Differences

This shows you the differences between two versions of the page.

--- docpublic:systemes:shibboleth:idpv3x [2017/02/01 14:04]
procacci@tem-tsp.eu [personaliser la page de login interne]
+++ docpublic:systemes:shibboleth:idpv3x [2019/01/02 21:57] (current)
procacci@tem-tsp.eu [SSO CAS]
@@ Line 7: / Line 7: @@
   * https://www.switch.ch/aai/guides/idp/installation/
   * https://spaces.internet2.edu/pages/viewpage.action?pageId=49841792#LinuxIdentityProviderIdPv3(Centos7)-5
+  * https://www.testshib.org/
 ===== contexte =====
@@ Line 20: / Line 21: @@
 <code>
-[root@idp3 ~]# cat /etc/redhat-release
+[root@idp34 ~]# cat /etc/redhat-release
-CentOS Linux release 7.1.1503 (Core)
+CentOS Linux release 7.6.1810 (Core)
 [root@idp3 ~]# arch
 x86_64
@@ Line 30: / Line 32: @@
 <code>
-[root@idp3 ~]# yum install java-1.8.0-openjdk-devel.x86_64
+[root@idp34 ~]# yum install java-1.8.0-openjdk-devel.x86_64
-Install  1 Package (+29 Dependent packages)
+Installation   1 Paquet (+33 Paquets en dépendance)
-Total download size: 46 M
+Taille totale des téléchargements : 48 M
-Installed size: 156 M
+Taille d'installation : 163 M
 Is this ok [y/d/N]: y
-Installed:
+Installé :
-  java-1.8.0-openjdk-devel.x86_64 1:1.8.0.65-2.b17.el7_1
+  java-1.8.0-openjdk-devel.x86_64 1:1.8.0.191.b12-1.el7_6
-Dependency Installed:
+Dépendances installées :
-  alsa-lib.x86_64 0:1.0.28-2.el7                                        fontconfig.x86_64 0:2.10.95-7.el7
+  alsa-lib.x86_64 0:1.1.6-2.el7                      copy-jdk-configs.noarch 0:3.3-10.el7_5
-  fontpackages-filesystem.noarch 0:1.44-8.el7                           freetype.x86_64 0:2.4.11-10.el7_1.1
+  dejavu-fonts-common.noarch 0:2.33-6.el7            dejavu-sans-fonts.noarch 0:2.33-6.el7
-  giflib.x86_64 0:4.1.6-9.el7                                           java-1.8.0-openjdk.x86_64 1:1.8.0.65-2.b17.el7_1
+  fontconfig.x86_64 0:2.13.0-4.3.el7                 fontpackages-filesystem.noarch 0:1.44-8.el7
-  java-1.8.0-openjdk-headless.x86_64 1:1.8.0.65-2.b17.el7_1             javapackages-tools.noarch 0:3.4.1-6.el7_0
+  freetype.x86_64 0:2.8-12.el7                       giflib.x86_64 0:4.1.6-9.el7
-  libICE.x86_64 0:1.0.8-7.el7                                           libSM.x86_64 0:1.2.1-7.el7
+  java-1.8.0-openjdk.x86_64 1:1.8.0.191.b12-1.el7_6  java-1.8.0-openjdk-headless.x86_64 1:1.8.0.191.b12-1.el7_6
-  libX11.x86_64 0:1.6.0-2.1.el7                                         libX11-common.noarch 0:1.6.0-2.1.el7
+  javapackages-tools.noarch 0:3.4.1-11.el7           libICE.x86_64 0:1.0.9-9.el7
-  libXau.x86_64 0:1.0.8-2.1.el7                                         libXext.x86_64 0:1.3.2-2.1.el7
+  libSM.x86_64 0:1.2.2-2.el7                         libX11.x86_64 0:1.6.5-2.el7
-  libXfont.x86_64 0:1.4.7-3.el7_1                                       libXi.x86_64 0:1.7.2-2.1.el7
+  libX11-common.noarch 0:1.6.5-2.el7                 libXau.x86_64 0:1.0.8-2.1.el7
-  libXrender.x86_64 0:0.9.8-2.1.el7                                     libXtst.x86_64 0:1.2.2-2.1.el7
+  libXcomposite.x86_64 0:0.4.4-4.1.el7               libXext.x86_64 0:1.3.3-3.el7
-  libfontenc.x86_64 0:1.1.1-5.el7                                       libjpeg-turbo.x86_64 0:1.2.90-5.el7
+  libXi.x86_64 0:1.7.9-1.el7                         libXrender.x86_64 0:0.9.10-1.el7
-  libpng.x86_64 2:1.5.13-5.el7                                          libxcb.x86_64 0:1.9-5.el7
+  libXtst.x86_64 0:1.2.3-1.el7                       libfontenc.x86_64 0:1.1.3-3.el7
-  libxslt.x86_64 0:1.1.28-5.el7                                         python-javapackages.noarch 0:3.4.1-6.el7_0
+  libjpeg-turbo.x86_64 0:1.2.90-6.el7                libpng.x86_64 2:1.5.13-7.el7_2
-  python-lxml.x86_64 0:3.2.1-4.el7                                      ttmkfdir.x86_64 0:3.0.9-41.el7
+  libxcb.x86_64 0:1.13-1.el7                         libxslt.x86_64 0:1.1.28-5.el7
-  tzdata-java.noarch 0:2015g-1.el7                                      xorg-x11-font-utils.x86_64 1:7.5-18.1.el7
+  lksctp-tools.x86_64 0:1.0.17-2.el7                 python-javapackages.noarch 0:3.4.1-11.el7
-  xorg-x11-fonts-Type1.noarch 0:7.5-9.el7
+  python-lxml.x86_64 0:3.2.1-4.el7                   ttmkfdir.x86_64 0:3.0.9-42.el7
+  tzdata-java.noarch 0:2018g-1.el7                   xorg-x11-font-utils.x86_64 1:7.5-21.el7
+  xorg-x11-fonts-Type1.noarch 0:7.5-9.el7
-Complete!
+Terminé !
 </code>
@@ Line 65: / Line 69: @@
 <code>
-[root@idp3 ~]# java -version
+[root@idp34 ~]# java -version
-openjdk version "1.8.0_65"
+openjdk version "1.8.0_191"
-OpenJDK Runtime Environment (build 1.8.0_65-b17)
+OpenJDK Runtime Environment (build 1.8.0_191-b12)
-OpenJDK 64-Bit Server VM (build 25.65-b01, mixed mode)
+OpenJDK 64-Bit Server VM (build 25.191-b12, mixed mode)
 </code>
@@ Line 75: / Line 80: @@
 <code>
 [root@idp3 ~]# yum install tomcat tomcat-admin-webapps
-Installation   2 Paquets (+20 Paquets en dépendance)
-Taille totale des téléchargements : 11 M
-Taille d'installation : 14 M
 Installé :
-  tomcat.noarch 0:7.0.54-2.el7_1                      tomcat-admin-webapps.noarch 0:7.0.54-2.el7_1
+  tomcat.noarch 0:7.0.76-8.el7_5                                                   tomcat-admin-webapps.noarch 0:7.0.76-8.el7_5
 </code>
@@ Line 135: / Line 135: @@
 http://idp3.tem-tsp.eu:8080/manager/html (login/pass definit plus haut)
-==== proxy-ajp =====
+==== proxy-ajp et TLS via apache =====
 mise en place d'un proxy ajp pour une gestion de TLS et ports par defaut (80/443) par apache
+il faut installer le mod_ssl d'apache pour disposer d'https
 <code>
-[root@idpmt3 ~]# cat /etc/httpd/conf.d/shibboleth.conf
+[root@idp34 tomcat]# yum install mod_ssl
+Installé :
+  mod_ssl.x86_64 1:2.4.6-88.el7.centos
+</code>
+et le configurer avec nos certificats
+<code>
+[root@idp34 certs]#grep ^SSL /etc/httpd/conf.d/ssl.conf | tail -3
+SSLCertificateFile /etc/pki/tls/certs/idp.imtbstsp_eu.pem
+SSLCertificateKeyFile /etc/pki/tls/private/idp.imtbstsp.key
+SSLCertificateChainFile /etc/pki/tls/certs/chain-dc-TR1-CA2-idp-imtbstsp.pem
+</code>
+enfin configurer le proxy-ajp pour rediriger les requetes https d'apache vers tomcat
+<code>
+[root@idp3' ~]# cat /etc/httpd/conf.d/shibboleth.conf
 ProxyPass /idp/ ajp://127.0.0.1:8009/idp/ retry=0
 ProxyPass /manager/ ajp://127.0.0.1:8009/manager/
@@ Line 149: / Line 167: @@
 http://idp3.tem-tsp.eu/manager/html
-===== TLS https =====
+puis en https via le proxy-ajp sans precision du port 443
-installation du module apache (frontal proxy ajp ) pour SSL/TLS
+https://idp3.tem-tsp.eu/manager/html
-<code>
-[root@idp3 ~]# yum install mod_ssl
-Installé :
-  mod_ssl.x86_64 1:2.4.6-40.el7.centos.1
-Terminé !
-</code>
-declarer le certificat et sa clé , wildcard possible
-<code>
-[root@idp3 ~]# grep ^SSL /etc/httpd/conf.d/ssl.conf | tail -3
-SSLCertificateFile /etc/pki/tls/certs/wild_tem-tsp_eu.crt
-SSLCertificateKeyFile /etc/pki/tls/private/wild_digicert2015_tem-tsp.key
-SSLCACertificateFile /etc/pki/tls/certs/DigiCertCA.crt
-</code>
-test
-https://idp3.tem-tsp.eu/manager/html
 ===== ntp ====
@@ Line 189: / Line 190: @@
 <code>
-[root@idp3 ~]# wget http://shibboleth.net/downloads/identity-provider/3.2.1/shibboleth-identity-provider-3.2.1.tar.gz
+[root@idp34 ~]# wget https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-3.4.2.tar.gz
-[root@idp3 ~]# mkdir /opt/src
+--2019-01-02 14:18:15--  https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-3.4.2.tar.gz
-[root@idp3 ~]# mv shibboleth-identity-provider-3.2.1.tar.gz /opt/src/
+[root@idp34 ~]# mkdir /opt/src
-[root@idp3 src]# tar xvfz shibboleth-identity-provider-3.2.1.tar.gz
+[root@idp34 ~]# mv shibboleth-identity-provider-3.4.2.tar.gz /opt/src/
-[root@idp3 src]# cd shibboleth-identity-provider-3.2.1/
+[root@idp34 ~]# cd /opt/src/ ; tar xvfz shibboleth-identity-provider-3.4.2.tar.gz
-[root@idp3 shibboleth-identity-provider-3.2.1]# ls
+[root@idp34 src]# cd shibboleth-identity-provider-3.4.2
-bin  conf  credentials  dist  doc  embedded  flows  LICENSE.txt  logs  messages  system  views  webapp
+[root@idp34 shibboleth-identity-provider-3.4.2]# ls
+bin  conf  credentials  doc  flows  LICENSE.txt  logs  messages  metadata  system  views  webapp
 </code>
@@ Line 204: / Line 205: @@
 <code>
-[root@idp3 shibboleth-identity-provider-3.2.1]# export JAVA_HOME=/usr/lib/jvm/java
+[root@idp34 shibboleth-identity-provider-3.4.2]# export JAVA_HOME=/usr/lib/jvm/java
-[root@idp3 shibboleth-identity-provider-3.2.1]# ./bin/install.sh
+[root@idp34 shibboleth-identity-provider-3.4.2]# ./bin/install.sh
-Source (Distribution) Directory: [/opt/src/shibboleth-identity-provider-3.2.1]
+Source (Distribution) Directory (press <enter> to accept default): [/opt/src/shibboleth-identity-provider-3.4.2]
 Installation Directory: [/opt/shibboleth-idp]
-Hostname: [localhost.localdomain]
+Hostname: [idp34.int-evry.fr]
-idp3.tem-tsp.eu
+idp3.imtbstsp.eu
-SAML EntityID: [https://idp3.tem-tsp.eu/idp/shibboleth]
+SAML EntityID: [https://idp3.imtbstsp.eu/idp/shibboleth]
-Attribute Scope: [localdomain]
+Attribute Scope: [int-evry.fr]
-tem-tsp.eu
+imtbstsp.eu
-Backchannel PKCS12 Password: glsecretidp
+Backchannel PKCS12 Password: O gl Back d
 Re-enter password:
-Cookie Encryption Key Password:
+Cookie Encryption Key Password: O gl Cookie d
-Password cannot be zero length
-Cookie Encryption Key Password: glsecretidp
 Re-enter password:
 Warning: /opt/shibboleth-idp/bin does not exist.
+Warning: /opt/shibboleth-idp/edit-webapp does not exist.
 Warning: /opt/shibboleth-idp/dist does not exist.
 Warning: /opt/shibboleth-idp/doc does not exist.
 Warning: /opt/shibboleth-idp/system does not exist.
-Warning: /opt/shibboleth-idp/webapp does not exist.
+Generating Signing Key, CN = idp3.imtbstsp.eu URI = https://idp3.imtbstsp.eu/idp/shibboleth ...
-Generating Signing Key, CN = idpmt3.tem-tsp.eu URI = https://idp3.tem-tsp.eu/idp/shibboleth ...
 ...done
-Creating Encryption Key, CN = idpmt3.tem-tsp.eu URI = https://idp3.tem-tsp.eu/idp/shibboleth ...
+Creating Encryption Key, CN = idp3.imtbstsp.eu URI = https://idp3.imtbstsp.eu/idp/shibboleth ...
 ...done
-Creating Backchannel keystore, CN = idpmt3.tem-tsp.eu URI = https://idp3.tem-tsp.eu/idp/shibboleth ...
+Creating Backchannel keystore, CN = idpr3.imtbs-tsp.eu URI = https://idp3.imtbstsp.eu/idp/shibboleth ...
 ...done
 Creating cookie encryption key files...
@@ Line 239: / Line 238: @@
 BUILD SUCCESSFUL
+Total time: 2 minutes 14 seconds
 </code>
@@ Line 244: / Line 245: @@
 <code>
-[root@idp3 shibboleth-identity-provider-3.2.1]# ls -l /opt/shibboleth-idp/credentials/
+[root@idp34 shibboleth-identity-provider-3.4.2]# ls -l /opt/shibboleth-idp/credentials/
 total 32
--rw-r--r-- 1 root root 1168 23 mai   22:14 idp-backchannel.crt
+-rw-r--r-- 1 root root 1517  2 janv. 14:23 idp-backchannel.crt
--rw-r--r-- 1 root root 2554 23 mai   22:14 idp-backchannel.p12
+-rw-r--r-- 1 root root 3399  2 janv. 14:23 idp-backchannel.p12
--rw-r--r-- 1 root root 1164 23 mai   22:14 idp-encryption.crt
+-rw-r--r-- 1 root root 1517  2 janv. 14:23 idp-encryption.crt
--rw------- 1 root root 1675 23 mai   22:14 idp-encryption.key
+-rw------- 1 root root 2455  2 janv. 14:23 idp-encryption.key
--rw-r--r-- 1 root root 1164 23 mai   22:14 idp-signing.crt
+-rw-r--r-- 1 root root 1517  2 janv. 14:23 idp-signing.crt
--rw------- 1 root root 1675 23 mai   22:14 idp-signing.key
+-rw------- 1 root root 2459  2 janv. 14:23 idp-signing.key
--rw-r--r-- 1 root root  500 23 mai   22:14 sealer.jks
+-rw-r--r-- 1 root root  502  2 janv. 14:23 sealer.jks
--rw-r--r-- 1 root root   48 23 mai   22:14 sealer.kver
+-rw-r--r-- 1 root root   47  2 janv. 14:23 sealer.kver
 </code>
@@ Line 259: / Line 260: @@
 <code>
-[root@idp3 shibboleth-identity-provider-3.2.1]# chown -R tomcat /opt/shibboleth-idp/
+[root@idp34 shibboleth-identity-provider-3.4.2]# chown -R tomcat /opt/shibboleth-idp/
 </code>
@@ Line 275: / Line 276: @@
 </code>
-quelques secondes apres
+quelques secondes apres grace a l'auto-deploy
 <code>
-root@idp3 localhost]# ls -l /var/lib/tomcat/webapps/idp/
+[root@idp34 shibboleth-identity-provider-3.4.2]# ls -l /var/lib/tomcat/webapps/idp/
 total 32
-drwxr-xr-x 2 tomcat tomcat 4096 25 mai   20:38 css
+drwxr-xr-x 2 tomcat tomcat 4096  2 janv. 14:28 css
-drwxr-xr-x 2 tomcat tomcat 4096 25 mai   20:38 images
+drwxr-xr-x 2 tomcat tomcat 4096  2 janv. 14:28 images
--rw-r--r-- 1 tomcat tomcat 1008 23 mai   22:14 index.jsp
+-rw-r--r-- 1 tomcat tomcat 1008  2 janv. 14:23 index.jsp
-drwxr-xr-x 2 tomcat tomcat 4096 25 mai   20:38 js
+drwxr-xr-x 2 tomcat tomcat 4096  2 janv. 14:28 js
-drwxr-xr-x 2 tomcat tomcat 4096 25 mai   20:38 META-INF
+drwxr-xr-x 2 tomcat tomcat 4096  2 janv. 14:28 META-INF
-drwxr-xr-x 5 tomcat tomcat 4096 25 mai   20:38 WEB-INF
+drwxr-xr-x 5 tomcat tomcat 4096  2 janv. 14:28 WEB-INF
--rw-r--r-- 1 tomcat tomcat 5588 23 mai   22:14 x509-prompt.jsp
+-rw-r--r-- 1 tomcat tomcat 5389  2 janv. 14:23 x509-prompt.jsp
 </code>
@@ Line 302: / Line 304: @@
 en effet il faut ajouter la librairie jstl (cf http://stackoverflow.com/tags/jstl/info)  qui n'est pas fournie par defaut (risque de conflit avec jboss)
-cf aussi https://www.switch.ch/aai/guides/idp/installation/#shibbolethidp sous chapitre 6.12 IdP status URL configuration ou https://services.renater.fr/federation/docs/installation/idp3/chap02#installation_d_un_serveur_d_applications_java jstl .
+cf aussi https://www.switch.ch/aai/guides/idp/installation/#shibbolethidp sous chapitre 6.13 IdP status URL configuration ou https://services.renater.fr/federation/docs/installation/idp3/chap02#installation_d_un_serveur_d_applications_java jstl .
 <code>
-[root@idp3 ~]# cd /var/lib/tomcat/webapps/idp/WEB-INF/lib/
+[root@idp34 shibboleth-identity-provider-3.4.2]# cd /var/lib/tomcat/webapps/idp/WEB-INF/lib/
-[root@idp3 lib]# wget http://central.maven.org/maven2/javax/servlet/jstl/1.2/jstl-1.2.jar
+[root@idp34 lib]# wget http://central.maven.org/maven2/javax/servlet/jstl/1.2/jstl-1.2.jar
-[root@idp3 lib]# systemctl restart tomcat
+-01-02 14:34:08 (9,27 MB/s) - «jstl-1.2.jar» sauvegardé [414240/414240]
+[root@idp34 lib]# systemctl restart tomcat
 </code>
+Pour l'acces en https au status il faut autorise l'IP source du navigateur d'admin
+<code>
+# vim /opt/shibboleth-idp/conf/access-control.xml
+<code>
+...
+ <util:map id="shibboleth.AccessControlPolicies">
+        <entry key="AccessByIPAddress">
+            <bean id="AccessByIPAddress" parent="shibboleth.IPRangeAccessControl"
+                p:allowedRanges="#{ {'127.0.0.1/32', '::1/128', '192.168.0.0/24'} }" />
+        </entry>
+        ...
+</code>
+maintenant accessible en https://idp3.imtbstsp.eu/idp/status
 acces status possible en shell également
 <code>
- [root@idp3 ~]#  /opt/shibboleth-idp/bin/status.sh
+[root@idp34 bin]# /opt/shibboleth-idp/bin/status.sh
 ### Operating Environment Information
 operating_system: Linux
-operating_system_version: 2.6.32-042stab113.21
+operating_system_version: 3.10.0
 operating_system_architecture: amd64
-jdk_version: 1.8.0_91
+jdk_version: 1.8.0_191
-available_cores: 32
+available_cores: 12
-used_memory: 217 MB
+used_memory: 137 MB
 maximum_memory: 455 MB
 ### Identity Provider Information
-idp_version: 3.2.1
+idp_version: 3.4.2
-start_time: 2016-06-21T10:25:36+02:00
+start_time: 2019-01-02T14:35:21Z
-current_time: 2016-06-21T10:25:36+02:00
+current_time: 2019-01-02T14:36:42Z
-uptime: 518 ms
+uptime: 80907 ms
-service: shibboleth.LoggingService
-last successful reload attempt: 2016-06-21T08:20:43Z
-last reload attempt: 2016-06-21T08:20:43Z
-....
 </code>
-Pour l'acces en http au status il faut autorise l'IP
-<code>
-CT-a84f4e90 shibboleth-identity-provider-3.3.0# vim /opt/shibboleth-idp/conf/access-control.xml
-<code>
-...
- <util:map id="shibboleth.AccessControlPolicies">
-        <entry key="AccessByIPAddress">
-            <bean id="AccessByIPAddress" parent="shibboleth.IPRangeAccessControl"
-                p:allowedRanges="#{ {'127.0.0.1/32', '::1/128', '192.168.0.0/24'} }" />
-        </entry>
-        ...
-</code>
@@ Line 384: / Line 387: @@
 <code>
-[root@idp3 shibboleth-idp]# wget -O /opt/shibboleth-idp/credentials/metadata-federation-renater.crt https://federation.renater.fr/test/metadata-federation-renater.crt
+[root@idp34]# cd /opt/shibboleth-idp/credentials/
+[root@idp34 credentials]# /usr/bin/curl -O https://metadata.federation.renater.fr/certs/renater-metadata-signing-cert-2016.pem
 </code>
@@ Line 391: / Line 396: @@
 <code>
 [root@idp3 conf]# tail -18 metadata-providers.xml
+         <!-- Federation de test renater -->
+   <MetadataProvider id="RenaterTestMetadata"
+                              xsi:type="FileBackedHTTPMetadataProvider"
+                      backingFile="%{idp.home}/metadata/preview-sps-renater-test-metadata.xml"
+                      metadataURL="https://metadata.federation.renater.fr/test/preview/preview-sps-renater-test-metadata.xml">
+                <MetadataFilter xsi:type="SignatureValidation"
+                requireSignedRoot="true"
+                certificateFile="%{idp.home}/credentials/renater-metadata-signing-cert-2016.pem">
+                </MetadataFilter>
+        </MetadataProvider>
-    <!-- Federation de test renater -->
-    <MetadataProvider id="RenaterTestMetadata"
-                      xsi:type="FileBackedHTTPMetadataProvider"
-                      backingFile="%{idp.home}/metadata/renater-test-metadata.xml"
-                      metadataURL="https://federation.renater.fr/test/renater-test-metadata.xml">
-        <MetadataFilter xsi:type="SignatureValidation"
-            requireSignedRoot="true"
-            certificateFile="%{idp.home}/credentials/metadata-federation-renater.crt">
-        </MetadataFilter>
-        <MetadataFilter xsi:type="EntityRoleWhiteList">
-            <RetainedRole>md:SPSSODescriptor</RetainedRole>
-        </MetadataFilter>
     </MetadataProvider>
@@ Line 414: / Line 420: @@
 <code>
-[root@idp3 conf]# systemctl restart tomcat.service
+[root@idp34 conf]# systemctl restart tomcat.service
-[root@idp3 conf]# ls -l ../metadata/
-total 6480
+[root@idp34 conf]#  ls -ltr ../metadata/
--rw-r--r--  1 tomcat root     12221 23 mai   22:14 idp-metadata.xml
+total 31308
--rw-r--r--  1 tomcat tomcat 6613630 21 juin  18:54 renater-test-metadata.xml
+-rw-r--r-- 1 tomcat root      14590  2 janv. 14:23 idp-metadata.xml
+-rw-r--r-- 1 tomcat tomcat  6787283  2 janv. 14:47 preview-sps-renater-test-metadata.xml
 </code>
@@ Line 428: / Line 436: @@
 idp-process.log :
--06-21 18:55:56,043 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:306] - Next refresh cycle for metadata provider 'https://federation.renater.fr/test/renater-test-metadata.xml' will occur on '2016-06-21T19:55:55.999Z' ('2016-06-21T21:55:55.999+02:00' local time)
--06-21 18:55:56,062 - INFO [Shibboleth-Audit.Reload:241] - 20160621T165556Z||||http://shibboleth.net/ns/profiles/reload-metadata|||||||||
+-01-02 14:48:18,248 - 127.0.0.1 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:574] - Metadata Resolver FileBackedHTTPMetadataResolver RenaterTestMetadata: New metadata successfully loaded for 'https://metadata.federation.renater.fr/test/preview/preview-sps-renater-test-metadata.xml'
+-01-02 14:48:18,250 - 127.0.0.1 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:384] - Metadata Resolver FileBackedHTTPMetadataResolver RenaterTestMetadata: Next refresh cycle for metadata provider 'https://metadata.federation.renater.fr/test/preview/preview-sps-renater-test-metadata.xml' will occur on '2019-01-02T15:33:16.891Z' ('2019-01-02T15:33:16.891Z' local time)
+-01-02 14:48:18,268 - 127.0.0.1 - INFO [Shibboleth-Audit.Reload:275] - 20190102T144818Z||||http://shibboleth.net/ns/profiles/reload-metadata|||||||||
 </code>
@@ Line 487: / Line 499: @@
   * https://wiki.shibboleth.net/confluence/display/IDP30/PasswordAuthnConfiguration
   * https://spaces.internet2.edu/pages/viewpage.action?pageId=49841792#LinuxIdentityProviderIdPv3(RHEL7)-1.CustomizetheIdP'sLoginPage
+  * http://shibboleth.1660669.n2.nabble.com/Customising-login-page-in-IdP-v3-td7616265.html
 <code>
@@ Line 639: / Line 652: @@
 https://services.renater.fr/federation/docs/installation/idp3/chap08
-<code>
-[root@idp3]# cd /opt/src/
-[root@idp3 src]# git clone https://github.com/Unicon/shib-cas-authn3 shib-cas-authn3-git-master
+<code>
-Cloning into 'shib-cas-authn3-git-master'...
+[root@idp34 src]# wget https://github.com/Unicon/shib-cas-authn3/releases/download/3.2.3/shib-cas-authn3-3.2.3.tar
-remote: Counting objects: 1172, done.
+[root@idp34 src]# tar xvf shib-cas-authn3-3.2.3.tar
-remote: Total 1172 (delta 0), reused 0 (delta 0), pack-reused 1172
+...
-Receiving objects: 100% (1172/1172), 991.61 KiB | 884.00 KiB/s, done.
+shib-cas-authn3-3.2.3/edit-webapp/WEB-INF/lib/cas-client-core-3.4.1.jar
-Resolving deltas: 100% (427/427), done.
+shib-cas-authn3-3.2.3/edit-webapp/WEB-INF/lib/shib-cas-authenticator-3.2.3.jar
+shib-cas-authn3-3.2.3/edit-webapp/no-conversation-state.jsp
+..
-[root@idp3 src]# cp -R /opt/src/shib-cas-authn3-git-master/IDP_HOME/flows/authn/Shibcas/ /opt/shibboleth-idp/flows/authn/
+[root@idp34 src]# cp shib-cas-authn3-3.2.3/edit-webapp/WEB-INF/lib/shib-cas-authenticator-3.2.3.jar /opt/shibboleth-idp/edit-webapp/WEB-INF/lib
-[root@idp3 src]# wget https://github.com/Unicon/shib-cas-authn3/releases/download/v3.0.0/shib-cas-authenticator-3.0.0.jar
-[root@idp3 src]# mv shib-cas-authenticator-3.0.0.jar /opt/shibboleth-idp/edit-webapp/WEB-INF/lib/
-[root@idp3 src]# wget http://central.maven.org/maven2/org/jasig/cas/client/cas-client-core/3.3.3/cas-client-core-3.3.3.jar
-[root@idp3 src]# mv cas-client-core-3.3.3.jar /opt/shibboleth-idp/edit-webapp/WEB-INF/lib/
+[root@idp34 src]# cp -R shib-cas-authn3-3.2.3/flows/authn/Shibcas/ /opt/shibboleth-idp/flows/authn/
+[root@idp34 src]# ls -ltr /opt/shibboleth-idp/flows/authn/Shibcas/
+total 8
+-rw-r--r-- 1 root root 2290  2 janv. 21:23 shibcas-authn-flow.xml
+-rw-r--r-- 1 root root 3241  2 janv. 21:23 shibcas-authn-beans.xml
+[root@idp34 src]# wget http://central.maven.org/maven2/org/jasig/cas/client/cas-client-core/3.5.1/cas-client-core-3.5.1.jar
+[root@idp34 src]# cp cas-client-core-3.5.1.jar /opt/shibboleth-idp/edit-webapp/WEB-INF/lib/
 </code>
@@ Line 685: / Line 701: @@
 <code>
+[root@idp34 conf]# cd /opt/shibboleth-idp/conf/authn/
+[root@idp34 authn]# cp general-authn.xml general-authn.xml.dist
 [root@idp3 authn]# diff general-authn.xml general-authn.xml.dist
 ,98d92

docpublic/systemes/shibboleth/idpv3x.1485957888.txt.gz · Last modified: 2017/02/01 14:04 by procacci@tem-tsp.eu

Show page Old revisions

[unknown link type]Back to top