Il sito dedicato all'informatica ideato da Iasparra Francesco
Creazione di una webapp di esempio
Nella cartella <TOMCAT_HOME>/webapps creare le seguenti cartelle e file:<TOMCAT_HOME>/webapps/APP1 <TOMCAT_HOME>/webapps/APP1/index.jsp <TOMCAT_HOME>/webapps/APP1/WEB-INF <TOMCAT_HOME>/webapps/APP1/WEB-INF/web.xmlIl file index.jsp e' il seguente:
<%@page contentType="text/html" import="java.util.*" pageEncoding="UTF-8"%> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Prova Shibboleth</title> </head> <body> <B>Request Method: </B><%=request.getMethod() %><BR> <B>Request URI: </B><%=request.getRequestURI() %><BR> <B>Request Protocol: </B><%=request.getProtocol() %><BR> <TABLE BORDER=1 ALIGN=CENTER> <TR BGCOLOR=\"#FFAD00\"> <TH>Header Name<TH>Header Value <% Enumeration headerNames = request.getHeaderNames(); while(headerNames.hasMoreElements()) { String headerName = (String)headerNames.nextElement(); out.println("<TR><TD>" + headerName); out.println(" <TD>" + request.getHeader(headerName)); } %> </TABLE> <a href="https://www.debian1.server/Shibboleth.sso/Logout">Logout</a> </body> </html>Il file web.xml e' il seguente:
<?xml version="1.0" encoding="UTF-8"?> <web-app> <session-config> <session-timeout> 30 </session-timeout> </session-config> <welcome-file-list> <welcome-file> index.jsp </welcome-file> <welcome-file> index.html </welcome-file> </welcome-file-list> </web-app>Riavviare tomcat e provare ad accedere al seguente indirizzo:
http://www.debian1.server:8180/APP1/
Configurazione del IPD
I file da modificare sono i seguenti:shibboleth-idp/conf/attribute-filter.xml shibboleth-idp/conf/attribute-resolver.xml shibboleth-idp/conf/handler.xml shibboleth-idp/conf/login.config1) Modificare il file attribute-filter.xml:
<afp:AttributeFilterPolicy id="myLDAP"> <afp:PolicyRequirementRule xsi:type="basic:ANY" /> <afp:AttributeRule attributeID="uid"> <afp:PermitValueRule xsi:type="basic:ANY" /> </afp:AttributeRule> </afp:AttributeFilterPolicy> <afp:AttributeFilterPolicy id="rolesLDAP"> <afp:PolicyRequirementRule xsi:type="basic:ANY" /> <afp:AttributeRule attributeID="ruolo"> <afp:PermitValueRule xsi:type="basic:ANY" /> </afp:AttributeRule> </afp:AttributeFilterPolicy>2) Modificare il file attribute-resolver.xml
<resolver:AttributeDefinition xsi:type="ad:Simple" id="uid" sourceAttributeID="uid"> <resolver:Dependency ref="myLDAP" /> <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:uid" /> <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition xsi:type="ad:Simple" id="ruolo" sourceAttributeID="cn"> <resolver:Dependency ref="rolesLDAP" /> <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:ruolo" /> <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:1.1.2.1" friendlyName="cn" /> </resolver:AttributeDefinition>Aggiungere subito dopo il seguente commento il codice:
<resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory" ldapURL="ldap://localhost" baseDN="ou=people,dc=debian1,dc=server" principal="cn=admin,dc=debian1,dc=server" principalCredential="sviluppo"> <dc:FilterTemplate> <![CDATA[ (uid=$requestContext.principalName) ]]> </dc:FilterTemplate> </resolver:DataConnector> <resolver:DataConnector id="rolesLDAP" xsi:type="dc:LDAPDirectory" ldapURL="ldap://localhost" baseDN="ou=roles,dc=debian1,dc=server" principal="cn=admin,dc=debian1,dc=server" principalCredential="sviluppo" mergeResults="true" maxResultSize="30"> <dc:FilterTemplate> <![CDATA[ (&(objectclass=groupOfUniqueNames)(uniqueMember=uid=$requestContext.principalName)) ]]> </dc:FilterTemplate> <dc:ReturnAttributes>cn</dc:ReturnAttributes> </resolver:DataConnector>3) Modificare il file handler.xml
<!-- Login Handlers <ph:LoginHandler xsi:type="ph:RemoteUser"> <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod></ph:LoginHandler>-->Decommentare il seguente codice: <ph:LoginHandler xsi:type="ph:UsernamePassword" jaasConfigurationLocation="file:///mnt/programs/shibboleth-idp/conf/login.config"> <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod></ph:LoginHandler>4) Modificare il file login.config
edu.vt.middleware.ldap.jaas.LdapLoginModule required host="localhost" port="389" base="ou=people,dc=debian1,dc=server" ssl="false" userField="uid";