...
アンカー EnglishVersion EnglishVersion
Procedure for Changing the Shibboleth SP
...
Configuration to use new GakuNin signing certificate
警告 |
---|
This manual is a work-in-progress. Please note that it may be changed in the final version. The URL mentioned in here is not prepared yet. |
...
注意 |
---|
This manual is for the standard Shibboleth SP configuration set according to version 2.6.0. If you are using a different version or configuration, please replace and read it accordingly. |
Download a the new signing certificate from the URL below and place it in: /etc/shibboleth/cert/gakunin-signer-2017.cer
https://metadata.gakunin.nii.ac.jp/gakunin-signer-2017.cer
注意 | ||
---|---|---|
| ||
Please confirm that the fingerprint of the downloaded certificate matches the following: SHA256 Fingerprint=5E:D6:A8:C5:E9:30:49:3F:B4:BA:77:54:6A:FB:66:BA:14:7D:CB:50:5B:EF:0F:D9:7C:26:04:C2:D9:36:FD:81 OpenSSL command is as follows: > openssl x509 -in gakunin-signer-2017.cer -fingerprint -sha256 -noout
The federation metadata URL for publishing is stipulated in "System Administration Standards for the GakuNin". Metadata Publishing URL : https://metadata.gakunin.nii.ac.jp/gakunin-metadata.xml System Administration Standards for the GakuNin : http://id.nii.ac.jp/1149/00000219/ |
notice:The following description is diff format.
Edit /etc/shibboleth/shibboleth2.xml as follows:
...