...
This document assumes they are installed based on the following document provided by GakuNin. If you installed them in a different way, consider modifying some of our proceduresmodify the procedure below as your system requires.
https://meatwiki.nii.ac.jp/confluence/pages/viewpage.action?pageId=20021624
Installation
Install
...
Yum Packages
To install depending packages, run the following command:
...
Here, sqlite is installed as our sample configuration requires it. If you want to use MySQL for the backend DB, consider installing "mysql-connector-odbc" and "php-mysql" instead.
...
Checkout
...
Source Code for Shibbolized Tiqr
Checkout the source code from the repository.
...
It should contain two projects, "tiqrzend" and the Shibboleth IdP extension. Here
Deploy "tiqrzend" server
Here we setup "tiqrzend" first.
...
| コード ブロック |
|---|
Alias /tiqr/ "/opt/tiqrzend/public/"
<Location /tiqr>
RewriteEngine On
RewriteBase /tiqr
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ /tiqr/index.php [NC,L]
require all granted
</Location>
<Location /tiqr/shib/enroll/process>
AuthType shibboleth
ShibRequestSetting requireSession 1
require valid-user
</Location> |
Confirm "tiqrzend
...
" is Working
With the modifications above, tiqr authentication flow should be ready for evaluation.
...
What you should check here is if the redirect happens at this point. If the redirect does not happen and some other problem happens, you will need to trouble-shoot it here.
Checking "tiqrzend
...
" Log
There are multiple logs to be checked when there are some errors.
- httpd's logs in /var/log/httpd
- PHP's logs in syslog or whatever you configured at /etc/php.ini
- tiqrzend's login /opt/tiqrzend/application/logs/
Deploy the Shibboleth IdP extension
Build the
...
Extension
Building the IdP extension requires Apache Maven. You can build the extension outside where IdP resides, but you need the same Java environment to build the extenion there.
...
If you are outside the host where IdP resides, copy the jar file to the server.
Install the
...
Extension into
...
Shibboleth IdP
From this step, we assume you logged in the host where IdP resides as root. You should also prepare IdP's installation package unpacked somewhere.
...
| コード ブロック |
|---|
# chown -R tomcat:tomcat /opt/shibboleth-idp/logs
# chgrp -R tomcat /opt/shibboleth-idp/conf
# chmod -R g+r /opt/shibboleth-idp/conf
# find /opt/shibboleth-idp/conf -type d -exec chmod -R g+s {} \;
# chgrp tomcat /opt/shibboleth-idp/metadata
# chmod g+w /opt/shibboleth-idp/metadata
# chmod +t /opt/shibboleth-idp/metadata |
Configure IdP for the Extension
Move to `/opt/shibboleth-idp/` and modify relevant configuration files.
...