GakuNinShare

スペース ショートカット

子ページ
  • JPA StorageServiceからJDBC StorageServiceへのマイグレーション

Shibboleth IdP V5より、JPA StorageServiceが廃止されてJDBC StorageServiceに置き換わることがアナウンスされています。[1]

本ページでは、JPA StorageServiceからJDBC StorageServiceへのマイグレーション方法について説明します。各StorageServiceの詳細についてはShibboleth Projectのページをご参照ください。

1. JPA StorageService利用の確認

下記コマンドを実行して、Shibboleth IdPでJPA StorageServiceを利用しているか確認します。
grepコマンドの出力がない場合はJPA StorageServiceを利用していませんので、JDBC StorageServiceへのマイグレーションは必要ありません。

$ grep '^[^#].*JPAStorageService' /opt/shibboleth-idp/conf/idp.properties
idp.consent.StorageService = shibboleth.JPAStorageService

2. JDBC StorageServiceプラグインのインストール

  • Shibboleth IdP 4.2およびそれ以降の場合

    JDBC StorageServiceプラグインをインストールします。

    # /opt/shibboleth-idp/bin/plugin.sh -I net.shibboleth.plugin.storage.jdbc
INFO  - Including auto-located properties in bin/../conf/admin/admin.properties
INFO  - Including auto-located properties in bin/../conf/authn/authn.properties
INFO  - Including auto-located properties in bin/../conf/c14n/subject-c14n.properties
INFO  - Including auto-located properties in bin/../conf/ldap.properties
INFO  - Including auto-located properties in bin/../conf/services.properties
INFO  - Including auto-located properties in bin/../conf/saml-nameid.properties
Downloading from HTTPResource [http://shibboleth.net/downloads/identity-provider/plugins/jdbc/x.y.z/java-plugin-jdbc-storage-x.y.z.tar.gz]
Downloading from HTTPResource [http://shibboleth.net/downloads/identity-provider/plugins/jdbc/x.y.z/java-plugin-jdbc-storage-x.y.z.tar.gz.asc]
Plugin net.shibboleth.plugin.storage.jdbc: Trust store folder does not exist, creating
Plugin net.shibboleth.plugin.storage.jdbc: Trust store does not exist, creating
TrustStore does not contain signature 0x1483F262A4B3FF0
Accept this key:
Signature:      0x1483F262A4B3FF0
FingerPrint:    4AF4D83EEDDF43DA3C06CB3101483F262A4B3FF0
Username:       Rod Widdowson <rdw@steadingsoftware.com>
 [yN] y
Installing Plugin net.shibboleth.plugin.storage.jdbc version x.y.z
Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.2.1
Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
Overlay from /opt/shibboleth-idp/dist/plugin-webapp to /opt/shibboleth-idp/webpapp.tmp
Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
Creating war file /opt/shibboleth-idp/war/idp.war

# /opt/shibboleth-idp/bin/plugin.sh -l
INFO  - Including auto-located properties in bin/../conf/admin/admin.properties
INFO  - Including auto-located properties in bin/../conf/authn/authn.properties
INFO  - Including auto-located properties in bin/../conf/c14n/subject-c14n.properties
INFO  - Including auto-located properties in bin/../conf/ldap.properties
INFO  - Including auto-located properties in bin/../conf/services.properties
INFO  - Including auto-located properties in bin/../conf/saml-nameid.properties
Plugin: net.shibboleth.plugin.storage.jdbc      Current Version: x.y.z

  • Shibboleth IdP 4.1の場合

    最初に、JDBC StorageServiceプラグインの最新バージョンのURLを確認します。

    1. https://shibboleth.atlassian.net/wiki/spaces/IDPPLUGINS/pages/2989096970/JDBCStorageServiceにアクセスして、Plugin Installationにあるdownloadをクリックします。
    2. 最新のバージョンのディレクトリ x.y.zにアクセスします。(2022年11月末現在 1.0.4)
    3. java-plugin-jdbc-storage-x.y.z.tar.gzのURLを確認します。

    確認したURLを引数としてJDBC StorageServiceプラグインをインストールします。

    # /opt/shibboleth-idp/bin/plugin.sh -i http://shibboleth.net/downloads/identity-provider/plugins/jdbc/x.y.z/java-plugin-jdbc-storage-x.y.z.tar.gz
INFO  - Including auto-located properties in bin/../conf/admin/admin.properties
INFO  - Including auto-located properties in bin/../conf/authn/authn.properties
INFO  - Including auto-located properties in bin/../conf/c14n/subject-c14n.properties
INFO  - Including auto-located properties in bin/../conf/ldap.properties
INFO  - Including auto-located properties in bin/../conf/services.properties
INFO  - Including auto-located properties in bin/../conf/saml-nameid.properties
Downloading from HTTPResource [http://shibboleth.net/downloads/identity-provider/plugins/jdbc/x.y.z/java-plugin-jdbc-storage-x.y.z.tar.gz]
Downloading from HTTPResource [http://shibboleth.net/downloads/identity-provider/plugins/jdbc/x.y.z/java-plugin-jdbc-storage-x.y.z.tar.gz.asc]
Plugin net.shibboleth.plugin.storage.jdbc: Trust store folder does not exist, creating
Plugin net.shibboleth.plugin.storage.jdbc: Trust store does not exist, creating
TrustStore does not contain signature 0x1483F262A4B3FF0
Accept this key:
Signature:      0x1483F262A4B3FF0
FingerPrint:    4AF4D83EEDDF43DA3C06CB3101483F262A4B3FF0
Username:       Rod Widdowson <rdw@steadingsoftware.com>
 [yN] y
Installing Plugin net.shibboleth.plugin.storage.jdbc version x.y.z
Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.2.1
Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
Overlay from /opt/shibboleth-idp/dist/plugin-webapp to /opt/shibboleth-idp/webpapp.tmp
Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
Creating war file /opt/shibboleth-idp/war/idp.war

# /opt/shibboleth-idp/bin/plugin.sh -l
INFO  - Including auto-located properties in bin/../conf/admin/admin.properties
INFO  - Including auto-located properties in bin/../conf/authn/authn.properties
INFO  - Including auto-located properties in bin/../conf/c14n/subject-c14n.properties
INFO  - Including auto-located properties in bin/../conf/ldap.properties
INFO  - Including auto-located properties in bin/../conf/services.properties
INFO  - Including auto-located properties in bin/../conf/saml-nameid.properties
Plugin: net.shibboleth.plugin.storage.jdbc      Current Version: x.y.z

3. Shibboleth IdPの設定変更

JPA StorageServiceからJDBC StorageServiceにShibboleth IdPの設定を変更します。

  • /opt/shibboleth-idp/conf/global.xml

    /opt/shibboleth-idp/conf/global.xml
    @@ -14,24 +14,10 @@

     <!-- Use this file to define any custom beans needed globally. -->
-    <bean id="shibboleth.JPAStorageService"
-          class="org.opensaml.storage.impl.JPAStorageService"
+    <bean id="JDBCStorageService" parent="shibboleth.JDBCStorageService"
           p:cleanupInterval="%{idp.storage.cleanupInterval:PT10M}"
+          p:dataSource-ref="MyDataSource"
+          p:transactionIsolation="4"
+          p:retryableErrors="40001"
+    />
-          c:factory-ref="shibboleth.JPAStorageService.EntityManagerFactory" />
-
-    <bean id="shibboleth.JPAStorageService.EntityManagerFactory"
-          class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
-        <property name="persistenceUnitName" value="storageservice" />
-        <property name="packagesToScan" value="org.opensaml.storage.impl" />
-        <property name="dataSource" ref="MyDataSource" />
-        <property name="jpaVendorAdapter" ref="shibboleth.JPAStorageService.JPAVendorAdapter" />
-        <property name="jpaDialect">
-            <bean class="org.springframework.orm.jpa.vendor.HibernateJpaDialect" />
-        </property>
-    </bean>
-
-    <bean id="shibboleth.JPAStorageService.JPAVendorAdapter"
-          class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
-        <property name="database" value="MYSQL" />
-    </bean>

     <!-- A DataSource bean suitable for use in the idp.persistentId.dataSource property. -->
  • /opt/shibboleth-idp/conf/idp.properties

    上記 1.のgrepコマンドで出力された変数の値を shibboleth.JPAStorageService から JDBCStorageService に変更します。

    /opt/shibboleth-idp/conf/idp.properties
    @@ -142,5 +142,5 @@ idp.session.secondaryServiceIndex=true

 # Set to "shibboleth.StorageService" or custom bean for alternate storage of consent
-idp.consent.StorageService = shibboleth.JPAStorageService
+idp.consent.StorageService = JDBCStorageService

 # Default consent auditing formats

4. Jettyの再起動

Jettyを再起動します。

# systemctl restart jetty
  • ラベルがありません