Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
docpublic:systemes:shibboleth:idpv2x [2014/05/14 08:58]
procacci@tem-tsp.eu [changement de domain]
docpublic:systemes:shibboleth:idpv2x [2014/05/19 14:00] (current)
procacci@tem-tsp.eu [publication des metadata]
Line 1735: Line 1735:
 ==== publication des metadata ==== ==== publication des metadata ====
  
-changement des informations dans le guicher Renater : federation.renater.fr/registry+il faut modifier les metadata de notre propre IDP :  /opt/shibboleth-idp/metadata/idp-metadata.xml 
 + 
 +  * modifier l'entityID (si changement, pas necessairement recommandé !) 
 +  * modifier les URL d'acces aux services 
 +  * modifier l'enumeration du certificat 
 + 
 +<code> 
 +$ vim /opt/shibboleth-idp/metadata/idp-metadata.xml 
 +... 
 +< MIIDLDCCAhSgAwIBAgIVANglo+Sutu51HUayHY5NWsVctK5OMA0GCSqGSIb3DQEB 
 +< BQUAMBsxGTAXBgNVBAMTEGlkcG10LnRlbS10c3AuZXUwHhcNMTQwNTE5MTEzMTQ4 
 +... 
 +--- 
 +> MIIDSDCCAjCgAwIBAgIVAOcj4Pu5khNxBuX5dSD5nr6TeIUhMA0GCSqGSIb3DQEB 
 +> BQUAMCIxIDAeBgNVBAMTF3NoaWJpZHAzLml0LXN1ZHBhcmlzLmV1MB4XDTExMDkw 
 +... 
 +<         <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idpr.tem-tsp.eu/idp/profile/Shibboleth/SSO"/> 
 +--- 
 +>         <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibidp1.it-sudparis.eu/idp/profile/Shibboleth/SSO"/> 
 +... 
 +<         <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idpr.tem-tsp.eu:8443/idp/profile/SAML2/SOAP/AttributeQuery"/> 
 +--- 
 +>         <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://shibidp1.it-sudparis.eu:8443/idp/profile/SAML2/SOAP/AttributeQuery"/> 
 + 
 +</code> 
 + 
 +il faut aussi appliquer le changement des informations dans le guicher Renater : federation.renater.fr/registry
  
 onglet informations techinques => URL et certificat onglet informations techinques => URL et certificat
  
 +
 +
 +==== Filtre CAS ====
 +
 +quand on utilise un filtre CAS, il faut penser à l'URL de retour au service qui est au nom de notre IDP, donc changer le hostname là aussi !
 +
 +dans /usr/local/shibboleth-identityprovider-2.4.0/src/main/webapp/WEB-INF/web.xml
 +
 +<code>
 +<context-param>
 +<param-name>serverName</param-name>
 +<param-value>https://idpr.tem-tsp.eu</param-value>
 +</context-param>
 +</code>
 +
 +relancer install.sh pour deployer ce nouveau web.xml en prenant garde de ne pas ecraser le configuration actuelle .
docpublic/systemes/shibboleth/idpv2x.1400057886.txt.gz · Last modified: 2014/05/14 08:58 by procacci@tem-tsp.eu
[unknown link type]Back to top
CC Attribution-Noncommercial-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0