目次 |
---|
添付ファイル |
---|
Purpose
The purpose of this document is to install and validate the (global) mAP environment.
...
Software Name | Version | Notes |
CentOS (64bit) | 67.52 | Operating System |
Shibboleth-SP | 2.5.3 (*1)5 | Service Provider |
Shibboleth-IdP | 2.4.05 | Identity Provider |
Apache HTTP Server | 2.2.15 4 (*1) | WEB Server |
Java | JDK OpenJDK 7 Update 45 or openjdk 1.60.085 | IdP Executable Environment |
Apache Tomcat | 67.0.24 54 (*1) | Servlet Container |
MySQLMariaDB | 5.15.71 44 (*1) | Relational Database |
Postfix | 2.6.6 10 (*1) | Mail Transfer Agent |
PHP | 5.34.3 16 (*1) | Programing Language |
*1 Latest version of yum package as of 20142015/2/2829
Installing Shibboleth SP
...
In addition to Shibboleth IdP, Java and Tomcat should be installed as well. Please setup these environment as well.
Installing and Setting Up
...
MariaDB
Install MySQL MariaDB by using following command.
コード ブロック |
---|
$ sudo yum install mysqlmariadb-server |
* If the MySQL MariaDB has already been installed as the initial component, you can skip this process.
...
コード ブロック |
---|
[mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock user=mysql symbolic-links=0 old_passwords=1 default-character-set-server = utf8 [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid [mysql] default-character-set-server = utf8 |
Execute
コード ブロック |
---|
$ sudo /etc/init.d/mysqldsystemctl start mariadb.service $ sudo chkconfigsystemctl mysqldenable onmariadb.service |
Create Database
コード ブロック |
---|
$ mysql -u root CREATE DATABASE vo; GRANT ALL PRIVILEGES ON vo.* TO 'vouser'@'localhost' IDENTIFIED BY 'YOUR OWN PASSWORD'; |
...
コード ブロック |
---|
$ sudo yum install php $ sudo yum install php-devel php-gd php-mbstring php-pdo $ sudo yum install php-mysql php-xml $ sudo /etc/init.d/httpd restartsystemctl restart httpd.service |
Setting Up Timezone
Add timezone in /etc/php.ini . Parameter “Asia/Tokyo” should be changed depending on your local time.
...
コード ブロック |
---|
/etc/postfix/main.cf |
Execute
コード ブロック |
---|
$ sudo /etc/init.d/postfixsystemctl start postfix.service $ sudo systemctl chkconfigenable postfix on.service |
Installing Attribute Provider (SP)
...
attribute-map.xml
Add the following line or make sure sureisMemberOf
attribute attribute is recognized.コード ブロック language xml <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" id="isMemberOf"/>
attribute-policy.xml
Add the following rule before beforeattributeID="*"
line line.コード ブロック language xml <!-- isMemberOf --> <afp:AttributeRule attributeID="isMemberOf"> <afp:PermitValueRule xsi:type="AttributeIssuerString" value="https://[Host Name of the SP]/idp/shibboleth"/> </afp:AttributeRule>
Modify “[Host Name of the SP]” to this server host name.
shibboleth2.xml
Add MetadataProvider.コード ブロック language xml <!-- Example of locally maintained metadata. --> <!-- Metadata of this IdP --> <MetadataProvider type="XML" file="/opt/shibboleth-idp/metadata/idp-metadata.xml"/>
And add SimpleAggregation AttributeResolver after after
<AttributeResolver type="Query" subjectMatch="true"/>
line.コード ブロック <!-- Uses eduPersonPrincipalName from IdP to query, and asks for isMemberOf. --> <AttributeResolver type="SimpleAggregation" attributeId="eppn" format="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"> <Entity>https://[Host Name of the IdP]/idp/shibboleth</Entity> </AttributeResolver>
Modify “[Host Name of the IdP]” to this server host name.
- embedded-wayf_config.js
Modify “Host Name of the SP” to the name of this server.
Values in wayf_additional_idps also have to be changed.
Instead, you can use your own embedded DS in inapp/views/pages/home.ctp
.
...
- Store the metadata of the SP of this server in the following location.
/etc/shibboleth/metadata/sp-metadata.xml - Store the metadata of this IdP of this server in the following location.
/opt/shibboleth-idp/metadata/idp-metadata.xml
* shibd have to be restarted after the “10. Installing Attribute Provider (IdP)”since the metadata of the IdP is not yet generated at this moment. - Federation Metadata
If required, federation metadata have to be included by the shibboleth2.xml configuration.
Restart
コード ブロック |
---|
$ sudo /etc/init.d/shibd restart$ sudo /etc/init.d/httpd restartsystemctl restart shibd.service $ sudo systemctl restart httpd.service |
Installing Attribute Provider (IdP)
...
Please contact GakuNin Office if authentication is required. https://devmariadb.mysql.com/downloadsmy_portal/connector/j/ Please download trustany-ssl-1.0.x.jar from wiki.shibboleth.net: |
Modify Configuration
- attribute-resolver.xml
Modify“SALT”to appropriate random values.
Setup database password to be the same one with “6. Installing and Setting Up MySQL”MariaDB.
Modify “Host name of the IdP” to this server host name. relying-party.xml
Add MetadataProvider for SP which utilize this mAP system.コード ブロック language xml <metadata:MetadataProvider id="SP" xsi:type="metadata:ResourceBackedMetadataProvider"> <metadata:MetadataResource xsi:type="resource:FilesystemResource" file="/etc/shibboleth/metadata/sp-metadata.xml" /> </metadata:MetadataProvider>
...
- The metadata of this SP has already been stored in the following location.
/etc/shibboleth/metadata/sp-metadata.xml - Store the metadata of this IdP in the following location.
/opt/shibboleth-idp/metadata/idp-metadata.xml
Deployment of the
...
MariaDB driver
コード ブロック |
---|
$ sudo cp mysqlmariadb-connectorjava-javaclient-51.13.xx-binx.jar \ [TOMCAT install directory]/webapps/idp/WEB-INF/lib/. $ sudo cp mysqlmariadb-connectorjava-javaclient-51.13.xx-binx.jar /opt/shibboleth-idp/lib/. |
...
Create table for StoredID in the MySQL MariaDB database.
https://meatwiki.nii.ac.jp/confluence/display/GakuNinShibInstall/StoredID
“4. Create table in the database (In case of MySQLMariaDB)”
コード ブロック |
---|
$ mysql -u root vo mysql> put SQL commands here. |
Deployment of the trustany-ssl
コード ブロック |
---|
$ sudo cp trustany-ssl-1.0.x.jar [TOMCAT install directory]/lib/.
|
Back Channel
Configure for back channel by referring to the following instruction.
Create credential
コード ブロック |
---|
# cd /opt/shibboleth-idp/credentials # UMASKORIG="`umask`" ; umask 0077 # openssl pkcs12 -export -out pkcs12server.p12 -in idp.crt -inkey idp.key -name HOST-NAME-OF-THIS-SERVER Enter Export Password: YOUR-OWN-PASSOWRD Verifying - Enter Export Password: YOUR-OWN-PASSWORD # keytool -importkeystore -srckeystore pkcs12.p12 -destkeystore keystore.jks \ -srcstoretype pkcs12 -deststoretype jks -srcalias HOST-NAME-OF-THIS-SERVER \ -destalias HOST-NAME-OF-THIS-SERVER -storepass YOUR-OWN-PASSOWRD Enter source keystore password: YOUR-OWN-PASSOWRD keystore.jks will be generated. # rm pkcs12.p12 # chmod 600 /opt/shibboleth-idp/credentials/keystore.jks |
* This instruction assume IdP certificate as idp.crt and idp.key.
Back Channel Port
Enable 8443 port in the server.xml of Tomcat configuration file.
Server.xml can be found in the following location if the Tomcat was installed by using yum
コード ブロック |
---|
/usr/share/tomcat6/conf/server.xml |
Add following configuration.
umask "$UMASKORIG"
|
* This instruction assume IdP certificate as idp.crt and idp.key.
Back Channel Port
Enable 8443 port in the server.xml of Tomcat configuration file.
Server.xml can be found in the following location if the Tomcat was installed by using yum
コード ブロック |
---|
/usr/share/tomcat/conf/server.xml |
Add following configuration.
コード ブロック |
---|
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150"
SSLEnabled="true"
scheme="https"
maxPostSize="100000 |
コード ブロック |
<Connector port="8443" maxHttpHeaderSize="8192secure="true" maxSpareThreadsclientAuth="75want" scheme="httpssslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" secure="truekeystoreFile="/opt/shibboleth-idp/credentials/server.p12" clientAuthkeystorePass="wantYOUR-OWN-PASSWORD" SSLEnabledkeystoreType="truePKCS12" sslProtocol="TLS" keystoreFile="/opt/shibboleth-idp/credentials/keystore.jks" keystorePass="YOUR-OWN-PASSWORD" truststoreFile="/opt/shibboleth-idp/credentials/keystore.jks" truststorePass="YOUR-OWN-PASSWORD" truststoreAlgorithm="DelegateToApplication"/> |
Deployment
コード ブロック |
---|
$ sudo /etc/init.d/tomcat6 stop
$ sudo /etc/init.d/tomcat6 start
Restart SP as well in order to include the metadata of newly configured IdP.
$ sudo /etc/init.d/shibd restart
$ sudo /etc/init.d/httpd restart |
Installing the Application
Download files from the following URL.
Please contact GakuNin Office if authentication is required. |
Deployment
コード ブロック |
---|
$ unzip map.zip
$ sudo mv map /usr/local/. |
Initial Setting
trustManagerClassName="net.shibboleth.utilities.ssl.TrustAnyCertificate" /> |
Deployment
コード ブロック |
---|
$ sudo systemctl restart tomcat.service
Restart SP as well in order to include the metadata of newly configured IdP.
$ sudo systemctl restart shibd.service
$ sudo systemctl restart httpd.service |
Installing the Application
Download files from the following URL.
Please contact GakuNin Office if authentication is required. |
Deployment
コード ブロック |
---|
$ unzip cloudgateway-1.0.zip
$ sudo mv map /usr/local/. |
Initial Setting
コード ブロック |
---|
# Announce Information
$ cd /usr/local/map
$ mkdir -p app/webroot/tmp/
$ touch app/webroot/tmp/announce.txt
$ sudo chown -R apache.apache app/webroot/tmp
# Adjust permissions
$ sudo chown -R apache.apache /usr/local/map/app/tmp
$ sudo chmod +x /usr/local/map/cake/console/cake
$ sudo chmod +x /usr/local/map/app/vendors/shells/*.php
$ sudo chmod -R 777 /usr/local/map/app/tmp/cache
# Group Icons
$ sudo mkdir -p app/tmp/uploads/group/original
$ sudo mkdir -p app/tmp/uploads/group/thumbnails/{20,50,100,200}
$ sudo mkdir -p app/tmp/uploads/group/temp
$ sudo mkdir -p app/tmp/uploads/sp_group/thumbnails/64 |
コード ブロック |
# Announce Information $ cd /usr/local/map $ mkdir -p app/webroot/tmp/ $ touch app/webroot/tmp/announce.txt $ sudo chown -R apache.apache app/webroottmp/tmp uploads # Adjust permissionsDeletion of Log Files and Cache Files $ sudo chownrm -R apache.apache /usr/local/map/app/tmprf app/tmp/cache/models/* $ sudo chmodrm +x-rf app/usrtmp/localcache/map/cake/console/cakepersistent/* $ sudo chmodrm +x-rf app/usrtmp/local/map/app/vendors/shellscache/views/*.php $ sudo chmodrm -R 777 /usr/local/map/rf app/tmp/logs/cache* # Copy of GroupConfiguration IconsFiles $ sudocp mkdir -p app/tmp/uploads/group/originalconfig/database.template.php app/config/database.php $ sudocp mkdir -p app/tmp/uploads/group/thumbnails $ sudo mkdir -p app/tmp/uploads/group/temp $ sudo chown -R apache.apache app/tmp/uploads/groupconfig/core.template.php app/config/core.php # Put random data on 'Security.salt' and 'Security.cipherSeed' in core.php. $ vi app/config/core.php # Deletion of LogFiles Filesfor andDevelopment Cache(if Filesexist) $ sudo rm -rf app/tmp/cache/models/* $ sudo rm -rf app/tmp/cache/persistent/* $ sudo rm -rf app/tmp/cache/views/* $ sudo rm -rf app/tmp/logs/* # Copy of Configuration Files $ cp app/config/database.template.php app/config/database.php $ cp app/config/core.template.php app/config/core.php # Put random data on 'Security.salt' and 'Security.cipherSeed' in core.php. $ vi app/config/core.php # Deletion of Files for Development (if exist) $ rm app/config/local.php |
Configuration of httpd.conf
Include following configuration in /etc/httpd/conf/httpd.conf
コード ブロック |
---|
<VirtualHost _default_:80>
Redirect permanent / https://[HOST-NAME-OF-THIS-SERVER]/
</VirtualHost>
Alias /map "/usr/local/map"
<Directory "/usr/local/map">
Order allow,deny
Allow from all
Options ExecCGI FollowSymLinks
AllowOverride All
</Directory>
<Location "/map">
AuthType shibboleth
ShibRequestSetting requireSession 0
require shibboleth
</Location>
|
Restart
コード ブロック |
---|
$ sudo /etc/init.d/httpd stop
$ sudo /etc/init.d/httpd start |
Database Configuration
コード ブロック |
---|
$ mysql -u root vo < /usr/local/map/ddl/ddl.sql
$ mysql -u root vo < /usr/local/map/ddl/alter.sql
$ mysql -u root vo < /usr/local/map/ddl/index.sql
$ mysql -u root vo < /usr/local/map/ddl/init_system_admin.sql
$ mysql -u root vo
Open /usr/local/map/ddl/stored_procedure.sql and copy & paste the contents. |
Application Configuration File
config/local.php |
Configuration of httpd.conf
Include following configuration in /etc/httpd/conf/httpd.conf
コード ブロック |
---|
<VirtualHost _default_:80>
Redirect permanent / https://[HOST-NAME-OF-THIS-SERVER]/
</VirtualHost>
Alias /map "/usr/local/map"
<Directory "/usr/local/map">
Order allow,deny
Allow from all
Options ExecCGI FollowSymLinks
AllowOverride All
</Directory>
<Location "/map">
AuthType shibboleth
ShibRequestSetting requireSession 0
require shibboleth
</Location>
|
Restart
コード ブロック |
---|
$ sudo systemctl restart httpd.service |
Database Configuration
コード ブロック |
---|
$ mysql -u root vo < /usr/local/map/ddl/ddl.sql
$ mysql -u root vo < /usr/local/map/ddl/alter.sql
$ mysql -u root vo < /usr/local/map/ddl/index.sql
$ mysql -u root vo < /usr/local/map/ddl/init_system_admin.sql
$ mysql -u root vo
Open /usr/local/map/ddl/stored_procedure.sql and copy & paste the contents. |
Application Configuration File
- /usr/local/map/app/config/database.php
In the 'password' => '', set the password defined at “6. Installing and Setting Up MariaDB” - /usr/local/map/app/config/mail.php
In the 'host' => '', set the SMTP server.
In the $from, $this->from, set the FROM address of the email which will be send from this server.
In the $footer_jp_map, $footer_jp_test, $footer_eng_map and $footer_eng_test, modify to the appropriate sentences as you want. - /usr/local/map/app/config/system.php
In the "host" and the host of "loginlink" in $config["production"], $config["test"], set the host name of this server. Registration of System Administrator
Create a- /usr/local/map/app/config/database.php
In the 'database' => '', set the password defined at “6. Installing and Setting Up MySQL” - /usr/local/map/app/config/mail.php
In the 'host' => '', set the SMTP server.
In the $from, $this->from, set the FROM address of the email which will be send from this server.
In the $footer_jp_map, $footer_jp_test, $footer_eng_map and $footer_eng_test, modify to the appropriate sentences as you want. - /usr/local/map/app/config/system.php
In the "host" and the host of "loginlink" in $config["production"], $config["test"], set the host name of this server. Registration of System Administrator
Create a new account by accessing to the following URL.
https://HOTS-NAME-OF-THIS-SERVER/map/
After selecting the IdP and then login, create a new account.
Register the Administrator of the Database.コード ブロック $ mysql -u vouser vo -pYOUR-OWN-PASSWORD mysql> select id,name,mail from accounts; Find your ID by the above command, and then and execute the following SQL to your ID. mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(YOUR-ACCOUNT-ID, 1, 1, NOW(), NOW()); Example) mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 1, 1, NOW(), NOW());
Registration of SP
By the following commands, SP information which if a part of the federaton member will be registered in the sp_hosts table of the database.
.
コード ブロック $ mysql -u vouser vo -pYOUR-OWN-PASSWORD mysql> select id,name,mail from accounts; Find your ID by the above command, and then and execute the following SQL to your ID. mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(YOUR-ACCOUNT-ID, 1, 1, NOW(), NOW()); Example) mysql> insert into mygroups(account_id, groupid, admin, created, modified) values(1, 1, 1, NOW(), NOW());
Registration of IdP administrators
By the following commands, will be registered IdP administrators.
コード ブロック |
---|
$ cd /usr/local/map/cake/console
$ ./cake -app /usr/local/map/app idp_administrator /path/to/somewhere/idp_administrator.tsv |
/path/to/somewhere/idp_administrator.tsv must be created in the format below.
コード ブロック |
---|
#Example
#eppn eptid entityID
XXX@nii.ac.jp https://test-idp.gakunin.nii.ac.jp/idp/shibboleth |
Registration of organizations
By the following commands, organization which if a part of the federaton member will be registered.
コード ブロック |
---|
$ cd /usr/local/map/cake/console
$ ./cake -app /usr/local/map/app organization /var/cache/shibboleth/federation-metadata.xml |
Registration of SP administrators
By the following commands, will be registered SP administrators.
コード ブロック |
---|
$ cd /usr/local/map/cake/console
$ ./cake -app /usr/local/map/app sp_administrator /path/to/somewhere/sp_administrator.tsv |
/path/to/somewhere/sp_administrator.tsv must be created in the format below.
コード ブロック |
---|
#Example
#eppn eptid entityID
XXX@nii.ac.jp https://test-sp.gakunin.nii.ac.jp/shibboleth-sp |
Registration of SP
By the following commands, SP information which if a part of the federaton member will be registered.
コード ブロック |
---|
$ cd /usr/local/map/cake/console
$ ./cake -app /usr/local/map/app sp_host /var/cache/shibboleth/federation-metadata.xml |
Registration of IdP groups
By the following commands, IdP groups which if a part of the federaton member will be registered.
コード ブロック |
---|
$ cd /usr/local/map/cake/console
$ ./cake -app /usr/local/map/app idp_group_creator /var/cache/shibboleth/federation-metadata.xml |
Registration of SP connectors
By the following commands, IdP groups which if a part of the federaton member will be registered.
コード ブロック |
---|
$ cd /usr/local/map/cake/console
$ ./cake -app /usr/local/map/app sp_connector_creator /var/cache/shibboleth/federation-metadata.xml test-map |
Notify the administrator via mail
Notify the administrator when applying to join the group.
/usr/local/map/shell/map_inspect
Modify URL for your servers.
コード ブロック # example wget --spider --no-check-certificate https://localhost/map/batch_inspects/batch?mapurl=https%3a%2f%2fcg%2egakunin%2ejp%2fmap%2f > /dev/null 2>&1
Set crontab for /usr/cron.d/map_inspect
コード ブロック # example) Nofity every 10 minutes SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin 01,11,21,31,41,51 * * * * root /usr/local/map/shell/map_inspect
Validation
Authentication
Confirm the authentication page after accessing to the following URL.
https://HOST-NAME-OF-THIS-SERVER/secure/attr.php
SP
After integrating the metadata of this IdP into the related SPs and enable SimpleAggregation AttributeResolver, you can check the connecting test.
Advanced Configuration
Clustering
If you want to run on multiple servers to set the following.
Application Configuration File
/usr/local/map/app/config/database.php
In the 'host' => '', set the host of database server.コード ブロック language diff title database.php @@ -76,9 +76,9 @@ var $default = array( 'driver' => 'mysql', 'persistent' => false, - 'host' => 'localhost', + 'host' => 'YOUR-DATABASE-SERVER', 'login' => 'vouser', 'password' => 'xxxxx', 'database' => 'vo',
/usr/local/map/app/config/core.php
Configure to use a database to store the session.
コード ブロック language diff title core.php @@ -124,7 +124,7 @@ * the cake shell command: cake schema create Sessions * */ - Configure::write('Session.save', 'map'); + Configure::write('Session.save', 'database'); /** * The model name to be used for the session model. @@ -133,7 +133,7 @@ * * The model name set here should *not* be used elsewhere in your application. */ - //Configure::write('Session.model', 'Session'); + Configure::write('Session.model', 'Session'); /** * The name of the table used to store CakePHP database sessions. @@ -147,14 +147,14 @@ * * [Note: Session.table is deprecated as of CakePHP 1.3] */ - //Configure::write('Session.table', 'cake_sessions'); + Configure::write('Session.table', 'cake_sessions'); /** * The DATABASE_CONFIG::$var to use for database session handling. * * 'Session.save' must be set to 'database' in order to utilize this constant. */ - //Configure::write('Session.database', 'default'); + Configure::write('Session.database', 'default');
/usr/local/map/cake/libs/cake_session.php
Modify value of 'session.cookie_lifetime' to 0 if deleting cookie when closed browser.コード ブロック language diff title cake_session.php @@ -513,7 +513,7 @@ class CakeSession extends Object { ini_set('session.serialize_handler', 'php'); ini_set('session.use_cookies', 1); ini_set('session.name', Configure::read('Session.cookie')); - ini_set('session.cookie_lifetime', $this->cookieLifeTime); + ini_set('session.cookie_lifetime', 0); ini_set('session.cookie_path', $this->path); ini_set('session.auto_start', 0); }
Create sessions table
コード ブロック | ||
---|---|---|
| ||
$ cd /usr/local/map/cake/console $ ./cake schema -app /usr/local/map/app sp_host /var/cache/shibboleth/federation-metadata.xmlcreate sessions |
Shibboleth Configuration File
/opt/shibboleth-idp/conf/attribute-resolver.xml
Modify the host part of the jdbcURL in <dc:ApplicationManagedConnection> elements./etc/shibboleth/shibboleth2.xml
Add the <TCPListener> element. Please see below URL for more information of <TCPListener>.https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPTCPListener
Add the SP manually
Register the SP which is not a member of the federation
If you would like to register the SP which is not a member of the federation, it’s easy to add the SP in the /var/cache/shibboleth/federation-metadata.xml and then execute the above command.
...
コード ブロック |
---|
$ mysql -u vouser vo -pYOUR-OWN-PASSWORD Obtain ID by searching SP Connector mysql> select id, name from groups where sp = 1; Set ID for SP Connector in the following SQL and then execute. mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\ language,organization,created,modified) values(FOUND-ID, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW()); Example) select id, name from groups where sp = 1; +----+-------------------------+ | id | name | +----+-------------------------+ | 2 | xxxxxxx | | 3 | yyyyyyy | | 4 | zzzzzzz | mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\ language,organization,created,modified) values(2, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW()); mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\ language,organization,created,modified) values(3, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW()); mysql> insert into provide_attributes(group_id,ismemberof,eptid,name,mail,idp,introduction,\ language,organization,created,modified) values(4, 1, 1, 1, 1, 1, 1, 1, 1, NOW(),NOW()); |
Importing the Account Data from the Existing Database
If there exist the data in the existing database, it can be imported by means of TSV file.
...
コード ブロック |
---|
$ export TERM=vt100 $ cd /usr/local/map/cake/console $ ./cake -app /usr/local/map/app kyoto_u_ac_jp_import [TSV-FILE-NAME] [IdP-ENTITY-ID] Example 1)Normal Execution $ export TERM=vt100 $ cd /usr/local/map/cake/console $ ./cake -app /usr/local/map/app kyoto_u_ac_jp_import \ /var/local/map/tmp/kyoto-u.ac.jp.sample.tsv \ https://authidp1.iimc.kyoto-u.ac.jp/idp/shibboleth Example 2)Send Email after Execution $ export TERM=vt100 $ cd /usr/local/map/cake/console $ ./cake -app /usr/local/map/app kyoto_u_ac_jp_import \ /var/local/map/tmp/kyoto-u.ac.jp.sample.tsv \ https://authidp1.iimc.kyoto-u.ac.jp/idp/shibboleth | mail -s "Import Result" EMAIL-ADDRESS |
Validation
Authentication
Confirm the authentication page after accessing to the following URL.
https://HOST-NAME-OF-THIS-SERVER/secure/attr.php
SP
After integrating the metadata of this IdP into the related SPs and enable SimpleAggregation AttributeResolver, you can check the connecting test.
...