...
パネル |
---|
borderColor | #cccccc |
---|
bgColor | #eeeeee |
---|
borderStyle | solid |
---|
|
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
"http://www.eclipse.org/jetty/configure_9_4.dtd">
<Configure id="sslContextFactoryshibContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="IncludeProtocols">
<Array type="String">
<Item>TLSv1.3</Item>
<Item>TLSv1.2</Item>
</Array>
</Set>
<Set name="ExcludeProtocols">
<Array type="String">
<Item>TLSv1.1</Item>
<Item>TLSv1</Item>
<Item>SSL</Item>
<Item>SSLv2</Item>
<Item>SSLv3</Item>
</Array>
</Set>
<Set name="IncludeCipherSuites">
<Array type="String">
<Item>TLS_ECDHE.*</Item>
<Item>TLS_AES.*</Item>
<Item>TLS_RSA.*</Item>
</Array>
</Set>
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>.*NULL.*</Item>
<Item>.*RC4.*</Item>
<Item>.*MD5.*</Item>
<Item>.*DES.*</Item>
<Item>.*DSS.*</Item>
<Item>TLS_DHE.*</Item>
</Array>
</Set>
</Configure>
|
上記ファイルを参照するように /opt/jetty-base/modules/idp-backchannel.mod に追記します。
パネル |
---|
borderColor | #cccccc |
---|
bgColor | #eeeeee |
---|
borderStyle | solid |
---|
|
(省略)
[xml]
etc/idp-backchannel.xml
etc/tweak-ssl.xml |
4. httpd の設定
以下のように設定ファイルの修正を行います。
...
パネル |
---|
borderColor | #cccccc |
---|
bgColor | #eeeeee |
---|
borderStyle | solid |
---|
|
Buildfile: /opt/shibboleth-idp/bin/build.xml
build-war:
Installation Directory: [/opt/shibboleth-idp] ?
[Enter] ←入力なし
INFO - Including auto-located properties in /opt/shibboleth-idp/conf/admin/admin.properties
INFO - Including auto-located properties in /opt/shibboleth-idp/conf/authn/authn.properties
INFO - Including auto-located properties in /opt/shibboleth-idp/conf/c14n/subject-c14n.properties
INFO - Including auto-located properties in /opt/shibboleth-idp/conf/ldap.properties
INFO - Including auto-located properties in /Rebuilding /opt/shibboleth-idp/conf/saml-nameid.properties
INFO - Including auto-located properties in /opt/shibboleth-idp/conf/services.properties
Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.23.1 Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp Creating war file /opt/shibboleth-idp/war/idp.war
BUILD SUCCESSFUL
(省略) |
httpdの再起動とJettyの起動を行います。(すでにJettyが起動している場合はstopしてから行ってください)
...