Il sito dedicato all'informatica ideato da Iasparra Francesco
Installazione del IDP di Shibboleth (Identity Provider)
1) Scaricare l'ultima versione di shibboleth-identityprovider-version-bin.zipWhere should the Shibboleth Identity Provider software be installed? [/opt/shibboleth-idp] /mnt/programs/shibboleth-idp What is the fully qualified hostname of the Shibboleth Identity Provider server? [idp.example.org] idp.debian1.server A keystore is about to be generated for you. Please enter a password that will be used to protect it. sviluppo4) Creare la variabile di ambiente nel file .bashrc:
export IDP_HOME=/mnt/programs/shibboleth-idp5) Posizionarsi nella cartella:
cd /mnt/programs/shibboleth-idp/wared eseguire i seguenti comandi:
unzip idp.war -d idpotteniamo in questo modo la cartella contenente la webapplication:
/mnt/programs/shibboleth-idp/war/idp6) Aggiungere alla webapps la pagina /mnt/programs/shibboleth-idp/war/idp/logout.jsp:
<%@page import="edu.internet2.middleware.shibboleth.common.profile.AbstractErrorHandler"%> <%@ page import="edu.internet2.middleware.shibboleth.idp.authn.LoginContext" %> <%@ page import="org.opensaml.util.storage.StorageService" %> <%@ page import="edu.internet2.middleware.shibboleth.idp.authn.LoginHandler" %> <%@ page import="edu.internet2.middleware.shibboleth.idp.session.*" %> <%@ page import="edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper" %> <%@ page import="edu.internet2.middleware.shibboleth.idp.authn.AuthenticationException" %> <%@ page import="org.opensaml.saml2.metadata.*" %> <%@ page import="javax.servlet.RequestDispatcher" %> <%@ page import="javax.servlet.ServletConfig" %> <%@ page import="javax.servlet.ServletException" %> <%@ page import="javax.servlet.http.Cookie" %> <%@ page import="javax.servlet.http.HttpServlet" %> <%@ page import="javax.servlet.http.HttpServletRequest" %> <%@ page import="javax.servlet.http.HttpServletResponse" %> <%@ page import="javax.servlet.http.HttpSession" %> <% String IDP_SESSION_COOKIE_NAME = "_idp_session"; Cookie[] cc = request.getCookies(); for(int i=0;i<cc.length;i++) { cc[i].setMaxAge(0); cc[i].setSecure(false); cc[i].setPath("/idp"); response.addCookie(cc[i]); } %>Nel tag <body>
Configurazione di Tomcat
1) Modificare il file:<TOMCAT_HOME>/conf/server.xmlalle voci opportune:
<Connector port="8180" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLImplementation="edu.internet2.middleware.security.tomcat6.DelegateToApplicationJSSEImplementation" scheme="https" SSLEnabled="true" clientAuth="true" keystoreFile="/mnt/programs/shibboleth-idp/credentials/idp.jks" keystorePass="sviluppo" />2) Scaricare tomcat6-dta-ssl-1.0.0.jar e copiare in <TOMCAT_HOME>/lib
<?xml version="1.0" encoding="UTF-8"?> <Context path="idp" docBase="/mnt/programs/shibboleth-idp/war/idp/" unpackWAR="false" swallowOutput="true" privileged="true" antiResourceLocking="false" antiJARLocking="false" />5) Riavviare Tomcate e testare il funzionamento con i seguenti link:
http://127.0.0.1:8180/idp/status http://127.0.0.1:8180/idp/profile/Status