Mudanças entre as edições de "Shibboleth"
Ir para navegação
Ir para pesquisar
(→IdP) |
|||
| Linha 162: | Linha 162: | ||
* [https://cafe.ufra.edu.br/idp/shibboleth UFRA] | * [https://cafe.ufra.edu.br/idp/shibboleth UFRA] | ||
* [https://met.refeds.org/ Search IdP] | * [https://met.refeds.org/ Search IdP] | ||
| + | * [https://idp.rnp.br/idp/shibboleth RNP] | ||
Edição das 06h46min de 22 de dezembro de 2022
Índice
Shibboleth Testes
DiscoFeed
Shibboleth
[[1]]
[https://samltest.id/download/]
apt install shibboleth-sp-utils
Para testar
shibd -t
Instalando o Apache2
apt-get install libapache2-mod-shib2 a2enmod shib
apt install mod_proxy a2enmod proxy_ajp
Configurações do Apache2
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName vitrinedadosabertos.rnp.br
ServerAdmin renefgj@gmail.com
# ErrorLog ${APACHE_LOG_DIR}/error.log
# CustomLog ${APACHE_LOG_DIR}/access.log combined
DocumentRoot "/var/www/html/"
#
ProxyPass /s1 !
ProxyPass /dataview !
ProxyPass /dvn !
ProxyPass /Shibboleth.sso !
# ProxyPass
<Directory "/var/www/dataverse/branding/">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
Require all granted
</Directory>
#
SSLCertificateFile /etc/letsencrypt/live/vitrinedadosabertos-dev.rnp.br/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/vitrinedadosabertos-dev.rnp.br/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
#
# don't pass paths used by Shibboleth to Payara
ProxyPassMatch ^/Shibboleth.sso !
ProxyPassMatch ^/shibboleth-ds !
# pass everything else to Payara
ProxyPass / ajp://localhost:8009/
<Location /shib.xhtml>
AuthType shibboleth
ShibRequestSetting requireSession 1
require valid-user
</Location>
</VirtualHost>
</IfModule>
Mods
shib proxy proxy_ajp ssl
Veja o hostname
VirtualHost
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName vitrinedadosabertos.rnp.br
ServerAdmin renefgj@gmail.com
# ErrorLog ${APACHE_LOG_DIR}/error.log
# CustomLog ${APACHE_LOG_DIR}/access.log combined
DocumentRoot "/var/www/html/"
ProxyPass /s1 !
ProxyPass /dataview !
ProxyPass /dvn !
ProxyPass /Shibboleth.sso !
# ProxyPass
Alias "/s1/" "/var/www/html/s2"
Alias "/dataview/" "/data/DataView/public/"
<Directory "/data/DataView/public/">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
Require all granted
</Directory>
SSLCertificateKeyFile /etc/letsencrypt/live/vitrinedadosabertos.rnp.br/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
# don't pass paths used by Shibboleth to Payara
ProxyPassMatch ^/Shibboleth.sso !
ProxyPassMatch ^/shibboleth-ds !
# pass everything else to Payara
ProxyPass / ajp://localhost:8009/
<Location /shib.xhtml>
AuthType shibboleth
ShibRequestSetting requireSession 1
require valid-user
</Location>
</VirtualHost>
</IfModule>
Instalando o Java
apt-get install default-jdk -y
java --version
Download 4.1.4
wget https://shibboleth.net/downloads/identity-provider/4.2.1/shibboleth-identity-provider-4.2.1.tar.gz
tar -xvzf shibboleth-identity-provider-4.2.1.tar.gz
cd shibboleth-identity-provider-4.2.1/bin
./install.sh
chown -R payara /opt/shibboleth-idp
Ubuntu
apt install shibd
Install AJP
$PAYARA/bin/asadmin create-network-listener --protocol http-listener-1 --listenerport 8009 --jkenabled true jk-connector
Install
Create a self-signed certificate(SSL).
sudo mkdir /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
APT Install
sudo apt-get install libapache2-mod-shib2
Now set the shibboleth certificate using the following command.
sudo shib-keygen -h localhost
openssl x509 -text -noout -in /etc/shibboleth/sp-cert.pem
Open the shibboleth SP configuration file.
sudo nano /etc/shibboleth/shibboleth2.xml
Gerar Certificado Local
Arquivo:Keygen.zip
Testar Erros
shibd -t
Ver os logs
pico /var/log/shibboleth/shibd.log
IdP
* Embrapa
* Fiocruz
* Metadata Cafe
* UFRA
* Search IdP
* RNP
