...
登录mgmt.carsi.edu.cn自服务系统,“我的CARSI”-“我的IdP”下载安装脚本:idp_install_script.zip。解压后为:idp512-openeuler-anolisos-jetty11-install.sh(如需4.1.7安装脚本,请发邮件到carsi@pku.edu.cn),如下图所示:sh,如下图所示:
使用carsi用户登录IdP服务器并下载以下脚本和软件,存放在同一个目录下。
...
Code Block | ||||
---|---|---|---|---|
| ||||
[carsi@www ~]$ sudo sh ./idp512-openeuler-anolisos-jetty11-install.sh Install shibboleth idp at 2024.04.22 15:18:24 Shibboleth IdP 5.1.12 is installing. Script Version v5.1.12 Checking Internet access... Check Internet access success! Setting timezone... Install tar ... Install zip and unzip... Testing installing envirenment... Check shibboleth idp installation file success! Check Jetty installation file success! |
...
如果机器从IdP v3版本升级到新版本,可能会提示另外准备安装环境并退出。请根据IdP512: 将IdP 从v3.4.3/v3.4.7/v4.1.7/v4.3.1升级到v5x升级到v5.1.2,进行新版本安装。
Code Block | ||||
---|---|---|---|---|
| ||||
You are upgrading IdP from 3.4.7 to 5.1.1 . We suggest to setup suitable environment to install IdP 5.1.1 but don't upgrade from the old system. If you still insist to upgrade the old system to IdP 5.1.1, please make sure you have made a backup of data. You will take some risks for the installation. |
注意:如果IdP已经上线,需要升级,强烈建议在新环境重新安装。新系统安装成功后拷贝老系统credentials和metadata目录下文件,完成配置和调试,以减少新老系统切换对IdP服务的影响。重装后如何恢复IdP请参考IdP512: IdP备份恢复及高可用方案。
2.2 安装java、nginx、Jetty基础软件
...
Code Block | ||||
---|---|---|---|---|
| ||||
Installing shibbolet idp... INFO - Skipping non-existent resource: class path resource [-Didp.src.dir=../shibboleth-identity-provider-5.1.2] Installation Directory: [/opt/shibboleth-idp] ? #确认安装路径,直接回车 install: INFO - New Install. Version: 5.1.2 Host Name: [idp.xxx.edu.cn] ? #确认是服务器hostname是否正确,一般会设置hostname和IdP域名一致,此处可能显示IP地址,如果出现IP地址,请手动输入IdP服务器域名 INFO - Creating idp-signing, CN = idp.xxx.edu.cn URI = https:/idp.xxx.edu.cn/idp/shibboleth, keySize=3072 INFO - Creating idp-encryption, CN = idp.xxx.edu.cn URI = https://idp.xxx.edu.cn/idp/shibboleth, keySize=3072 INFO - Creating backchannel keystore, CN = idp.xxx.edu.cn URI = https://idp.xxx.edu.cn/idp/shibboleth, keySize=3072 INFO - Creating Sealer KeyStore INFO - No existing versioning property, initializing... SAML EntityID: [https://idp.xxx.edu.cn/idp/shibboleth] ? #确认是正确的EntityID,主要检查域名是否正确,无误后回车(不需要输入Y),如果不是,请手动输入EntityID,注意中间不要有空格 Attribute Scope: [xxx.edu.cn] ? #确认是正确的学校域名,无误后回车,如果不是,请手动设置学校域名,比如:pku.edu.cn INFO - Initializing OpenSAML using the Java Services API INFO - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmlenc#ripemd160 INFO - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 INFO - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 INFO - Including auto-located properties in /opt/shibboleth-idp/conf/admin/admin.properties INFO - Including auto-located properties in /opt/shibboleth-idp/conf/authn/authn.properties INFO - Including auto-located properties in /opt/shibboleth-idp/conf/c14n/subject-c14n.properties INFO - Including auto-located properties in /opt/shibboleth-idp/conf/ldap.properties INFO - Including auto-located properties in /opt/shibboleth-idp/conf/saml-nameid.properties INFO - Including auto-located properties in /opt/shibboleth-idp/conf/services.properties INFO - Creating Metadata to /opt/shibboleth-idp/metadata/idp-metadata.xml INFO - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 5.1.2 INFO - Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp INFO - Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp INFO - Creating war file /opt/shibboleth-idp/war/idp.war INFO - Including auto-located properties in /opt/shibboleth-idp/bin/../conf/admin/admin.properties INFO - Including auto-located properties in /opt/shibboleth-idp/bin/../conf/authn/authn.properties INFO - Including auto-located properties in /opt/shibboleth-idp/bin/../conf/c14n/subject-c14n.properties INFO - Including auto-located properties in /opt/shibboleth-idp/bin/../conf/ldap.properties INFO - Including auto-located properties in /opt/shibboleth-idp/bin/../conf/saml-nameid.properties INFO - Including auto-located properties in /opt/shibboleth-idp/bin/../conf/services.properties Enabling idp.intercept.Consent... conf/intercept/consent-intercept-config.xml created views/intercept/attribute-release.vm created views/intercept/terms-of-use.vm created [OK] |
...
Code Block | ||||
---|---|---|---|---|
| ||||
RebuildingInstalling nashorn plugin and rebuilding /opt/shibboleth-idp/war/idp.war Buildfile: INFO - Including auto-located properties in /opt/shibboleth-idp/bin/build.xml build-war: Installation Directory: [/../conf/admin/admin.properties INFO - Including auto-located properties in /opt/shibboleth-idp] ? #直接回车 INFO [net.shibboleth.idp.installer.BuildWar:103] - Rebuilding/bin/../conf/authn/authn.properties INFO - Including auto-located properties in /opt/shibboleth-idp/war/idp.war, Version 5.1.1 INFO [net.shibboleth.idp.installer.BuildWar:113] - Initial populate frombin/../conf/c14n/subject-c14n.properties INFO - Including auto-located properties in /opt/shibboleth-idp/bin/../dist/webapp toconf/ldap.properties INFO - Including auto-located properties in /opt/shibboleth-idp/bin/webpapp.tmp INFO [net.shibboleth.idp.installer.BuildWar:92] - Overlay from../conf/saml-nameid.properties INFO - Including auto-located properties in /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp INFO [net.shibboleth.idp.installer.BuildWar:125] - Creating war file /opt/shibboleth-idp/war/idp.war BUILD SUCCESSFUL Total time: 4 seconds restarting Jetty... Jetty restartedbin/../conf/services.properties INFO - Downloading from HTTPResource [http://shibboleth.net/downloads/identity-provider/plugins/scripting/2.0.0/idp-plugin-nashorn-jdk-dist-2.0.0.tar.gz] .................................... INFO - Downloading from HTTPResource [http://shibboleth.net/downloads/identity-provider/plugins/scripting/2.0.0/idp-plugin-nashorn-jdk-dist-2.0.0.tar.gz.asc] INFO - Plugin net.shibboleth.idp.plugin.nashorn: Trust store folder does not exist, creating INFO - Plugin net.shibboleth.idp.plugin.nashorn: Trust store does not exist, creating INFO - TrustStore does not contain signature 0x1483F262A4B3FF0 Accept this key: Signature: 0x1483F262A4B3FF0 FingerPrint: 4AF4D83EEDDF43DA3C06CB3101483F262A4B3FF0 Username: Rod Widdowson <rdw@steadingsoftware.com> [yN] y #接受插件的安装,输入y INFO - Installing Plugin 'net.shibboleth.idp.plugin.nashorn' version 2.0.0 INFO - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 5.1.2 INFO - Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp INFO - Overlay from /opt/shibboleth-idp/dist/plugin-webapp to /opt/shibboleth-idp/webpapp.tmp INFO - Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp INFO - Creating war file /opt/shibboleth-idp/war/idp.war restarting Jetty... Jetty restarted download filefornginx2 success! Generating RSA private key, 2048 bit long modulus (2 primes) ....+++++ ...............................+++++ e is 65537 (0x010001) Signature ok subject=C = CN, ST = BeiJing, L = BeiJing, O = xxx, OU = xxx, CN = idp.xxx.edu.cn Getting CA Private Key restarting nginx... nginx restarted... shibboleth idp installed success! |