GakuNinmAPpublic

ページ ツリー

比較バージョン

古いバージョン 18

changes.mady.by.user Takeshi Nishimura

保存しました

次と比較

新しいバージョン 19

changes.mady.by.user Soshi Urakami

保存しました

キー

  • この行は追加されました。
  • この行は削除されました。
  • 書式設定が変更されました。

目次

添付ファイル

 

Purpose

The purpose of this document is to install and validate the (global) mAP environment.

...

Software Name

Version

Notes

CentOS (64bit)

67.52

Operating System

Shibboleth-SP

2.5.3 (*1)5

Service Provider

Shibboleth-IdP

2.4.05

Identity Provider

Apache HTTP Server

2.2.15 4 (*1)

WEB Server

Java

JDK OpenJDK 7 Update 45 or openjdk 1.60.085

IdP Executable Environment

Apache Tomcat

67.0.24 54 (*1)

Servlet Container

MySQLMariaDB

5.15.71 44 (*1)

Relational Database

Postfix

2.6.6 10 (*1)

Mail Transfer Agent

PHP

5.34.3 16 (*1)

Programing Language

*1 Latest version of yum package as of  20142015/2/2829

 

Installing Shibboleth SP

...

In addition to Shibboleth IdP, Java and Tomcat should be installed as well. Please setup these environment as well.

Installing and Setting Up

...

MariaDB

Install MySQL MariaDB by using following command.

コード ブロック
$ sudo yum install mysqlmariadb-server

* If the MySQL MariaDB has already been installed as the initial component, you can skip this process.

...

コード ブロック
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
symbolic-links=0
 
old_passwords=1
default-character-set-server = utf8
 
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
 
[mysql]
default-character-set-server = utf8

 

Execute
コード ブロック
$ sudo /etc/init.d/mysqldsystemctl start mariadb.service 
$ sudo chkconfigsystemctl mysqldenable onmariadb.service

 

Create Database
コード ブロック
$ mysql -u root
CREATE DATABASE vo;
GRANT ALL PRIVILEGES ON vo.* TO 'vouser'@'localhost' IDENTIFIED BY 'YOUR OWN PASSWORD';

...

コード ブロック
$ sudo yum install php
$ sudo yum install php-devel php-gd php-mbstring php-pdo
$ sudo yum install php-mysql php-xml
$ sudo /etc/init.d/httpd restartsystemctl restart httpd.service

 

Setting Up Timezone

Add timezone in /etc/php.ini . Parameter “Asia/Tokyo” should be changed depending on your local time.

...

コード ブロック
/etc/postfix/main.cf
Execute
コード ブロック
$ sudo /etc/init.d/postfixsystemctl start postfix.service
$ sudo systemctl chkconfigenable postfix on.service

Installing Attribute Provider (SP)

...

  • attribute-map.xml
    Add the following line or make sure sure isMemberOf attribute  attribute is recognized.

    コード ブロック
    languagexml
        <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" id="isMemberOf"/> 

  • attribute-policy.xml
    Add the following rule before before attributeID="*" line line.

    コード ブロック
    languagexml
            <!-- isMemberOf -->
        <afp:AttributeRule attributeID="isMemberOf">
            <afp:PermitValueRule xsi:type="AttributeIssuerString"
                    value="https://[Host Name of the SP]/idp/shibboleth"/>
        </afp:AttributeRule>

    Modify “[Host Name of the SP]” to this server host name.

  • shibboleth2.xml
    Add MetadataProvider.

    コード ブロック
    languagexml
            <!-- Example of locally maintained metadata. -->
        <!-- Metadata of this IdP -->
        <MetadataProvider type="XML" file="/opt/shibboleth-idp/metadata/idp-metadata.xml"/>

    And add SimpleAggregation AttributeResolver after after <AttributeResolver type="Query" subjectMatch="true"/>line.

    コード ブロック
            <!-- Uses eduPersonPrincipalName from IdP to query, and asks for isMemberOf. -->
        <AttributeResolver type="SimpleAggregation" attributeId="eppn" format="urn:oid:1.3.6.1.4.1.5923.1.1.1.6">
          <Entity>https://[Host Name of the IdP]/idp/shibboleth</Entity>
        </AttributeResolver>

    Modify “[Host Name of the IdP]” to this server host name.

  • embedded-wayf_config.js
    Modify “Host Name of the SP” to the name of this server.
    Values in wayf_additional_idps also have to be changed.
    Instead, you can use your own embedded DS in in app/views/pages/home.ctp.

...

  • Store the metadata of the SP of this server in the following location.
    /etc/shibboleth/metadata/sp-metadata.xml
  • Store the metadata of this IdP of this server in the following location.
    /opt/shibboleth-idp/metadata/idp-metadata.xml
    * shibd have to be restarted after the “10. Installing Attribute Provider (IdP)”since the metadata of the IdP is not yet generated at this moment.
  • Federation Metadata
    If required, federation metadata have to be included by the shibboleth2.xml configuration.
Restart
コード ブロック
$ sudo /etc/init.d/shibd restart$ sudo /etc/init.d/httpd restartsystemctl restart shibd.service
$ sudo systemctl restart httpd.service

Installing Attribute Provider (IdP)

...

Please contact GakuNin Office if authentication is required.
attribute-resolver.xml
attribute-filter.xml

Please download mysqlmariadb-connectorjava-javaclient-51.13.xxx.zip jar from MySQL MariaDB site:

https://devmariadb.mysql.com/downloadsmy_portal/connector/j/
Unzip the file and you will find the JAR file.
mysql-connector-java-5.1.xx-bin.jardownload/java-client

Please download trustany-ssl-1.0.x.jar from wiki.shibboleth.net:

https://wiki.shibboleth.net/confluence/display/IDP30/ApacheTomcat8#ApacheTomcat8-SupportingSOAPEndpoints

 

Modify Configuration
  • attribute-resolver.xml
    Modify“SALT”to appropriate random values.
    Setup database password to be the same one with “6. Installing and Setting Up MySQL”MariaDB.
    Modify “Host name of the IdP” to this server host name.

  • relying-party.xml
    Add MetadataProvider for SP which utilize this mAP system.

    コード ブロック
    languagexml
            <metadata:MetadataProvider id="SP" xsi:type="metadata:ResourceBackedMetadataProvider">
          <metadata:MetadataResource xsi:type="resource:FilesystemResource" file="/etc/shibboleth/metadata/sp-metadata.xml" />
        </metadata:MetadataProvider>

...

  • The metadata of this SP has already been stored in  the following location.
    /etc/shibboleth/metadata/sp-metadata.xml
  • Store the metadata of this IdP in the following location.
    /opt/shibboleth-idp/metadata/idp-metadata.xml
Deployment of the

...

MariaDB driver
コード ブロック
$ sudo cp mysqlmariadb-connectorjava-javaclient-51.13.xx-binx.jar \
[TOMCAT install directory]/webapps/idp/WEB-INF/lib/.

$ sudo cp mysqlmariadb-connectorjava-javaclient-51.13.xx-binx.jar /opt/shibboleth-idp/lib/.

...

Create table for StoredID in the MySQL MariaDB database.

https://meatwiki.nii.ac.jp/confluence/display/GakuNinShibInstall/StoredID

“4. Create table in the database (In case of MySQLMariaDB)”

コード ブロック
$ mysql -u root vo
mysql> put SQL commands here.
Deployment of the trustany-ssl
コード ブロック
$ sudo cp trustany-ssl-1.0.x.jar [TOMCAT install directory]/lib/.
Back Channel

Configure for back channel by referring to the following instruction.

Create credential

コード ブロック
# cd /opt/shibboleth-idp/credentials
# UMASKORIG="`umask`" ; umask 0077
# openssl pkcs12 -export -out pkcs12server.p12 -in idp.crt -inkey idp.key -name HOST-NAME-OF-THIS-SERVER
Enter Export Password: YOUR-OWN-PASSOWRD
Verifying - Enter Export Password: YOUR-OWN-PASSWORD

# keytool -importkeystore -srckeystore pkcs12.p12 -destkeystore keystore.jks \
-srcstoretype pkcs12 -deststoretype jks -srcalias HOST-NAME-OF-THIS-SERVER \
-destalias HOST-NAME-OF-THIS-SERVER -storepass YOUR-OWN-PASSOWRD
Enter source keystore password: YOUR-OWN-PASSOWRD
keystore.jks will be generated.
# rm pkcs12.p12
# chmod 600 /opt/shibboleth-idp/credentials/keystore.jks

* This instruction assume IdP certificate as idp.crt and idp.key.

Back Channel Port

Enable 8443 port in the server.xml of Tomcat configuration file.

Server.xml can be found in the following location if the Tomcat was installed by using yum

コード ブロック
/usr/share/tomcat6/conf/server.xml

Add following configuration.

umask "$UMASKORIG"

* This instruction assume IdP certificate as idp.crt and idp.key.

Back Channel Port

Enable 8443 port in the server.xml of Tomcat configuration file.

Server.xml can be found in the following location if the Tomcat was installed by using yum

コード ブロック
/usr/share/tomcat/conf/server.xml

Add following configuration.

コード ブロック
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
        maxThreads="150"
        SSLEnabled="true"
        scheme="https"
        maxPostSize="100000
コード ブロック
<Connector port="8443"
               maxHttpHeaderSize="8192secure="true"
               maxSpareThreadsclientAuth="75want"
               scheme="httpssslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
               secure="truekeystoreFile="/opt/shibboleth-idp/credentials/server.p12"
               clientAuthkeystorePass="wantYOUR-OWN-PASSWORD"
               SSLEnabledkeystoreType="truePKCS12"
               sslProtocol="TLS"
               keystoreFile="/opt/shibboleth-idp/credentials/keystore.jks"
               keystorePass="YOUR-OWN-PASSWORD"
               truststoreFile="/opt/shibboleth-idp/credentials/keystore.jks"
               truststorePass="YOUR-OWN-PASSWORD"
               truststoreAlgorithm="DelegateToApplication"/>
Deployment
コード ブロック
$ sudo /etc/init.d/tomcat6 stop
$ sudo /etc/init.d/tomcat6 start

Restart SP as well in order to include the metadata of newly configured IdP.
$ sudo /etc/init.d/shibd restart
$ sudo /etc/init.d/httpd restart

Installing the Application

Download files from the following URL.

Please contact GakuNin Office if authentication is required.
map.zip

 

Deployment
コード ブロック
$ unzip map.zip
$ sudo mv map /usr/local/.
Initial Setting
trustManagerClassName="net.shibboleth.utilities.ssl.TrustAnyCertificate" />
Deployment
コード ブロック
$ sudo systemctl restart tomcat.service

Restart SP as well in order to include the metadata of newly configured IdP.
$ sudo systemctl restart shibd.service
$ sudo systemctl restart httpd.service

Installing the Application

Download files from the following URL.

Please contact GakuNin Office if authentication is required.

cloudgateway-r1293.zip

 

Deployment
コード ブロック
$ unzip cloudgateway-1.0.zip
$ sudo mv map /usr/local/.
Initial Setting
コード ブロック
# Announce Information
$ cd /usr/local/map
$ mkdir -p app/webroot/tmp/
$ touch app/webroot/tmp/announce.txt
$ sudo chown -R apache.apache app/webroot/tmp

# Adjust permissions
$ sudo chown -R apache.apache /usr/local/map/app/tmp
$ sudo chmod +x /usr/local/map/cake/console/cake
$ sudo chmod +x /usr/local/map/app/vendors/shells/*.php
$ sudo chmod -R 777 /usr/local/map/app/tmp/cache

# Group Icons
$ sudo mkdir -p app/tmp/uploads/group/original
$ sudo mkdir -p app/tmp/uploads/group/thumbnails/{20,50,100,200}
$ sudo mkdir -p app/tmp/uploads/group/temp
$ sudo mkdir -p app/tmp/uploads/sp_group/thumbnails/64
コード ブロック
# Announce Information
$ cd /usr/local/map
$ mkdir -p app/webroot/tmp/
$ touch app/webroot/tmp/announce.txt
$ sudo chown -R apache.apache app/webroottmp/tmp
uploads
# Adjust permissionsDeletion of Log Files and Cache Files
$ sudo chownrm -R apache.apache /usr/local/map/app/tmprf app/tmp/cache/models/*
$ sudo chmodrm +x-rf app/usrtmp/localcache/map/cake/console/cakepersistent/*
$ sudo chmodrm +x-rf app/usrtmp/local/map/app/vendors/shellscache/views/*.php
$ sudo chmodrm -R 777 /usr/local/map/rf app/tmp/logs/cache*

# Copy of GroupConfiguration IconsFiles
$ sudocp mkdir -p app/tmp/uploads/group/originalconfig/database.template.php app/config/database.php
$ sudocp mkdir -p app/tmp/uploads/group/thumbnails
$ sudo mkdir -p app/tmp/uploads/group/temp
$ sudo chown -R apache.apache app/tmp/uploads/groupconfig/core.template.php app/config/core.php
# Put random data on 'Security.salt' and 'Security.cipherSeed' in core.php.
$ vi app/config/core.php

# Deletion of LogFiles Filesfor andDevelopment Cache(if Filesexist)
$ sudo rm -rf app/tmp/cache/models/*
$ sudo rm -rf app/tmp/cache/persistent/*
$ sudo rm -rf app/tmp/cache/views/*
$ sudo rm -rf app/tmp/logs/*

# Copy of Configuration Files
$ cp app/config/database.template.php app/config/database.php
$ cp app/config/core.template.php app/config/core.php
# Put random data on 'Security.salt' and 'Security.cipherSeed' in core.php.
$ vi app/config/core.php

# Deletion of Files for Development (if exist)
$ rm app/config/local.php
Configuration of httpd.conf

Include following configuration in /etc/httpd/conf/httpd.conf

コード ブロック
<VirtualHost _default_:80>
  Redirect permanent / https://[HOST-NAME-OF-THIS-SERVER]/
</VirtualHost>

Alias /map "/usr/local/map"
<Directory "/usr/local/map">
  Order allow,deny
  Allow from all
  Options ExecCGI FollowSymLinks
  AllowOverride All
</Directory>

<Location "/map">
  AuthType shibboleth
  ShibRequestSetting requireSession 0
  require shibboleth
</Location>
Restart
コード ブロック
$ sudo /etc/init.d/httpd stop
$ sudo /etc/init.d/httpd start
Database Configuration
コード ブロック
$ mysql -u root vo < /usr/local/map/ddl/ddl.sql
$ mysql -u root vo < /usr/local/map/ddl/alter.sql
$ mysql -u root vo < /usr/local/map/ddl/index.sql
$ mysql -u root vo < /usr/local/map/ddl/init_system_admin.sql
$ mysql -u root vo
Open /usr/local/map/ddl/stored_procedure.sql and copy & paste the contents.
Application Configuration File
config/local.php
Configuration of httpd.conf

Include following configuration in /etc/httpd/conf/httpd.conf

コード ブロック
<VirtualHost _default_:80>
  Redirect permanent / https://[HOST-NAME-OF-THIS-SERVER]/
</VirtualHost>

Alias /map "/usr/local/map"
<Directory "/usr/local/map">
  Order allow,deny
  Allow from all
  Options ExecCGI FollowSymLinks
  AllowOverride All
</Directory>

<Location "/map">
  AuthType shibboleth
  ShibRequestSetting requireSession 0
  require shibboleth
</Location>
Restart
コード ブロック
$ sudo systemctl restart httpd.service
Database Configuration
コード ブロック
$ mysql -u root vo < /usr/local/map/ddl/ddl.sql
$ mysql -u root vo < /usr/local/map/ddl/alter.sql
$ mysql -u root vo < /usr/local/map/ddl/index.sql
$ mysql -u root vo < /usr/local/map/ddl/init_system_admin.sql
$ mysql -u root vo
Open /usr/local/map/ddl/stored_procedure.sql and copy & paste the contents.
Application Configuration File
  • /usr/local/map/app/config/database.php
    In the 'password' => '',  set the password defined at “6. Installing and Setting Up MariaDB”
  • /usr/local/map/app/config/mail.php
    In the 'host' => '', set the SMTP server.
    In the $from, $this->from, set the FROM address of the email which will be send from this server.
    In the $footer_jp_map, $footer_jp_test, $footer_eng_map and $footer_eng_test, modify to the appropriate sentences as you want.
  • /usr/local/map/app/config/system.php
    In the "host" and the host of "loginlink" in $config["production"], $config["test"], set the host name of this server.

  • Registration of System Administrator
    Create a

  • /usr/local/map/app/config/database.php
    In the 'database' => '',  set the password defined at “6. Installing and Setting Up MySQL”
  • /usr/local/map/app/config/mail.php
    In the 'host' => '', set the SMTP server.
    In the $from, $this->from, set the FROM address of the email which will be send from this server.
    In the $footer_jp_map, $footer_jp_test, $footer_eng_map and $footer_eng_test, modify to the appropriate sentences as you want.
  • /usr/local/map/app/config/system.php
    In the "host" and the host of "loginlink" in $config["production"], $config["test"], set the host name of this server.

  • Registration of System Administrator
    Create a new account by accessing to the following URL.
    https://HOTS-NAME-OF-THIS-SERVER/map/
    After selecting the IdP and then login, create a new account.

    Register the Administrator of the Database.

    コード ブロック
    $ mysql -u vouser vo -pYOUR-OWN-PASSWORD

mysql> select id,name,mail from accounts;
Find your ID by the above command, and then and execute the following SQL to your ID.
mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(YOUR-ACCOUNT-ID, 1, 1, NOW(), NOW());

Example)
mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 1, 1, NOW(), NOW());
Registration of SP

By the following commands, SP information which if a part of the federaton member will be registered in the sp_hosts table of the database.

  • .

    コード ブロック
    $ mysql -u vouser vo -pYOUR-OWN-PASSWORD

mysql> select id,name,mail from accounts;
Find your ID by the above command, and then and execute the following SQL to your ID.
mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(YOUR-ACCOUNT-ID, 1, 1, NOW(), NOW());

Example)
mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 1, 1, NOW(), NOW());
Registration of IdP administrators

By the following commands, will be registered IdP administrators.

コード ブロック
$ cd /usr/local/map/cake/console
$ ./cake -app /usr/local/map/app idp_administrator /path/to/somewhere/idp_administrator.tsv

/path/to/somewhere/idp_administrator.tsv must be created in the format below.

コード ブロック
#Example
#eppn	eptid	entityID
XXX@nii.ac.jp		https://test-idp.gakunin.nii.ac.jp/idp/shibboleth
Registration of organizations

By the following commands, organization which if a part of the federaton member will be registered.

コード ブロック
$ cd /usr/local/map/cake/console
$ ./cake -app /usr/local/map/app organization /var/cache/shibboleth/federation-metadata.xml
Registration of SP administrators

By the following commands, will be registered SP administrators.

コード ブロック
$ cd /usr/local/map/cake/console
$ ./cake -app /usr/local/map/app sp_administrator /path/to/somewhere/sp_administrator.tsv

/path/to/somewhere/sp_administrator.tsv must be created in the format below.

コード ブロック
#Example
#eppn	eptid	entityID
XXX@nii.ac.jp		https://test-sp.gakunin.nii.ac.jp/shibboleth-sp
Registration of SP

By the following commands, SP information which if a part of the federaton member will be registered.

コード ブロック
$ cd /usr/local/map/cake/console
$ ./cake -app /usr/local/map/app sp_host /var/cache/shibboleth/federation-metadata.xml
Registration of IdP groups

By the following commands, IdP groups which if a part of the federaton member will be registered.

コード ブロック
$ cd /usr/local/map/cake/console
$ ./cake -app /usr/local/map/app idp_group_creator /var/cache/shibboleth/federation-metadata.xml
Registration of SP connectors

By the following commands, IdP groups which if a part of the federaton member will be registered.

コード ブロック
$ cd /usr/local/map/cake/console
$ ./cake -app /usr/local/map/app sp_connector_creator /var/cache/shibboleth/federation-metadata.xml test-map
Notify the administrator via mail

Notify the administrator when applying to join the group.

  • /usr/local/map/shell/map_inspect

    Modify URL for your servers.

    コード ブロック
      # example
  wget --spider --no-check-certificate https://localhost/map/batch_inspects/batch?mapurl=https%3a%2f%2fcg%2egakunin%2ejp%2fmap%2f > /dev/null 2>&1

  • Set crontab for /usr/cron.d/map_inspect

    コード ブロック
    # example) Nofity every 10 minutes
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
01,11,21,31,41,51 * * * * root /usr/local/map/shell/map_inspect

Validation

Authentication

Confirm the authentication page after accessing to the following URL.
https://HOST-NAME-OF-THIS-SERVER/secure/attr.php

SP

After integrating the metadata of this IdP into the related SPs and enable SimpleAggregation AttributeResolver, you can check the connecting test.

Advanced Configuration

Clustering

If you want to run on multiple servers to set the following.

Application Configuration File

  • /usr/local/map/app/config/database.php
    In the 'host' => '',  set the host of database server.

    コード ブロック
    languagediff
    titledatabase.php
    @@ -76,9 +76,9 @@
        var $default = array(
                'driver' => 'mysql',
                'persistent' => false,
-               'host' => 'localhost',
+               'host' => 'YOUR-DATABASE-SERVER',
                'login' => 'vouser',
                'password' => 'xxxxx',
                'database' => 'vo',

  • /usr/local/map/app/config/core.php

    Configure to use a database to store the session.

    コード ブロック
    languagediff
    titlecore.php
    @@ -124,7 +124,7 @@
  * the cake shell command: cake schema create Sessions
  *
  */
-       Configure::write('Session.save', 'map');
+       Configure::write('Session.save', 'database');
 /**
  * The model name to be used for the session model.
@@ -133,7 +133,7 @@
  *
  * The model name set here should *not* be used elsewhere in your application.
  */
-       //Configure::write('Session.model', 'Session');
+       Configure::write('Session.model', 'Session');
 /**
  * The name of the table used to store CakePHP database sessions.
@@ -147,14 +147,14 @@
  *
  * [Note: Session.table is deprecated as of CakePHP 1.3]
  */
-       //Configure::write('Session.table', 'cake_sessions');
+       Configure::write('Session.table', 'cake_sessions');
 /**
  * The DATABASE_CONFIG::$var to use for database session handling.
  *
  * 'Session.save' must be set to 'database' in order to utilize this constant.
  */
-       //Configure::write('Session.database', 'default');
+       Configure::write('Session.database', 'default');

  • /usr/local/map/cake/libs/cake_session.php
    Modify value of 'session.cookie_lifetime' to 0 if deleting cookie when closed browser.

    コード ブロック
    languagediff
    titlecake_session.php
    @@ -513,7 +513,7 @@ class CakeSession extends Object {
                                                ini_set('session.serialize_handler', 'php');
                                                ini_set('session.use_cookies', 1);
                                                ini_set('session.name', Configure::read('Session.cookie'));
-                                               ini_set('session.cookie_lifetime', $this->cookieLifeTime);
+                                               ini_set('session.cookie_lifetime', 0);
                                                ini_set('session.cookie_path', $this->path);
                                                ini_set('session.auto_start', 0);
                                        }
Create sessions table
code
コード ブロック
languagebash
$ cd /usr/local/map/cake/console
$ ./cake schema -app /usr/local/map/app sp_host /var/cache/shibboleth/federation-metadata.xmlcreate sessions
Shibboleth Configuration File

Add the SP manually

Register the SP which is not a member of the federation

If you would like to register the SP which is not a member of the federation, it’s easy to add the SP in the /var/cache/shibboleth/federation-metadata.xml and then execute the above command.

...

コード ブロック
$ mysql -u vouser vo -pYOUR-OWN-PASSWORD


Obtain ID by searching SP Connector
mysql> select id, name from groups where sp = 1;


Set ID for SP Connector in the following SQL and then execute.
mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\
language,organization,created,modified) values(FOUND-ID, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW());


Example)
select id, name from groups where sp = 1;
+----+-------------------------+
| id | name                    |
+----+-------------------------+
|  2 | xxxxxxx                 |
|  3 | yyyyyyy                 |
|  4 | zzzzzzz                 |
mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\
language,organization,created,modified) values(2, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW());
mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\
language,organization,created,modified) values(3, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW());
mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\
language,organization,created,modified) values(4, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW());

Importing the Account Data from the Existing Database

If there exist the data in the existing database, it can be imported by means of TSV file.

...

コード ブロック
$ export TERM=vt100
$ cd /usr/local/map/cake/console
$ ./cake -app /usr/local/map/app kyoto_u_ac_jp_import [TSV-FILE-NAME] [IdP-ENTITY-ID]

Example 1)Normal Execution
$ export TERM=vt100
$ cd /usr/local/map/cake/console
$ ./cake -app /usr/local/map/app kyoto_u_ac_jp_import \
/var/local/map/tmp/kyoto-u.ac.jp.sample.tsv \
https://authidp1.iimc.kyoto-u.ac.jp/idp/shibboleth

Example 2)Send Email after Execution
$ export TERM=vt100
$ cd /usr/local/map/cake/console
$ ./cake -app /usr/local/map/app kyoto_u_ac_jp_import \
/var/local/map/tmp/kyoto-u.ac.jp.sample.tsv \
https://authidp1.iimc.kyoto-u.ac.jp/idp/shibboleth | mail -s "Import Result" EMAIL-ADDRESS

 

Validation

Authentication

Confirm the authentication page after accessing to the following URL.
https://HOST-NAME-OF-THIS-SERVER/secure/attr.php

SP

After integrating the metadata of this IdP into the related SPs and enable SimpleAggregation AttributeResolver, you can check the connecting test.

...