Differences

This shows you the differences between two versions of the page.

--- docpublic:systemes:shibboleth:idpv4xc8 [2021/06/04 13:41]
adminjp [test attributes cli]
+++ docpublic:systemes:shibboleth:idpv4xc8 [2021/06/30 17:48] (current)
adminjp [personnaliser la page de login interne]
@@ Line 325: / Line 325: @@
 <code>
-[root@idpx opt]# mkdir shibidp-src-4.1.0
+[root@idpx opt]# mkdir shibidp-src-4.1.2
-[root@idpx opt]# cd shibidp-src-4.1.0/
+[root@idpx opt]# cd shibidp-src-4.1.2/
-[root@idpx shibidp-src-4.1.0]# wget https://shibboleth.net/downloads/identity-provider/4.1.0/shibboleth-identity-provider-4.1.0.tar.gz
+[root@idpx shibidp-src-4.1.2]# wget https://shibboleth.net/downloads/identity-provider/4.1.2/shibboleth-identity-provider-4.1.2.tar.gz
---2021-05-10 21:32:12--  https://shibboleth.net/downloads/identity-provider/4.1.0/shibboleth-identity-provider-4.1.0.tar.gz
-[root@idpx shibidp-src]# tar xvfz shibboleth-identity-provider-4.1.0.tar.gz
+[root@idpx shibidp-src]# tar xvfz shibboleth-identity-provider-4.1.2.tar.gz
-[root@idpx shibidp-src]# cd shibboleth-identity-provider-4.1.0
+[root@idpx shibidp-src]# cd shibboleth-identity-provider-4.1.2
-[root@idpx shibboleth-identity-provider-4.1.0]# ls
+[root@idpx shibboleth-identity-provider-4.1.2]# ls
 bin  conf  credentials  doc  flows  LICENSE.txt  logs  messages  metadata  system  views  webapp
 </code>
@@ Line 342: / Line 342: @@
 <code>
-[root@idpx shibboleth-identity-provider-4.1.0]# ./bin/install.sh
+[root@idpx shibboleth-identity-provider-4.1.2]# ./bin/install.sh
-Buildfile: /opt/shibidp-src/shibboleth-identity-provider-4.0.1/bin/build.xml
+Buildfile: /opt/shibidp-src/shibboleth-identity-provider-4.1.2/bin/build.xml
 install:
-Source (Distribution) Directory (press <enter> to accept default): [/opt/shibidp-src/shibboleth-identity-provider-4.1.0] ?
+Source (Distribution) Directory (press <enter> to accept default): [/opt/shibidp-src/shibboleth-identity-provider-4.1.2] ?
 Installation Directory: [/opt/shibboleth-idp] ?
-INFO [net.shibboleth.idp.installer.V4Install:151] - New Install.  Version: 4.1.0
+INFO [net.shibboleth.idp.installer.V4Install:151] - New Install.  Version: 4.1.2
 Host Name: [idpx.intbstsp.fr] ?
 idpex.imtbstsp.eu
@@ Line 369: / Line 369: @@
 INFO [net.shibboleth.idp.installer.V4Install:433] - Creating Metadata to /opt/shibboleth-idp/metadata/idp-metadata.xml
-INFO [net.shibboleth.idp.installer.BuildWar:72] - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.1.0
+INFO [net.shibboleth.idp.installer.BuildWar:72] - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.1.2
 INFO [net.shibboleth.idp.installer.BuildWar:81] - Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
 INFO [net.shibboleth.idp.installer.BuildWar:90] - Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
@@ Line 382: / Line 382: @@
 <code>
-[root@idpx shibboleth-identity-provider-4.0.1]# ls -l /opt/shibboleth-idp/credentials/
+[root@idpx shibboleth-identity-provider-4.1.2]# ls -l /opt/shibboleth-idp/credentials/
 total 36
--rw------- 1 root root 1525 10 mai   22:16 idp-backchannel.crt
+-rw------- 1 root root 1517 11 juin  15:18 idp-backchannel.crt
--rw------- 1 root root 3409 10 mai   22:16 idp-backchannel.p12
+-rw------- 1 root root 3399 11 juin  15:18 idp-backchannel.p12
--rw------- 1 root root 1525 10 mai   22:15 idp-encryption.crt
+-rw------- 1 root root 1517 11 juin  15:18 idp-encryption.crt
--rw------- 1 root root 2455 10 mai   22:15 idp-encryption.key
+-rw------- 1 root root 2459 11 juin  15:18 idp-encryption.key
--rw------- 1 root root 1525 10 mai   22:15 idp-signing.crt
+-rw------- 1 root root 1517 11 juin  15:18 idp-signing.crt
--rw------- 1 root root 2459 10 mai   22:15 idp-signing.key
+-rw------- 1 root root 2455 11 juin  15:18 idp-signing.key
--rw------- 1 root root  502 10 mai   22:17 sealer.jks
+-rw------- 1 root root  502 11 juin  15:19 sealer.jks
--rw------- 1 root root   53 10 mai   22:17 sealer.kver
+-rw------- 1 root root   53 11 juin  15:19 sealer.kver
--rw------- 1 root root  581 10 mai   22:17 secrets.properties
+-rw------- 1 root root  581 11 juin  15:19 secrets.properties
 </code>
@@ Line 398: / Line 398: @@
 <code>
-[root@idpx shibboleth-identity-provider-4.0.1]# chown -R tomcat /opt/shibboleth-idp/
+[root@idpx shibboleth-identity-provider-4.1.2]# chown -R tomcat /opt/shibboleth-idp/
 </code>
@@ Line 466: / Line 466: @@
 [root@idpx war]# cd /opt/shibboleth-idp/edit-webapp/WEB-INF/lib/
 [root@idpx lib]# wget https://build.shibboleth.net/nexus/service/local/repositories/thirdparty/content/javax/servlet/jstl/1.2/jstl-1.2.jar
---2020-07-05 11:33:02--  https://build.shibboleth.net/nexus/service/local/repositories/thirdparty/content/javax/servlet/jstl/1.2/jstl-1.2.jar
 </code>
@@ Line 475: / Line 474: @@
 <code>
-[root@idpx]# cd /opt/shibidp-src-4.1.0/shibboleth-identity-provider-4.1.0/
+[root@idpx]# cd /opt/shibboleth-identity-provider-4.1.2/
 [root@idpx] cd webapp/
 [root@idpx webapp]# ls
-css  images  index.jsp  js  META-INF  WEB-INF  x509-prompt.jsp
+css  images  index.jsp  js  META-INF  WEB-INF
 [root@idpx webapp]# cd WEB-INF/
 [root@idpx WEB-INF]# ls
@@ Line 489: / Line 488: @@
 <code>
-[root@idpx shibboleth-identity-provider-4.1.0]# ./bin/install.sh
+[root@idpx shibboleth-identity-provider-4.1.2]# ./bin/install.sh
-Buildfile: /opt/shibidp-src/shibboleth-identity-provider-4.1.0/bin/build.xml
+Buildfile: /opt/shibboleth-identity-provider-4.1.2/bin/build.xml
 install:
-Source (Distribution) Directory (press <enter> to accept default): [/opt/shibidp-src/shibboleth-identity-provider-4.1.0] ?
+Source (Distribution) Directory (press <enter> to accept default): [/opt/shibboleth-identity-provider-4.1.2] ?
 Installation Directory: [/opt/shibboleth-idp] ?
-INFO [net.shibboleth.idp.installer.V4Install:162] - Update from version 4.1.0 to version 4.1.0
+INFO [net.shibboleth.idp.installer.V4Install:162] - Update from version 4.1.2 to version 4.1.2
-INFO [net.shibboleth.idp.installer.BuildWar:103] - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.1.0
+INFO [net.shibboleth.idp.installer.BuildWar:103] - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.1.2
 INFO [net.shibboleth.idp.installer.BuildWar:113] - Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
 INFO [net.shibboleth.idp.installer.BuildWar:92] - Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
@@ Line 504: / Line 503: @@
 BUILD SUCCESSFUL
-Total time: 15 seconds
+Total time: 7 seconds
 </code>
@@ Line 529: / Line 529: @@
 <code>
-[root@idpx ~]# /opt/shibboleth-idp/bin/status.sh
+[root@idpx shibboleth-idp]#  /opt/shibboleth-idp/bin/status.sh
 ### Operating Environment Information
 operating_system: Linux
 operating_system_version: 4.18.0
 operating_system_architecture: amd64
-jdk_version: 11.0.9.1
+jdk_version: 11.0.11
-available_cores: 12
+available_cores: 32
-used_memory: 139 MB
+used_memory: 144 MB
 maximum_memory: 910 MB
 ### Identity Provider Information
-idp_version: 4.1.0
+idp_version: 4.1.2
-start_time: 2021-05-10T20:42:12.417Z
+start_time: 2021-06-11T13:36:01.576Z
-current_time: 2021-05-10T20:42:13.870791Z
+current_time: 2021-06-11T13:36:37.322735Z
-uptime: PT1.453S
+uptime: PT35.746S
 enabled modules:
 	idp.authn.Password (Password Authentication)
 	idp.admin.Hello (Hello World)
+installed plugins:
+service: shibboleth.LoggingService
+last successful reload attempt: 2021-06-11T13:35:43.310718Z
+last reload attempt: 2021-06-11T13:35:43.310718Z
+service: shibboleth.AttributeFilterService
+last successful reload attempt: 2021-06-11T13:35:45.623677Z
+last reload attempt: 2021-06-11T13:35:45.623677Z
 ...
+service: shibboleth.ManagedBeanService
+last successful reload attempt: 2021-06-11T13:35:46.160136Z
+last reload attempt: 2021-06-11T13:35:46.160136Z
 </code>
@@ Line 743: / Line 758: @@
 ==== personnaliser la page de login interne ====
-il est possible de personnaliser la page de login intégré a l'IDP cf:
+Avant de passer a une delagation d'authN via CAS, il est possible de personnaliser la page de login intégré a l'IDP cf:
   * https://wiki.shibboleth.net/confluence/display/IDP30/PasswordAuthnConfiguration
@@ Line 766: / Line 781: @@
-en IDP v4 , mettre l'image du logo dans les sources , permet apres un install.sh d'assurer son deploiement dans le webapps de tomcat et donc le rend bien operationnel
+en IDP v4 , lors du deploiement initial mettre l'image du logo dans les sources , permet apres un install.sh d'assurer son deploiement dans le webapps de tomcat et donc le rend bien operationnel
 <code>
@@ Line 774: / Line 789: @@
 idp.logo=/images/IMT_logo_RVB.jpg
+</code>
+==== Logo sur views / messages ====
+ref : https://wiki.shibboleth.net/confluence/display/IDP4/ErrorHandlingConfiguration
+en IDP v 4.1.2 pour afficher le logo de l'etablissement dans les views (ecran d'interception) , il faut :
+  - deposer le fichier de logo dans le repertoire
+  - editer le fichier de porpertis des message pour y definir le parametre idp.logo
+  - relancer le buid + stop-start de tomcat
+=== 1) deposer le fichier logo ===
+<code>
+[root@idp4t shibboleth-idp]# ls -l edit-webapp/images/logo-imtbs-tsp.png
+-rw-r--r-- 1 root root 13640 30 juin  07:53 edit-webapp/images/logo-oursite.png
+</code>
+=== 2) messages.properties ====
+<code>
+[root@idp4t shibboleth-idp]# cat messages/messages.properties
+# You can define message properties here to override messages defined in
+# the system-supplied message file or to add your own messages.
+idp.logo = /images/logo-oursite.png
+</code>
+=== 3) re-build ===
+on rebuild le war afin qu'il soit redeployer dans le webapps de tomcat
+<code>
+[root@idp4t shibboleth-idp]# ./bin/build.sh
+Buildfile: /opt/shibboleth-idp/bin/build.xml
+build-war:
+Installation Directory: [/opt/shibboleth-idp] ?
+INFO [net.shibboleth.idp.installer.BuildWar:103] - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.1.2
+INFO [net.shibboleth.idp.installer.BuildWar:113] - Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
+INFO [net.shibboleth.idp.installer.BuildWar:92] - Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
+INFO [net.shibboleth.idp.installer.BuildWar:125] - Creating war file /opt/shibboleth-idp/war/idp.war
+BUILD SUCCESSFUL
+Total time: 7 seconds
 </code>
 ===== Attribute Resolver v4 =====
@@ Line 1092: / Line 1154: @@
 </code>
-==== activation ====
+==== activation consent ====
-activer le module de consentement
+activer le module de consentement :
+  * https://wiki.shibboleth.net/confluence/display/IDP4/ConsentConfiguration
+  * https://doku.tid.dfn.de/de:shibidp:config-tou
 <code>
@@ Line 1104: / Line 1168: @@
 [OK]
 </code>
+Depuis 4.1.x
+<code>
+<!-- Insert bean that references the static terms-of-use from consent-messages.properties -->
+<bean id="shibboleth.consent.terms-of-use.Key" class="com.google.common.base.Functions" factory-method="constant">
+        <constructor-arg value="my-terms"/>
+    </bean>
+</code>
+===== Upgrade =====
+https://wiki.shibboleth.net/confluence/display/IDP4/Upgrading
+Exemple ici du passage d'une 4.1.0 en 4.1.2
+recuperer les sources
+<code>
+[root@idpx opt]# wget https://shibboleth.net/downloads/identity-provider/4.1.2/shibboleth-identity-provider-4.1.2.tar.gz
+</code>
+sauver / backup de l'existant
+<code>
+[root@idpx opt]# cp -a shibboleth-idp shibboleth-idp-prod-4.1.0
+</code>
+desarchiver et se deplacer dans l'arborescence des sources de cette nouvelle version
+<code>
+[root@idpx opt]# tar xvfz shibboleth-identity-provider-4.1.2.tar.gz
+[root@idpx opt]# cd shibboleth-identity-provider-4.1.2
+</code>
+Lancer l'installation vers la destination de production actuelle (ici /opt/shibboleth-idp) , ainsi il sera fait un upgrade (cela garde la configuration !)
+<code>
+[root@idpx shibboleth-identity-provider-4.1.2]#  ./bin/install.sh
+Buildfile: /opt/shibboleth-identity-provider-4.1.2/bin/build.xml
+install:
+Source (Distribution) Directory (press <enter> to accept default): [/opt/shibboleth-identity-provider-4.1.2] ?
+Installation Directory: [/opt/shibboleth-idp] ?
+INFO [net.shibboleth.idp.installer.V4Install:162] - Update from version 4.1.0 to version 4.1.2
+INFO [net.shibboleth.idp.installer.BuildWar:103] - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.1.2
+INFO [net.shibboleth.idp.installer.BuildWar:113] - Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
+INFO [net.shibboleth.idp.installer.BuildWar:92] - Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
+INFO [net.shibboleth.idp.installer.BuildWar:125] - Creating war file /opt/shibboleth-idp/war/idp.war
+BUILD SUCCESSFUL
+Total time: 31 seconds
+</code>
+rebuild du war
+<code>
+[root@idpx shibboleth-idp]# ./bin/build.sh
+Buildfile: /opt/shibboleth-idp/bin/build.xml
+build-war:
+Installation Directory: [/opt/shibboleth-idp] ?
+INFO [net.shibboleth.idp.installer.BuildWar:103] - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.1.2
+INFO [net.shibboleth.idp.installer.BuildWar:113] - Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
+INFO [net.shibboleth.idp.installer.BuildWar:92] - Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
+INFO [net.shibboleth.idp.installer.BuildWar:125] - Creating war file /opt/shibboleth-idp/war/idp.war
+BUILD SUCCESSFUL
+Total time: 6 seconds
+</code>
+puis stop/start de tomcat afin de redeployer ce nouveau war .
 ===== Delegation d'authentification a CAS =====
@@ Line 1213: / Line 1358: @@
 +## Shibboleth Server Properties
-+shibcas.serverName = https://ssocas6.domain.fr
++shibcas.serverName = https://ourIDP.domain.fr
 +
 +# By default you always get the AuthenticatedNameTranslator, add additional code to cover your custom needs.

docpublic/systemes/shibboleth/idpv4xc8.1622814084.txt.gz · Last modified: 2021/06/04 13:41 by adminjp

Show page Old revisions

[unknown link type]Back to top