Changes between Version 10 and Version 11 of idpiam2018
- Timestamp:
- Sep 3, 2018, 8:35:45 AM (6 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
idpiam2018
v10 v11 403 403 }}} 404 404 16. Create the Apache2 configuration file for IdP: 405 * 405 * 406 406 {{{ 407 407 vim /etc/apache2/sites-available/idp-proxy.conf … … 421 421 }}} 422 422 17. Enable '''proxy_ajp''' apache2 module and the new IdP site: 423 * 423 * 424 424 {{{ 425 425 a2enmod proxy_ajp 426 426 }}} 427 * 427 * 428 428 {{{ 429 429 a2ensite idp-proxy.conf 430 430 }}} 431 * 431 * 432 432 {{{ 433 433 service apache2 restart 434 434 }}} 435 435 18. Modify '''context.xml''' to prevent error of //lack of persistence of the session objects// created by the IdP : 436 * 436 * 437 437 {{{ 438 438 vim /etc/tomcat8/context.xml … … 440 440 and remove the comment from: `<Manager pathname="" />` 441 441 19. Restart Tomcat8: 442 * 442 * 443 443 {{{ 444 444 service tomcat8 restart 445 445 }}} 446 446 20. Verify if the IdP works by opening this page on your browser: 447 * 447 * 448 448 {{{ 449 449 https://idp.YOUR-DOMAIN/idp/shibboleth … … 454 454 455 455 21. Find out the JARs that can be skipped from the scanning: 456 * 456 * 457 457 {{{ 458 458 cd /opt/shibboleth-idp/ 459 459 }}} 460 * 460 * 461 461 {{{ 462 462 ls webapp/WEB-INF/lib | awk '{print $1",\\"}' 463 463 }}} 464 464 Insert the output list into `/etc/tomcat8/catalina.properties` at the tail of `tomcat.util.scan.StandardJarScanFilter.jarsToSkip` Make sure about the `,\` symbols 465 465 466 466 Restart Tomcat 8: 467 * 467 * 468 468 {{{ 469 469 service tomcat8 restart … … 473 473 474 474 22. Test IdP by opening a terminal and running these commands: 475 * 475 * 476 476 {{{ 477 477 cd /opt/shibboleth-idp/bin 478 478 }}} 479 * 479 * 480 480 {{{ 481 481 ./status.sh … … 484 484 485 485 23. Install '''MySQL Connector Java''' and other useful libraries used by Tomcat for MySQL DB (if you don't have them already): 486 * 486 * 487 487 {{{ 488 488 apt-get install mysql-server libmysql-java libcommons-dbcp-java libcommons-pool-java 489 489 }}} 490 * 490 * 491 491 {{{ 492 492 cd /usr/share/tomcat8/lib/ 493 493 }}} 494 * 494 * 495 495 {{{ 496 496 ln -s ../../java/mysql.jar mysql-connector-java.jar 497 497 }}} 498 * 498 * 499 499 {{{ 500 500 ln -s ../../java/commons-pool.jar commons-pool.jar 501 501 }}} 502 * 502 * 503 503 {{{ 504 504 ln -s ../../java/commons-dbcp.jar commons-dbcp.jar 505 505 }}} 506 * 506 * 507 507 {{{ 508 508 ln -s ../../java/tomcat-jbcp.jar tomcat-jbcp.jar … … 511 511 512 512 24. Rebuild the '''idp.war''' of Shibboleth with the new libraries: 513 * 513 * 514 514 {{{ 515 515 cd /opt/shibboleth-idp/ ; ./bin/build.sh … … 586 586 All done! 587 587 }}} 588 * log in to your MySQL Server: `mysql -u root -p' 588 * log in to your MySQL Server: `mysql -u root -p'` 589 589 {{{ 590 590 SET NAMES 'utf8'; … … 628 628 * Restart mysql service: `service mysql restart' 629 629 26. Enable the generation of the `persistent-id` (this replace the deprecated attribute //eduPersonTargetedID//) 630 * 630 * 631 631 {{{ 632 632 vim /opt/shibboleth-idp/conf/saml-nameid.properties … … 646 646 }}} 647 647 * Enable the '''SAML2PersistentGenerator''': 648 * 648 * 649 649 {{{ 650 650 vim /opt/shibboleth-idp/conf/saml-nameid.xml 651 651 }}} 652 Remove the comment from the line containing: 652 Remove the comment from the line containing: 653 * 653 654 {{{ 654 655 <ref bean="shibboleth.SAML2PersistentGenerator" /> 655 656 }}} 656 * 657 * 657 658 {{{ 658 659 vim /opt/shibboleth-idp/conf/c14n/subject-c14n.xml … … 700 701 701 702 * Modify the IdP configuration file: 702 * 703 * 703 704 {{{ 704 705 vim /opt/shibboleth-idp/conf/idp.properties
