Changes between Version 4 and Version 5 of spiam2018
- Timestamp:
- Sep 12, 2018, 11:15:52 AM (6 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
spiam2018
v4 v5 3 3 Installation assumes you have already installed Ubuntu Server 18.04 with default configuration and has a public IP connectivity with DNS setup 4 4 5 Lets Assume your server hostname as '''sp. YOUR-DOMAIN'''5 Lets Assume your server hostname as '''sp.instXY.ac.lk''' 6 6 7 7 All commands are to be run as root and you may use `sudo su` to become root … … 19 19 }}} 20 20 {{{ 21 127.0.0.1 sp. YOUR-DOMAINsp22 }}} 23 (Replace `sp. YOUR-DOMAIN` with your sp FQDN)21 127.0.0.1 sp.instXY.ac.lk sp 22 }}} 23 (Replace `sp.instXY.ac.lk` with your sp FQDN) 24 24 25 25 == Install Shibboleth Service Provider == … … 45 45 * 46 46 {{{ 47 vim /etc/systemd/system/shibd.service.d/override.conf `47 vim /etc/systemd/system/shibd.service.d/override.conf 48 48 }}} 49 49 {{{ … … 64 64 65 65 5. These configurations are based for test purposes with self generated ssl certificates. 66 If you have purchased ssl certificate from a commercial CA substitute those with the self signed files. If you wish to get '''letsencrypt''' certificates//Skip //to '''Step 10'''.66 If you have purchased ssl certificate from a commercial CA substitute self signed files with those. If you wish to get '''letsencrypt''' certificates on your production, //Skip //to '''Step 10'''. 67 67 68 68 Create a Certificate and a Key self-signed for HTTPS: … … 78 78 SSLStaplingCache shmcb:/var/run/ocsp(128000) 79 79 <VirtualHost _default_:443> 80 ServerName sp. YOUR-DOMAIN:44381 ServerAdmin admin@ YOUR-DOMAIN80 ServerName sp.instXY.ac.lk:443 81 ServerAdmin admin@instXY.ac.lk 82 82 DocumentRoot /var/www/html 83 83 ... … … 102 102 SSLCertificateFile /etc/ssl/certs/ssl-sp.crt 103 103 SSLCertificateKeyFile /etc/ssl/private/ssl-sp.key 104 SSLCertificateChainFile /root/certificates/ssl-ca.pem104 #SSLCertificateChainFile /root/certificates/ssl-ca.pem 105 105 ... 106 106 </VirtualHost> … … 149 149 {{{ 150 150 <VirtualHost *:80> 151 ServerName "sp. YOUR-DOMAIN"152 Redirect permanent "/" "https://sp. YOUR-DOMAIN/"153 RedirectMatch permanent ^/(.*)$ https://sp. YOUR-DOMAIN/$1151 ServerName "sp.instXY.ac.lk" 152 Redirect permanent "/" "https://sp.instXY.ac.lk/" 153 RedirectMatch permanent ^/(.*)$ https://sp.instXY.ac.lk/$1 154 154 </VirtualHost> 155 155 }}} 156 10. '''Let'sencrypt''' setup (//Skip this step if you already configured SSL with self signed or CA provided certificates//) 156 10. '''Let'sencrypt''' setup (//Skip this step if you already configured SSL with self signed or CA provided certificates//) (Optional) 157 157 158 158 Disable the default configuration … … 182 182 <VirtualHost *:80> 183 183 184 ServerName sp. YOUR-DOMAIN184 ServerName sp.instXY.ac.lk 185 185 ServerAdmin YOUR-Email 186 186 DocumentRoot /var/www/html … … 199 199 * 200 200 {{{ 201 systemctl reload apache2 `201 systemctl reload apache2 202 202 }}} 203 203 Install Letsencypt and enable https … … 205 205 add-apt-repository ppa:certbot/certbot 206 206 apt install python-certbot-apache 207 certbot --apache -d sp. YOUR-DOMAIN207 certbot --apache -d sp.instXY.ac.lk 208 208 }}} 209 209 {{{ 210 210 Plugins selected: Authenticator apache, Installer apache 211 211 Enter email address (used for urgent renewal and security notices) (Enter 'c' to 212 cancel): YOU@ YOUR-DOMAIN212 cancel): YOU@instXY.ac.lk 213 213 214 214 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - … … 230 230 Obtaining a new certificate 231 231 Performing the following challenges: 232 http-01 challenge for sp. YOUR_DOMAIN232 http-01 challenge for sp.instXY.ac.lk 233 233 Waiting for verification... 234 234 Cleaning up challenges … … 251 251 252 252 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 253 Congratulations! You have successfully enabled https://sp. YOUR-DOMAIN253 Congratulations! You have successfully enabled https://sp.instXY.ac.lk 254 254 255 255 }}} … … 271 271 {{{ 272 272 ... 273 <ApplicationDefaults entityID="https://sp. YOUR-DOMAIN/shibboleth"273 <ApplicationDefaults entityID="https://sp.instXY.ac.lk/shibboleth" 274 274 REMOTE_USER="eppn persistent-id targeted-id"> 275 275 ... … … 309 309 * 310 310 {{{ 311 https://sp. YOUR-DOMAIN/Shibboleth.sso/Metadata312 }}} 313 (change `sp. YOUR-DOMAIN` to you SP full qualified domain name)311 https://sp.instXY.ac.lk/Shibboleth.sso/Metadata 312 }}} 313 (change `sp.instXY.ac.lk` to you SP full qualified domain name) 314 314 16. Register you SP on LEARN test federation: 315 315 * Go to `https://fr-training.ac.lk/rr3/providers/sp_registration` and continue registration with pasting the content of your metadata file … … 352 352 <body> 353 353 <p> 354 <a href="https:// YOUR-DOMAIN/privacy.html">Privacy Policy</a>354 <a href="https://www.instXY.ac.lk/privacy.html">Privacy Policy</a> 355 355 </p> 356 356 <?php … … 391 391 392 392 393 To initiate, create a button or link to go to a URL on the SP of the form: https://sp. example.org/Shibboleth.sso/Logout394 395 The SLO would use an asynchronous message to the IdP and the flow would end at the IdP Logout page. The user would be returned to the return URL only if the SLO is done in synchronous mode and the flow returns back to the SP. To set the return URL, pass it in the return parameter as a query string to the Logout initiator - e.g.: https://sp. example.org/Shibboleth.sso/Logout?return=https://sp.example.org/logout-completed.html393 To initiate, create a button or link to go to a URL on the SP of the form: https://sp.instXY.ac.lk/Shibboleth.sso/Logout 394 395 The SLO would use an asynchronous message to the IdP and the flow would end at the IdP Logout page. The user would be returned to the return URL only if the SLO is done in synchronous mode and the flow returns back to the SP. To set the return URL, pass it in the return parameter as a query string to the Logout initiator - e.g.: https://sp.instXY.ac.lk/Shibboleth.sso/Logout?return=https://sp.instXY.ac.lk/logout-completed.html
