Mudanças entre as edições de "Shibboleth"
Ir para navegação
Ir para pesquisar
() |
|||
| Linha 8: | Linha 8: | ||
proxy_ajp | proxy_ajp | ||
ssl | ssl | ||
| + | |||
| + | === VirtualHost === | ||
| + | <pre> | ||
| + | <IfModule mod_ssl.c> | ||
| + | <VirtualHost *:443> | ||
| + | ServerName vitrinedadosabertos.rnp.br | ||
| + | ServerAdmin renefgj@gmail.com | ||
| + | # ErrorLog ${APACHE_LOG_DIR}/error.log | ||
| + | # CustomLog ${APACHE_LOG_DIR}/access.log combined | ||
| + | DocumentRoot "/var/www/html/" | ||
| + | |||
| + | ProxyPass /s1 ! | ||
| + | ProxyPass /dataview ! | ||
| + | ProxyPass /dvn ! | ||
| + | ProxyPass /Shibboleth.sso ! | ||
| + | # ProxyPass | ||
| + | |||
| + | |||
| + | Alias "/s1/" "/var/www/html/s2" | ||
| + | Alias "/dataview/" "/data/DataView/public/" | ||
| + | |||
| + | <Directory "/data/DataView/public/"> | ||
| + | Options Indexes FollowSymLinks MultiViews | ||
| + | AllowOverride None | ||
| + | Order allow,deny | ||
| + | allow from all | ||
| + | Require all granted | ||
| + | </Directory> | ||
| + | |||
| + | SSLCertificateKeyFile /etc/letsencrypt/live/vitrinedadosabertos.rnp.br/privkey.pem | ||
| + | Include /etc/letsencrypt/options-ssl-apache.conf | ||
| + | |||
| + | # don't pass paths used by Shibboleth to Payara | ||
| + | ProxyPassMatch ^/Shibboleth.sso ! | ||
| + | ProxyPassMatch ^/shibboleth-ds ! | ||
| + | # pass everything else to Payara | ||
| + | ProxyPass / ajp://localhost:8009/ | ||
| + | |||
| + | <Location /shib.xhtml> | ||
| + | AuthType shibboleth | ||
| + | ShibRequestSetting requireSession 1 | ||
| + | require valid-user | ||
| + | </Location> | ||
| + | </VirtualHost> | ||
| + | </IfModule> | ||
== Instalando o Java == | == Instalando o Java == | ||
Edição das 02h09min de 1 de setembro de 2022
Índice
Shibboleth
[[1]]
Instalando o Apache2
Mods
shib proxy proxy_ajp ssl
VirtualHost
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName vitrinedadosabertos.rnp.br
ServerAdmin renefgj@gmail.com
# ErrorLog ${APACHE_LOG_DIR}/error.log
# CustomLog ${APACHE_LOG_DIR}/access.log combined
DocumentRoot "/var/www/html/"
ProxyPass /s1 !
ProxyPass /dataview !
ProxyPass /dvn !
ProxyPass /Shibboleth.sso !
# ProxyPass
Alias "/s1/" "/var/www/html/s2"
Alias "/dataview/" "/data/DataView/public/"
<Directory "/data/DataView/public/">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
Require all granted
</Directory>
SSLCertificateKeyFile /etc/letsencrypt/live/vitrinedadosabertos.rnp.br/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
# don't pass paths used by Shibboleth to Payara
ProxyPassMatch ^/Shibboleth.sso !
ProxyPassMatch ^/shibboleth-ds !
# pass everything else to Payara
ProxyPass / ajp://localhost:8009/
<Location /shib.xhtml>
AuthType shibboleth
ShibRequestSetting requireSession 1
require valid-user
</Location>
</VirtualHost>
</IfModule>
Instalando o Java
apt-get install default-jdk -y
java --version
Download 4.1.4
wget https://shibboleth.net/downloads/identity-provider/4.1.4/shibboleth-identity-provider-4.1.4.tar.gz
tar -xvzf shibboleth-identity-provider-4.1.4.tar.gz
cd shibboleth-identity-provider-4.1.4/bin
./install.sh
chown -R payara /opt/shibboleth-idp
Ubuntu
apt install shibd
Install
Create a self-signed certificate(SSL).
sudo mkdir /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
APT Install
sudo apt-get install libapache2-mod-shib2
Now set the shibboleth certificate using the following command.
sudo shib-keygen -h localhost
openssl x509 -text -noout -in /etc/shibboleth/sp-cert.pem
Open the shibboleth SP configuration file.
sudo nano /etc/shibboleth/shibboleth2.xml
IdP
* Embrapa
* Fiocruz
* Metadata Cafe
* Search IdP
