...
パネル |
---|
borderColor | #cccccc |
---|
bgColor | #eeeeee |
---|
borderStyle | solid |
---|
|
<!-- Allows overriding of error template information/filenames. You can also add attributes with values that can be plugged into the templates. -->
<Errors supportContact="root@localhost"
helpLocation="/about.html"
styleSheet="/shibboleth-sp/main.css"/>
<!-- Example of remotely supplied batch of signed metadata. --> <!-- --> <!-- <MetadataProvider type="XML" validate="true" uri="https://ex-ds.gakunin.nii.ac.jp/fed/ex-fed-metadata.xml" backingFilePath="federation-metadata.xml" reloadInterval="7200"> --> <MetadataProvider type="XML" validate="true" uri="https://metadata.gakunin.nii.ac.jp/gakunin-test-metadata.xml" backingFilePath="federation-metadata.xml" reloadInterval="7200"> <MetadataFilter type="RequireValidUntil" maxValidityInterval="1296000"/> <!-- <MetadataFilter type="Signature" certificate="/etc/shibboleth/cert/ex-fed.crt"/> --> <MetadataFilter type="Signature" certificate="/etc/shibboleth/cert/gakunin-test-signer-2011.cer"/> </MetadataProvider> <!-- -->
<!-- Example of locally maintained metadata. --> <!-- <MetadataProvider type="XML" file="partner-metadata.xml"/> --> |
...
パネル |
---|
borderColor | #cccccc |
---|
bgColor | #eeeeee |
---|
borderStyle | solid |
---|
|
cd /opt/shibboleth-idp/credentials
wget https://metadata.gakunin.nii.ac.jp/gakunin-test-signer-2011.cer |
② relyingmetadata-partyproviders.xmlのメタデータ自動ダウンロード設定を変更します。
パネル |
---|
borderColor | #cccccc |
---|
bgColor | #eeeeee |
---|
borderStyle | solid |
---|
|
<!-- ========================================== -->
<!-- Metadata Configuration -->
<!-- ========================================== (省略) The EntityRoleWhiteList saves memory by only loading metadata from entity types
that you will interoperate with. -->
<!-- MetadataProvider the combining other MetadataProviders -->
<MetadataProvider <metadata:MetadataProvider id="ShibbolethMetadata" xsiHTTPMetadata"
xsi:type="metadata:ChainingMetadataProviderFileBackedHTTPMetadataProvider"> (省略) <!-- Example metadata provider. -->
<!-- Reads metadata from a URL and store a backup copy on the file system. -->
<!-- Validates the signature of the metadata and filters out all by SP entities in order to save memory -->
<!-- To use: fill in 'metadataURL' and 'backingFile' properties on MetadataResource element --> <!-- --> <!-- <metadata:MetadataProvider id="URLMD" xsi:type="metadata:FileBackedHTTPMetadataProvider" metadataURL backingFile="%{idp.home}/metadata/gakunin-metadata-backing.xml"
metadataURL="https://ex-ds.gakunin.nii.ac.jp/fed/ex-fed-metadata.xml" backingFile="/opt/shibboleth-idp/metadata/some-metadata.xml">
-->
<metadata:MetadataProvider <MetadataProvider id=" URLMD" xsiHTTPMetadata"
xsi:type="FileBackedHTTPMetadataProvider" metadata:FileBackedHTTPMetadataProvider"
metadataURL
backingFile="%{idp.home}/metadata/gakunin-metadata-backing.xml"
metadataURL="https://metadata.gakunin.nii.ac.jp/gakunin-test-metadata.xml"
backingFile="/opt/shibboleth-idp/metadata/some-metadata.xml"> <metadata:MetadataFilter <MetadataFilter xsi:type=" metadata:ChainingFilter"> <metadata:MetadataFilter xsi:type="metadata:RequiredValidUntil" maxValidityIntervalRequiredValidUntil" maxValidityInterval="P15D" />
<!-- <metadata:MetadataFilter <MetadataFilter xsi:type=" metadata:SignatureValidation" trustEngineRef="shibboleth.MetadataTrustEngine" requireSignedMetadata="true" /> <metadata:MetadataFilter requireSignedMetadata="true"
certificateFile="%{idp.home}/credentials/ex-fed.crt"/>
--> <MetadataFilter xsi:type=" metadata:EntityRoleWhiteListSignatureValidation" > <metadata:RetainedRole>samlmd:SPSSODescriptor</metadata:RetainedRole> </metadata:MetadataFilter> </metadata:MetadataFilter> </metadata:MetadataProvider> <!-- --> </metadata:MetadataProvider>
|
...
requireSignedMetadata="true"
certificateFile="%{idp.home}/credentials/gakunin-test-signer-2011.cer"/
|
パネル |
---|
borderColor | #cccccc |
---|
bgColor | #eeeeee |
---|
borderStyle | solid |
---|
|
<!-- ========================================== --> <!-- Security Configurations -->
<!-- ========================================== -->
<security:Credential id="IdPCredential" xsi:type="security:X509Filesystem">
<security:PrivateKey>/opt/shibboleth-idp/credentials/server.key</security:PrivateKey>
<security:Certificate>/opt/shibboleth-idp/credentials/server.crt</security:Certificate>
</security:Credential> <!-- Trust engine used to evaluate the signature on loaded metadata. -->
<!-- -->
<security:TrustEngine id="shibboleth.MetadataTrustEngine" xsi:type="security:StaticExplicitKeySignature">
<security:Credential id="MyFederation1Credentials" xsi:type="security:X509Filesystem">
<!--
<security:Certificate>/opt/shibboleth-idp/credentials/ex-fed.crt</security:Certificate>
-->
<security:Certificate>/opt/shibboleth-idp/credentials/gakunin-test-signer-2011.cer</security:Certificate>
</security:Credential>
</security:TrustEngine>
<PublicKey>
THIS IS AN EXAMPLE
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxg0TyQAP/tIvOH89EtaX
uRRn8SYzTj7W1TbNY4VvBmobjkRmSkki4hH9x4sQpi635wn6WtXTN/FNNmkTK3N/
LspmBWxfZS+n+cc7I82E5yvCAPX67QsZgqgglp2W5dvK/FsMMCS6X6SVqzBLMP88
NenXKxY+HMxMs0sT0UKYh1cAEqadrHRBO65aDBcm5a0sBVYt9K6pgaOHrp/zSIbh
nR5tFFLjBbtFktDpHL3AdGBH3OYidNGKBO3tJ3Ms7LeKXsM0+0Y4P+9fHZINL2X3
E2N6GVnKs5PZTg9sP0FtIpAbYm/+zCx7Yj1ET/Er8mDd6tNVGSQsn9s5xUBwGqn1
4wIDAQAB
</PublicKey>
</MetadataFilter>
-->
<MetadataFilter xsi:type="EntityRoleWhiteList">
<RetainedRole>md:SPSSODescriptor</RetainedRole>
</MetadataFilter>
</MetadataProvider>
<!-- -->
|
④ ③ tomcatを再起動します。
パネル |
---|
borderColor | #cccccc |
---|
bgColor | #eeeeee |
---|
borderStyle | solid |
---|
|
service tomcat6tomcat7 restart |
⑤ テストフェデレーションの接続テスト用SP https://test-sp1.gakunin.nii.ac.jp にアクセスします。
...