tiqr
子ページ
  • Installing Shibbolized Tiqr

比較バージョン

古いバージョン 36

changes.mady.by.user Daisuke Miyakawa

保存しました

次と比較

新しいバージョン 37

changes.mady.by.user Daisuke Miyakawa

保存しました

キー

  • この行は追加されました。
  • この行は削除されました。
  • 書式設定が変更されました。

...

To install depending packages, run the following command:

コード ブロック
languagebash
$ sudo yum -y install httpd php mod_ssl php-gd php-pdo php-mcrypt sqlite

...

After the procedure above, you can check the result with tree command:

bash
コード ブロック
language
$ tree --charset=ascii -L 2 /opt/tiqrzend/
/opt/tiqrzend/
|-- application
|   |-- Bootstrap.php
|   |-- configs
|   |-- controllers
|   |-- layouts
|   |-- modules
|   `-- views
|-- library
|   |-- phpqrcode
|   |-- tiqr
|   |-- tiqrshib
|   |-- tiqr-zf
|   |-- zend -> ZendFramework-1.12.9-minimal
|   `-- ZendFramework-1.12.9-minimal
|-- public
|   |-- images
|   |-- index.php
|   `-- scripts
|-- resources
|   `-- Sample.php
`-- tests
    |-- application
    |-- library
    `-- phpunit.xml
20 directories, 4 files

...

Copy /opt/tiqrzend/application/configs/application.example.ini to /opt/tiqrzend/application/configs/application.ini.

bash
コード ブロック
language
$ cp /opt/tiqrzend/application/configs/application.example.ini /opt/tiqrzend/application/configs/application.ini

...

Prepare DB for tiqrshib's "SecretStorage". For evaluation purpose, run the following commands:

bash
コード ブロック
language
$ mkdir -p /opt/tiqrzend/db/
$ sqlite3 /opt/tiqrzend/db/secrets.db
sqlite> CREATE TABLE IF NOT EXISTS tiqrshibsecrets (
...> `id` integer NOT NULL PRIMARY KEY AUTOINCREMENT,
...> `uid` text NOT NULL UNIQUE,
...> `secret` text DEFAULT NULL,
...> `isActive` integer DEFAULT NULL);
sqlite> (exit)
$ sudo chown -R apache: /opt/tiqrzend/db

...

Here is how to install Apache Maven 3.5.0 in /opt/ directory.

bash
コード ブロック
language
$ export MVN_VERSION=3.5.0
$ wget http://ftp.riken.jp/net/apache/maven/maven-3/${MVN_VERSION}/binaries/apache-maven-${MVN_VERSION}-bin.tar.gz
$ tar xf apache-maven-${MVN_VERSION}-bin.tar.gz -C /opt/
$ export PATH=/opt/apache-maven-${MVN_VERSION}/bin:$PATH
$ mvn --version
(Check Maven is installed)

Under the "idp/" directory in this project, run the following commands:

bash
コード ブロック
language
$ ls
pom.xml  src
$ mvn -DskipTests=false clean package
... (a lot of logs) ...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.683 s
[INFO] Finished at: 2017-09-05T16:41:39+09:00
[INFO] Final Memory: 24M/361M
[INFO] ------------------------------------------------------------------------
$ ls
pom.xml  src  target
$ ls target/
classes  maven-archiver  tiqrshibauthn-2.0.jar

...

From this step, we assume you logged in the host where IdP resides as root. You should also prepare IdP's installation package unpacked somewhere.

bash
コード ブロック
language
# pwd
/root/shibboleth-identity-provider-3.3.1

Before going forward, we recommend to stop Tomcat.

bash
コード ブロック
language
# systemctl stop tomcat

Place tiqrshibauthn-2.0.jar in IdP installer's webapp/WEB-INF/lib/ directory.

...

Install the modified IdP using bin/install.sh as usual IdP installation.

bash
コード ブロック
language
# bin/install.sh

Depending on your Tomcat configuration, you may need to copy `idp.war` in `/usr/java/tomcat/webapps/` and remove `idp/` directory there.

bash
コード ブロック
language
# cp -f /opt/shibboleth-idp/war/idp.war /usr/java/tomcat/webapps/
# rm -rf /usr/java/tomcat/webapps/idp

...

Move to `/opt/shibboleth-idp/` and modify relevant configuration files.

bash
コード ブロック
language
# cd /opt/shibboleth-idp

Create `flows/authn/tiqrshib/` directory and copy some relevante XML files. Then edit copied files so they become ready for tiqrshib authentication.

You can use the following sequence of sed commands if original XML are untouched:

bash
コード ブロック
language
# mkdir flows/authn/tiqrshib/
# cp system/flows/authn/external-authn-flow.xml flows/authn/tiqrshib/tiqrshib-flow.xml
# sed -i 's/external-authn-beans\.xml/tiqrshib-beans.xml/' flows/authn/tiqrshib/tiqrshib-flow.xml
# cp system/flows/authn/external-authn-beans.xml flows/authn/tiqrshib/tiqrshib-beans.xml
# sed -i 's/external-authn-config\.xml/tiqrshib-authn-config.xml/' flows/authn/tiqrshib/tiqrshib-beans.xml
# cp dist/conf/authn/external-authn-config.xml.dist conf/authn/tiqrshib-authn-config.xml 
# sed -i 's/Authn\/External/Authn\/TiqrShib/' conf/authn/tiqrshib-authn-config.xml

...