[[Idpv3x]]
Trace:
Show pageOld revisions
AdminRecent ChangesSitemap

* ancien site

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
docpublic:systemes:shibboleth:idpv3x [2019/01/02 14:38]
procacci@tem-tsp.eu [status et jstl] 		docpublic:systemes:shibboleth:idpv3x [2019/01/02 21:57] (current)
procacci@tem-tsp.eu [SSO CAS]
Line 387: Line 387:
  
 <code> <code>
-[root@idp3 shibboleth-idp]# wget -O /opt/shibboleth-idp/credentials/metadata-federation-renater.crt https://federation.renater.fr/test/metadata-federation-renater.crt+[root@idp34]# cd /opt/shibboleth-idp/credentials/ 
 +[root@idp34 credentials]# /usr/bin/curl -https://metadata.federation.renater.fr/certs/renater-metadata-signing-cert-2016.pem  
 </code> </code>
  
Line 394: Line 396:
 <code> <code>
 [root@idp3 conf]# tail -18 metadata-providers.xml [root@idp3 conf]# tail -18 metadata-providers.xml
 +         
 +         <!-- Federation de test renater -->
 +   <MetadataProvider id="RenaterTestMetadata"
 +                              xsi:type="FileBackedHTTPMetadataProvider"
 +                      backingFile="%{idp.home}/metadata/preview-sps-renater-test-metadata.xml"
 +                      metadataURL="https://metadata.federation.renater.fr/test/preview/preview-sps-renater-test-metadata.xml">
 +
 +                <MetadataFilter xsi:type="SignatureValidation"
 +                requireSignedRoot="true"
 +                certificateFile="%{idp.home}/credentials/renater-metadata-signing-cert-2016.pem">
 +                </MetadataFilter>
 +        </MetadataProvider>
 +
                      
-    <!-- Federation de test renater --> +   
-    <MetadataProvider id="RenaterTestMetadata" +
-                      xsi:type="FileBackedHTTPMetadataProvider" +
-                      backingFile="%{idp.home}/metadata/renater-test-metadata.xml" +
-                      metadataURL="https://federation.renater.fr/test/renater-test-metadata.xml">  +
-  +
-        <MetadataFilter xsi:type="SignatureValidation" +
-            requireSignedRoot="true" +
-            certificateFile="%{idp.home}/credentials/metadata-federation-renater.crt"> +
-        </MetadataFilter> +
-        <MetadataFilter xsi:type="EntityRoleWhiteList"> +
-            <RetainedRole>md:SPSSODescriptor</RetainedRole> +
-        </MetadataFilter>+
    
     </MetadataProvider>     </MetadataProvider>
Line 417: Line 420:
  
 <code> <code>
-[root@idp3 conf]# systemctl restart tomcat.service  +[root@idp34 conf]# systemctl restart tomcat.service  
-[root@idp3 conf]# ls -../metadata/ + 
-total 6480 +[root@idp34 conf]#  ls -ltr ../metadata/ 
--rw-r--r--  1 tomcat root     12221 23 mai   22:14 idp-metadata.xml +total 31308 
--rw-r--r--  1 tomcat tomcat 6613630 21 juin  18:54 renater-test-metadata.xml+-rw-r--r-- 1 tomcat root      14590  2 janv. 14:23 idp-metadata.xml 
 +-rw-r--r-- 1 tomcat tomcat  6787283  2 janv. 14:47 preview-sps-renater-test-metadata.xml 
 </code> </code>
  
Line 431: Line 436:
  
 idp-process.log : idp-process.log :
-2016-06-21 18:55:56,043 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:306] - Next refresh cycle for metadata provider 'https://federation.renater.fr/test/renater-test-metadata.xml' will occur on '2016-06-21T19:55:55.999Z' ('2016-06-21T21:55:55.999+02:00' local time) + 
-2016-06-21 18:55:56,062 - INFO [Shibboleth-Audit.Reload:241] - 20160621T165556Z||||http://shibboleth.net/ns/profiles/reload-metadata|||||||||+2019-01-02 14:48:18,248 - 127.0.0.1 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:574] - Metadata Resolver FileBackedHTTPMetadataResolver RenaterTestMetadataNew metadata successfully loaded for 'https://metadata.federation.renater.fr/test/preview/preview-sps-renater-test-metadata.xml' 
 +2019-01-02 14:48:18,250 - 127.0.0.1 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:384] - Metadata Resolver FileBackedHTTPMetadataResolver RenaterTestMetadata: Next refresh cycle for metadata provider 'https://metadata.federation.renater.fr/test/preview/preview-sps-renater-test-metadata.xml' will occur on '2019-01-02T15:33:16.891Z' ('2019-01-02T15:33:16.891Z' local time) 
 +2019-01-02 14:48:18,268 - 127.0.0.1 - INFO [Shibboleth-Audit.Reload:275] - 20190102T144818Z||||http://shibboleth.net/ns/profiles/reload-metadata||||||||| 
 + 
  
 </code> </code>
Line 642: Line 651:
  
 https://services.renater.fr/federation/docs/installation/idp3/chap08 https://services.renater.fr/federation/docs/installation/idp3/chap08
 +
  
 <code> <code>
-[root@idp3]# cd /opt/src/ +[root@idp34 src]# wget https://github.com/Unicon/shib-cas-authn3/releases/download/3.2.3/shib-cas-authn3-3.2.3.tar 
- +[root@idp34 src]# tar xvf shib-cas-authn3-3.2.3.tar 
-[root@idp3 src]# git clone https://github.com/Unicon/shib-cas-authn3 shib-cas-authn3-git-master +..
-Cloning into 'shib-cas-authn3-git-master'... +shib-cas-authn3-3.2.3/edit-webapp/WEB-INF/lib/cas-client-core-3.4.1.jar 
-remote: Counting objects: 1172, done+shib-cas-authn3-3.2.3/edit-webapp/WEB-INF/lib/shib-cas-authenticator-3.2.3.jar 
-remote: Total 1172 (delta 0), reused 0 (delta 0), pack-reused 1172 +shib-cas-authn3-3.2.3/edit-webapp/no-conversation-state.jsp 
-Receiving objects: 100% (1172/1172), 991.61 KiB | 884.00 KiB/s, done+..
-Resolving deltas: 100% (427/427), done.+
  
-[root@idp3 src]# cp -R /opt/src/shib-cas-authn3-git-master/IDP_HOME/flows/authn/Shibcas/ /opt/shibboleth-idp/flows/authn/ +[root@idp34 src]# cp shib-cas-authn3-3.2.3/edit-webapp/WEB-INF/lib/shib-cas-authenticator-3.2.3.jar /opt/shibboleth-idp/edit-webapp/WEB-INF/lib
-[root@idp3 src]# wget https://github.com/Unicon/shib-cas-authn3/releases/download/v3.0.0/shib-cas-authenticator-3.0.0.jar  +
-[root@idp3 src]# mv shib-cas-authenticator-3.0.0.jar /opt/shibboleth-idp/edit-webapp/WEB-INF/lib/  +
-[root@idp3 src]# wget http://central.maven.org/maven2/org/jasig/cas/client/cas-client-core/3.3.3/cas-client-core-3.3.3.jar+
  
-[root@idp3 src]# mv cas-client-core-3.3.3.jar /opt/shibboleth-idp/edit-webapp/WEB-INF/lib/+[root@idp34 src]# cp -R shib-cas-authn3-3.2.3/flows/authn/Shibcas/ /opt/shibboleth-idp/flows/authn/ 
 +[root@idp34 src]# ls -ltr /opt/shibboleth-idp/flows/authn/Shibcas/ 
 +total 8 
 +-rw-r--r-- 1 root root 2290  2 janv. 21:23 shibcas-authn-flow.xml 
 +-rw-r--r-- 1 root root 3241  2 janv. 21:23 shibcas-authn-beans.xml
  
 +[root@idp34 src]# wget http://central.maven.org/maven2/org/jasig/cas/client/cas-client-core/3.5.1/cas-client-core-3.5.1.jar
 +[root@idp34 src]# cp cas-client-core-3.5.1.jar /opt/shibboleth-idp/edit-webapp/WEB-INF/lib/
 </code> </code>
  
Line 689: Line 701:
  
 <code> <code>
 +
 +[root@idp34 conf]# cd /opt/shibboleth-idp/conf/authn/
 +[root@idp34 authn]# cp general-authn.xml general-authn.xml.dist
 +
 [root@idp3 authn]# diff general-authn.xml general-authn.xml.dist  [root@idp3 authn]# diff general-authn.xml general-authn.xml.dist 
 93,98d92 93,98d92
docpublic/systemes/shibboleth/idpv3x.1546439917.txt.gz · Last modified: 2019/01/02 14:38 by procacci@tem-tsp.eu
Show pageOld revisions
[unknown link type]Back to top
CC Attribution-Noncommercial-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0