Versions Compared

Old Version 7

changes.mady.by.user carsi_pku_team

Saved on

compared with

New Version 8

changes.mady.by.user carsi_pku_team

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

        服务于教学科研的应用系统,通过https://www.carsi.edu.cn/reg 在线提交CARSI加入申请,选择成为“SP会员”。

        Applications serving for education and research, please apply CARSI membership through https://www.carsi.edu.cn/reg , apply to be a SP member。

...

        1. Please contact 2 CARSI IdP members, a SP member must have 2 full members as the referrer, CARSI needs the confirmations from these 2 IdP members before approving your membership.

        2. 请仔细阅读https://www.carsi.edu.cn/join_zh.htm 页文件。

...

Code Block
languagexml
borderStylesolid
<SSO discoveryProtocol="SAMLDS" discoveryURL="https://dspre.carsi.edu.cn/dspreds/index.html">
               SAML2
</SSO>

...

Code Block
languagexml
borderStylesolid
#通过yum源的方式安装(install through yum)
[root@www ~]# wget http://download.opensuse.org/repositories/security://shibboleth/CentOS_7/security:shibboleth.repo -P /etc/yum.repos.d
[root@www ~]# yum install shibboleth
[root@www ~]# systemctl start shibd  
[root@www ~]# systemctl enable shibd
[root@www ~]# systemctl restart httpd

#配置SP受保护资源目录(config producted dir)
[root@www ~]# vi /etc/httpd/conf.d/shib.conf
#line 49
<Location /secure> /secure 指的是受保护资源的目录,按照需要自行修改  protected dir, change it based on your demand

#配置SP entityID(config SP Entity ID)
[root@www ~]# vi /etc/shibboleth/shibboleth2.xml

#将(replace):
ApplicationDefaults entityID="https://sp.example.org/shibboleth"
#改为(with):
ApplicationDefaults entityID="https://[sp域名]/shibboleth"

#将(replace)
<SSO entityID="https://idp.example.org/idp/shibboleth" discoveryProtocol="SAMLDS" discoveryURL="https://ds.example.org/DS/WAYF">
               SAML2
</SSO>
#改为(with)
<SSO discoveryProtocol="SAMLDS" discoveryURL="https://dspre.carsi.edu.cn/dspreds/index.html">
               SAML2
</SSO>

#在<ApplicationDefaults>代码块内增加(/etc/shibboleth/carsifed-metadata-pre.xml为待生成的metadata备份文件)    Add in <ApplicationDefaults> block(/etc/shibboleth/carsifed-metadata-pre.xml is the backup metadata file to be generated)

<MetadataProvider type="XML" url="https://www.carsi.edu.cn/carsimetadata/carsifed-metadata-pre.xml"            
backingFilePath="/etc/shibboleth/carsifed-metadata-pre.xml" legacyOrgNames="true" reloadInterval="600" >
</MetadataProvider>

[root@www ~]# systemctl start shibd  
[root@www ~]# systemctl enable shibd
[root@www ~]# systemctl restart httpd

...

        收到上线成功邮件,意味着该SP metadata已合并到CARSI联盟的线上环境metadata中:https://www.carsi.edu.cn/carsimetadata/carsifed-metadata.xml。您需将SP的MetadataProvider从同步预上线环境metadata文件 https://www.carsi.edu.cn/carsimetadata/carsifed-metadata-pre.xml 修改为同步该文件, 将所有引用预上线环境的DS(https://dspre.carsi.edu.cn/dspreds/index.html)的地方改为引用线上环境DS (https://ds.carsi.edu.cn/ds/index.html)。

        Once your have received online notification email, it means the SP metadata is merged to CARSI online production environment: https://www.carsi.edu.cn/carsimetadata/carsifed-metadata.xml. Now you need to change your SP MetadataProvider form synchronizing https://www.carsi.edu.cn/carsimetadata/carsifed-metadata-pre.xml (pre-production) to this one, and change any reference to CARSI DS from https://dspre.carsi.edu.cn/dspreds/index.html (pre-production) to https://ds.carsi.edu.cn/ds/index.html (production).

...