot/tmp/announce.txt |
...
$ sudo chown -R apache.apache app/webroot/tmp |
...
# Privillege |
...
$ sudo chown -R apache.apache /usr/local/map/app/tmp |
...
$ sudo chmod +x /usr/local/map/cake/console/cake |
...
$ sudo chmod +x /usr/local/map/app/vendors/shells/*.php |
...
$ sudo chmod -R 777 /usr/local/map/app/tmp/cache |
...
# Group Icons |
...
$ sudo mkdir -p app/tmp/uploads/group/original |
...
$ sudo mkdir -p app/tmp/uploads/group/thumbnails |
...
$ sudo mkdir -p app/tmp/uploads/group/temp |
...
$ sudo chown -R apache.apache app/tmp/uploads/group |
...
# Deletion of Log Files and Cache Files |
...
$ sudo rm -rf app/tmp/cache/models/* |
...
$ sudo rm -rf app/tmp/cache/persistent/* |
...
$ sudo rm -rf app/tmp/cache/views/* |
...
$ sudo rm -rf app/tmp/logs/* |
...
# Copy of Configuration Files |
...
$ cp app/config/database.template.php app/config/database.php |
...
$ cp app/config/core.template.php app/config/core.php |
...
# Deletion of Files for Development (if exist)
...
# Deletion of Files for Development (if exist) $ rm app/config/local.php |
...
...
Configuration of httpd.conf
Include following configuration in /etc/httpd/conf/httpd.conf
コード ブロック |
---|
<VirtualHost _default_:80> |
...
Redirect permanent / https://[HOST-NAME-OF-THIS-SERVER]/ |
...
</VirtualHost> |
...
Alias /map "/usr/local/map" |
...
<Directory "/usr/local/map"> |
...
Order allow,deny |
...
Allow from all |
...
Options ExecCGI FollowSymLinks |
...
AllowOverride All |
...
</Directory> |
...
<Location "/map"> |
...
AuthType shibboleth |
...
ShibRequireSession Off |
...
require shibboleth |
...
</Location> |
...
<Location /idp/Authn/RemoteUser> |
...
AuthType shibboleth |
...
ShibRequireSession On |
...
Require valid-user |
...
ShibRequestSetting requireSessionWith DSforRemoteUser |
...
</Location> |
...
Restart
...
コード ブロック |
---|
$ sudo /etc/init.d/httpd stop |
...
$ sudo /etc/init.d/httpd start |
...
...
Database Configuration
コード ブロック |
---|
$ mysql -u root vo < /usr/local/map/ddl/ddl.sql |
...
$ mysql -u root vo < /usr/local/map/ddl/alter.sql |
...
$ mysql -u root vo < /usr/local/map/ddl/index.sql |
...
$ mysql -u root vo < /usr/local/map/ddl/init_system_admin.sql |
...
$ mysql -u root vo |
...
Open /usr/local/map/ddl/stored_procedure.sql and copy & paste the contents. |
...
Application Configuration File
...
- /usr/local/map/app/config/database.php
...
- In the 'database' => '', set the password defined at “6. Installing and Setting Up MySQL”
...
- /usr/local/map/app/config/mail.php
...
- In the 'host' => '', set the SMTP server.
...
- In the $from, $this->from, set the FROM address of the email which will be send from this server.
...
- In the $footer_jp_map, $footer_jp_test, $footer_eng_map and $footer_eng_test, modify to the appropriate sentences as you want.
...
- /usr/local/map/app/config/system.php
In the "host" and the host of "loginlink" in $config["production"], $config["test"], set the host name of this server.
...
Registration of System Administrator
Create a new account by accessing to the following URL.
https://HOTS-NAME-OF-THIS-SERVER/map/
After selecting the IdP and then login, create a new account.
Register the Administrator of the Database.コード ブロック $ mysql -u vouser vo
...
-pYOUR-OWN-PASSWORD
...
mysql> select id,name,mail from accounts;
...
Find your ID by the above command, and then and execute the following SQL to your ID.
...
mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(YOUR-ACCOUNT-ID, 1, 1, NOW(), NOW());
...
Example)
...
mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 1, 1, NOW(), NOW());
...
Registration of SP
By the following commands, SP information which if a part of the federaton member will be registered in the sp_hosts table of the database.
コード ブロック |
---|
$ cd /usr/local/map/cake/console |
...
$ ./cake -app /usr/local/map/app sp_host /var/cache/shibboleth/federation-metadata.xml |
If you would like to register the SP which is not a member of the federation, it’s easy to add the SP in the /var/cache/shibboleth/federation-metadata.xml and then execute the above command.
Register SP Administrator in the Datbase.
コード ブロック |
---|
$ mysql -u vouser vo |
...
-pYOUR-OWN-PASSWORD |
...
mysql> insert into sp_administrators(eppn, host_name, entityid, created) values('YOUR-ePPN', 'HOST-NAME-OF-UTILIZED-SP', 'ENTITY-ID-OF-UTILIZED-SP', NOW()); |
...
Example1)Registration for researchmap and kyouindb
...
Example1)Registration for researchmap and kyouindb mysql> insert into sp_administrators(eppn, host_name, entityid, created) \ |
...
values('xxxx@kyoto-u.ac.jp', 'researchmap.jp', 'https://researchmap.jp/shibboleth-sp', NOW()); |
...
mysql> insert into sp_administrators(eppn, host_name, entityid, created) \ |
...
values('xxxx@kyoto-u.ac.jp', 'kyouindb.iimc.kyoto-u.ac.jp', \ |
...
'https://kyouindb.iimc.kyoto-u.ac.jp/shibboleth-sp', NOW()); |
...
Exmaple2) Registration for test-meatmail.nii.ac.jp and test-map-sp1.nii.ac.jp |
...
mysql> insert into sp_administrators(eppn, host_name, entityid, created) \ |
...
values('xxxxxx@ebook-idp.nii.ac.jp', 'test-meatmail.nii.ac.jp', \ |
...
'https://test-meatmail.nii.ac.jp/shibboleth-sp', NOW()); |
...
mysql> insert into sp_administrators(eppn, host_name, entityid, created) \ |
...
values(' xxxxxx@ebook-idp.nii.ac.jp', 'test-map-sp1.nii.ac.jp', \ |
...
'https://test-map-sp1.nii.ac.jp/shibboleth-sp', NOW()); |
...
...
...
Create SP Connector
Create SP Connector of the utilized SP by executing the following SQL.
コード ブロック |
---|
$ mysql -u vouser vo |
...
-pYOUR-OWN-PASSWORD |
...
mysql> insert into groups(group_key,name,introduction,active,public,openmember,\ |
...
inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,\ |
...
created,modified) values('GROUP-KEY', 'SERVICE-NAME', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW()); |
...
Example1)Researchmap and kyouindb |
...
mysql> insert into groups(group_key,name,introduction,active,public,openmember,\ |
...
inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \ |
...
values('researchmap', 'Researchmap', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW()); |
...
mysql> insert into groups(group_key,name,introduction,active,public,openmember,\ |
...
inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified \ |
...
) values('kyouindb', 'kyouindb', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW()); |
...
Example2)test-meatmail.nii.ac.jp and test-map-sp1.nii.ac.jp |
...
mysql> insert into groups(group_key,name,introduction,active,public,openmember,\ |
...
inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \ |
...
values('test-meatmail.nii.ac.jp', 'test-meatmail.nii.ac.jp', '', \ |
...
0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW()); |
...
mysql> insert into groups(group_key,name,introduction,active,public,openmember,\ |
...
inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \ |
...
values('test-map-sp1.nii.ac.jp', 'test-map-sp1.nii.ac.jp', '', \ |
...
0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW()); |
Create SP Connector to Global mAP by executing the following SQL.
コード ブロック |
---|
$ mysql -u vouser vo |
...
-pYOUR-OWN-PASSWORD |
...
mysql>insert into groups(group_key,name,introduction,active,public,openmember,\ |
...
inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \ |
...
values('gakunin-map ', 'GakuNin-mAP', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW()); |
...
Exmaple) Test mAP |
...
mysql>insert into groups(group_key,name,introduction,active,public,openmember,\ |
...
inspectjoin,inspectquit,down_permission,up_permission,group_response,sp,created,modified) \ |
...
values('test-map ', 'Test-mAP', '', 0, 1, 1, 1, 0, 2, 0, 2, 1, NOW(), NOW()); |
...
...
Register the administrator of SP Connector to the database.
コード ブロック |
---|
$ mysql -u vouser vo |
...
-pYOUR-OWN-PASSWORD |
...
mysql> select id,name,mail from accounts; |
...
mysql> select id,group_key,name from groups where sp=1; |
...
Find your ID and Group table ID by the search |
...
com"mand above and then put it in the |
...
"YOUR-ACCOUNT- |
...
ID"and "GroupID" in the following SQL. mysql> insert into mygroups(account_id, groupid, admin, created, modified) values( |
...
YOUR-ACCOUNT-ID, GroupID, 1, NOW(), NOW()); |
...
Example) In case of creating 3 SP Connectors |
...
mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 2, 1, NOW(), NOW()); |
...
mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 3, 1, NOW(), NOW()); |
...
mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 4, 1, NOW(), NOW()); |
...
Connection between SP Connecor and SP.
Connect SP Connector and SP by executing the following SQL.
コード ブロック |
---|
$ mysql -u vouser vo |
...
-pYOUR-OWN-PASSWORD |
...
Search utilizes SP Connector ID. |
...
mysql> select id, name from groups where sp = 1; |
...
Search utilizes SP ID |
...
mysql> select id, name from sp_hosts; |
...
Based on the search result, register connecting information between SP Connector and SP. |
...
insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \ |
...
values(SP-CONNECTOR-ID, SP-ID, 'SERVICE-URL', NOW(),NOW(), 'SERVICE-NAME'); |
...
・SP Connector ID:ID of groups table |
...
・SP ID:ID of sp_hosts |
...
Example1)Researchmap and kyouindb
...
table Example1)Researchmap and kyouindb mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \ |
...
values(2, 3, 'http://researchmap.jp/', NOW(),NOW(), 'Researchmap'); |
...
mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \ |
...
values(3, 15, 'http://kyouindb.iimc.kyoto-u.ac.jp/', NOW(),NOW(), 'kyouindb'); |
...
Example2)test-meatmail.nii.ac.jp and test-map-sp1.nii.ac.jp |
...
mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \ |
...
values(2, 80, 'https://test-meatmail.nii.ac.jp/', NOW(),NOW(), 'Test-MeatMail'); |
...
mysql> insert into group_sphosts(group_id,sp_id,lead_url,created,modified,service_name) \ |
...
values(3, 175, 'https://test-map-sp1.nii.ac.jp/', NOW(),NOW(), 'Test-mAP-SP1'); |
...
...
Connect SP Connector and Global mAP(SP) by executing the following commands.
コード ブロック |
---|
$ mysql -u vouser vo |
...
-pYOUR-OWN-PASSWORD |
...
Search SP Connector ID of Global mAP |
...
mysql> select id, name from groups where sp = 1 and group_key='gakunin-map'; |
...
Search SP ID of Global mAP |
...
mysql> select id, name from sp_hosts where name='map.gakunin.nii.ac.jp'; |
...
Based on the search result, register the connecting information between SP Connector and SP. |
...
mysql> insert into group_sphosts(group_id,sp_id,created,modified,service_name) \ |
...
values(SP-CONNECTOR-ID, SPのID, NOW(),NOW(), 'SERVICE-NAME'); |
...
Example 1)GakuNin mAP |
...
mysql> insert into group_sphosts(group_id,sp_id,created,modified,service_name) \ |
...
values(4, 14, NOW(),NOW(), 'GakuNin-mAP'); |
...
Example2)Test mAP |
...
mysql> insert into group_sphosts(group_id,sp_id,created,modified,service_name) \ |
...
values(4, 48, NOW(),NOW(), 'Test-mAP'); |
...
Automatic Connection of SP Connector
This enables users to utilize SP (ex. Researchmap, kyouindb) by connecting SP connector automatically when the user create new group.
コード ブロック |
---|
$ mysql -u vouser vo |
...
-pYOUR-OWN-PASSWORD |
...
Obtain ID by searching SP Connector |
...
mysql> select id, name from groups where sp = 1; |
...
Set the found ID in the following SQL and then execute. |
...
mysql> insert into sp_auto_connectors(groupid,created) values(FOUND-ID, NOW()); |
...
Example)
...
Example) mysql> insert into sp_auto_connectors(groupid,created) values(2, NOW()); |
...
mysql> insert into sp_auto_connectors(groupid,created) values(3, NOW()); |
Enable to utilize it also via Global mAP
コード ブロック |
---|
$ mysql -u vouser vo |
...
-pYOUR-OWN-PASSWORD |
...
Search ID of SP Connector of Global mAP. |
...
mysql> select id, name from groups where sp = 1 and group_key='gakunin-map'; |
...
Set the found ID in the following SQL and then execute. |
...
mysql> insert into sp_auto_connectors(groupid,created) values(FOUND-ID, NOW()); |
...
Example)
...
Example) insert into sp_auto_connectors(groupid,created) values(4, NOW()); |
...
...
Attribute Consent Setting for SP Connector
Set the consent information which will be utilized by the SP Connector
コード ブロック |
---|
$ mysql -u vouser vo |
...
-pYOUR-OWN-PASSWORD |
...
Obtain ID by searching SP Connector
mysql> select id, name from groups where sp = 1;
Set ID for SP Connector in the following SQL and then execute.
...
Obtain ID by searching SP Connector mysql> select id, name from groups where sp = 1; Set ID for SP Connector in the following SQL and then execute. mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\ |
...
language,organization,created,modified) values(FOUND-ID, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW()); |
...
Example) |
...
select id, name from groups where sp = 1; |
...
+----+-------------------------+ |
...
| id |
...
| name | +----+-------------------------+ |
...
| |
...
2 |
...
| 3 | yyyyyyy |
| 4 | zzzzzzz |
...
| xxxxxxx | | 3 | yyyyyyy | | 4 | zzzzzzz | mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\ |
...
language,organization,created,modified) values(2, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW()); |
...
mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\ |
...
language,organization,created,modified) values(3, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW()); |
...
mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\ |
...
language,organization,created,modified) values(4, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW()); |
...
...
Importing the Account Data from the Existing Database
...
Format of the TSV is as follows
Note that display name have to be within 50 characters.
コード ブロック |
---|
LOCAL-ID(SPS-ID)<<TAB>>ePPN<<TAB>>DISPLAY-NAME(NAME) |
...
... |
Import command is as follows.
コード ブロック |
---|
$ export TERM=vt100 |
...
$ cd /usr/local/map/cake/console |
...
$ ./cake -app /usr/local/map/app kyoto_u_ac_jp_import [TSV-FILE-NAME] [IdP-ENTITY-ID] |
...
Example 1)Normal Execution |
...
$ export TERM=vt100 |
...
$ cd /usr/local/map/cake/console |
...
$ ./cake -app /usr/local/map/app kyoto_u_ac_jp_import \ |
...
/var/local/map/tmp/kyoto-u.ac.jp.sample.tsv \ |
...
https://authidp1.iimc.kyoto-u.ac.jp/idp/shibboleth |
...
Example 2)Send Email after Execution |
...
$ export TERM=vt100 |
...
$ cd /usr/local/map/cake/console |
...
$ ./cake -app /usr/local/map/app kyoto_u_ac_jp_import \ |
...
/var/local/map/tmp/kyoto-u.ac.jp.sample.tsv \ |
...
https://authidp1.iimc.kyoto-u.ac.jp/idp/shibboleth | mail -s "Import Result" EMAIL-ADDRESS |
Metadata
If you need to connect with Global mAP, it is required to incorporate this IdP metadata into the GlobalmAP.
...
/opt/shibboleth-idp/metadata/idp-metadata.xml
Validation
...
Authentication
Confirm the authentication page after accessing to the following URL.
https://HOST-NAME-OF-THIS-SERVER/secure/attr.php
...
SP
After integrating the metadata of this SP into the related SPs and/or Global mAP, you can check the connecting test.
...