Changes between Version 18 and Version 19 of idpiam2018

Timestamp:

Sep 12, 2018, 10:51:16 AM (6 years ago)

Author:

admin

Comment:

--

idpiam2018

@@ -3 +3 @@
 Installation assumes you have already installed Ubuntu Server 18.04 with default configuration and has a public IP connectivity with DNS setup
 
-Lets Assume your server hostname as '''idp.YOUR-DOMAIN'''
+Lets Assume your server hostname as '''idp.instXY.ac.lk'''
 
 All commands are to be run as root and you may use `sudo su` to become root
@@ -18 +18 @@
 }}}  
     {{{
-     127.0.0.1 idp.YOUR-DOMAIN idp
+     127.0.0.1 idp.instXY.ac.lk idp
     }}}
 
-   (Replace `idp.YOUR-DOMAIN` with your IdP FQDN)
+   (Replace `idp.instXY.ac.lk` with your IdP FQDN)
 
 3. Define the costants `JAVA_HOME` and `IDP_SRC` inside `/etc/environment`:
@@ -112 +112 @@
    Installation Directory: [/opt/shibboleth-idp]
    Hostname: [localhost.localdomain]
-   idp.YOUR-DOMAIN
-   SAML EntityID: [https://idp.YOUR-DOMAIN/idp/shibboleth]
+   idp.instXY.ac.lk
+   SAML EntityID: [https://idp.instXY.ac.lk/idp/shibboleth]
    Attribute Scope: [localdomain]
-   YOUR-DOMAIN
+   instXY.ac.lk
    Backchannel PKCS12 Password: ###PASSWORD-FOR-BACKCHANNEL###
    Re-enter password:           ###PASSWORD-FOR-BACKCHANNEL###
@@ -172 +172 @@
 {{{
    <VirtualHost *:80>
-     ServerName idp.YOUR-DOMAIN
-     ServerAdmin admin@YOUR-DOMAIN
+     ServerName idp.instXY.ac.lk
+     ServerAdmin admin@instXY.ac.lk
      DocumentRoot /var/www/html
    </VirtualHost>
@@ -218 +218 @@
       SSLStaplingCache        shmcb:/var/run/ocsp(128000)
       <VirtualHost _default_:443>
-        ServerName idp.YOUR-DOMAIN:443
+        ServerName idp.instXY.ac.lk:443
         ServerAdmin admin@example.org
         DocumentRoot /var/www/html
@@ -270 +270 @@
 {{{
    <VirtualHost *:80>
-        ServerName "idp.YOUR-DOMAIN"
-        Redirect "/" "https://idp.YOUR-DOMAIN/"
+        ServerName "idp.instXY.ac.lk"
+        Redirect "/" "https://idp.instXY.ac.lk/"
    </VirtualHost>
 }}}
@@ -286 +286 @@
 * 
 {{{
-   certbot --apache -d idp.YOUR-DOMAIN
+   certbot --apache -d idp.instXY.ac.lk
 }}}
    
@@ -292 +292 @@
    Plugins selected: Authenticator apache, Installer apache
    Enter email address (used for urgent renewal and security notices) (Enter 'c' to
-   cancel): YOU@YOUR-DOMAIN
+   cancel): YOU@instXY.ac.lk
 
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -312 +312 @@
    Obtaining a new certificate
    Performing the following challenges:
-   http-01 challenge for idp.YOUR-DOMAIN
+   http-01 challenge for idp.instXY.ac.lk
    Waiting for verification...
    Cleaning up challenges
@@ -333 +333 @@
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-   Congratulations! You have successfully enabled https://idp.YOUR-DOMAIN
+   Congratulations! You have successfully enabled https://idp.instXY.ac.lk
 }}}
   
@@ -431 +431 @@
 * 
 {{{
-   https://idp.YOUR-DOMAIN/idp/shibboleth
+   https://idp.instXY.ac.lk/idp/shibboleth
 }}}
 (you should see the IdP metadata)
@@ -714 +714 @@
 {{{
        idp.authn.LDAP.authenticator = bindSearchAuthenticator
-       idp.authn.LDAP.ldapURL = ldap://ldap.example.org:389
+       idp.authn.LDAP.ldapURL = ldap://idp.instXY.ac.lk:389
        idp.authn.LDAP.useStartTLS = true
        idp.authn.LDAP.useSSL = false
@@ -731 +731 @@
 {{{
        idp.authn.LDAP.authenticator = bindSearchAuthenticator
-       idp.authn.LDAP.ldapURL = ldap://ldap.example.org:389
+       idp.authn.LDAP.ldapURL = ldap://idp.instXY.ac.lk:389
        idp.authn.LDAP.useStartTLS = false
        idp.authn.LDAP.useSSL = false
@@ -797 +797 @@
 
         – Remove the endpoint:
-          <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.YOUR-DOMAIN:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
+          <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.instXY.ac.lk:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
           (and modify the index value of the next one to “1”)
 
@@ -810 +810 @@
 
         - Remove the endpoint: 
-          <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.YOUR-DOMAIN/idp/profile/Shibboleth/SSO"/>        
+          <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.instXY.ac.lk/idp/profile/Shibboleth/SSO"/>        
         - Remove all ":8443" from the existing URL (such port is not used anymore)
         
         - Uncomment SingleLogoutService:
         
-          <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.YOUR-DOMAIN/idp/profile/SAML2/Redirect/SLO"/>
-          <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.YOUR-DOMAIN/idp/profile/SAML2/POST/SLO"/>
-          <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://idp.YOUR-DOMAIN/idp/profile/SAML2/POST-SimpleSign/SLO"/>
-          <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.YOUR-DOMAIN/idp/profile/SAML2/SOAP/SLO"/>
+          <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.instXY.ac.lk/idp/profile/SAML2/Redirect/SLO"/>
+          <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.instXY.ac.lk/idp/profile/SAML2/POST/SLO"/>
+          <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://idp.instXY.ac.lk/idp/profile/SAML2/POST-SimpleSign/SLO"/>
+          <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.instXY.ac.lk/idp/profile/SAML2/SOAP/SLO"/>
 
 
@@ -828 +828 @@
 
         - Remove the comment from:
-          <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.YOUR-DOMAIN/idp/profile/SAML2/SOAP/AttributeQuery"/>
+          <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.instXY.ac.lk/idp/profile/SAML2/SOAP/AttributeQuery"/>
         - Remove the endpoint: 
-          <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.YOUR-DOMAIN:8443/idp/profile/SAML1/SOAP/AttributeQuery"/>
+          <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.instXY.ac.lk:8443/idp/profile/SAML1/SOAP/AttributeQuery"/>
 
         - Remove all ":8443" from the existing URL (such port is not used anymore)
@@ -838 +838 @@
 * 
 {{{
-https://idp.YOUR-DOMAIN/idp/shibboleth
+https://idp.instXY.ac.lk/idp/shibboleth
 }}}
 33. Register you IdP on the test Federation:
@@ -881 +881 @@
 }}}
 * Retrive the Federation Certificate used to verify its signed metadata:
-*  `wget https://fr-training.ac.lk/metadata-signer -O /opt/shibboleth-idp/metadata/federation-cert.pem'
+*  `wget https://fr-training.ac.lk/metadata-signer -O /opt/shibboleth-idp/metadata/federation-cert.pem`
     
   
@@ -979 +979 @@
 Besides the logo, the login page (and several other pages) display a toolbox on the right with placeholders for links to password-reset and help-desk pages, these can be customized by adding following to the `/opt/shibboleth-idp/messages/messages.properties`
 {{{
-idp.url.password.reset = http://helpdesk.YOUR-DOMAIN/ChangePassword/
-idp.url.helpdesk = http://help.YOUR-DOMAIN/
+idp.url.password.reset = http://helpdesk.instXY.ac.lk/ChangePassword/
+idp.url.helpdesk = http://help.instXY.ac.lk/
 }}}
 Alternatively, it is also possible to hide the whole toolbox (the whole element) from all of the relevant pages (essentially, login.vm and all (three) logout pages: logout.vm, logout-complete.vm and logout.propagate). This can be easily done by adding the following CSS snippet into /opt/shibboleth-idp/edit-webapp/css/main.css: