安装IdP3.4.7(脚本安装第3/11步)

1.下载安装脚本和相应的软件

CentOS7系统进行以下操作

注意:脚本只能在CentOS7的操作系统下运行,运行前请务必确认文件md5值一致

[root@www ~]# curl -O https://ds.carsi.edu.cn/install/CentOS7/idp3script
[root@www ~]# curl -O https://ds.carsi.edu.cn/install/shibboleth-identity-provider-3.4.7.tar.gz
[root@www ~]# curl -O https://ds.carsi.edu.cn/install/apache-tomcat-9.0.39.tar.gz
#确认所下载文件的md5,核对md5值是否一致,如果不一致请重新下载文件
[root@www ~]# md5sum idp3script;md5sum shibboleth-identity-provider-3.4.7.tar.gz;md5sum apache-tomcat-9.0.39.tar.gz
d80af09fe52116f3ef14b1f4285bd0a9  idp3script
cccd7c819166e15c02ea3dab67c4bae3  shibboleth-identity-provider-3.4.7.tar.gz
6fec9dfb94a2a24cb117681cafc2c73b  apache-tomcat-9.0.39.tar.gz
#赋予脚本可执行权限
[root@www ~]# chmod 755 idp3script

CentOS8系统进行以下操作

注意:脚本只能在CentOS8的操作系统下运行,运行前请务必确认文件md5值一致

[root@www ~]# curl -O https://ds.carsi.edu.cn/install/CentOS8/idp3script
[root@www ~]# curl -O https://ds.carsi.edu.cn/install/shibboleth-identity-provider-3.4.7.tar.gz
[root@www ~]# curl -O https://ds.carsi.edu.cn/install/apache-tomcat-9.0.39.tar.gz
#确认所下载文件的md5,核对md5值是否一致,如果不一致请重新下载文件
[root@www ~]# md5sum idp3script;md5sum shibboleth-identity-provider-3.4.7.tar.gz;md5sum apache-tomcat-9.0.39.tar.gz
5a27d02ef0b7456bf0d5aacb4392ed38  idp3script
cccd7c819166e15c02ea3dab67c4bae3  shibboleth-identity-provider-3.4.7.tar.gz
6fec9dfb94a2a24cb117681cafc2c73b  apache-tomcat-9.0.39.tar.gz
#赋予脚本可执行权限
[root@www ~]# chmod 755 idp3script

2.登录mgmt.carsi.edu.cn获取脚本授权码

        进入我的CARSI->我的IdP,获取授权码。


3.安装IdP

3.1 运行环境测试

[root@www ~]# ./idp3script
Beginning installing shibboleth idp 2020.11.10 15:03:09
This script is using to installing shibboleth idp 3.4.7 copyright @ Peking University
Script Version v3.8.1
Checking Internet access...
Internet access success!
Checking script version...
The current version is already up to date

3.2 验证授权码

You can get your license code by login mgmt.carsi.edu.cn, my carsi->my idp
Please enter your license code: #输入license code,登录mgmt.carsi.edu.cn,进入我的CARSI,我的IdP获取CARSI IdP授权码
idp domain should be same with mgmt.carsi.edu.cn, my carsi->my idp
Please enter your idp domain name: #输入idp域名,与mgmt.carsi.edu.cn,我的CARSI,我的IdP中的域名一致
license code is ok
Setting timezone...
Testing installing envirenment...
Testing shibboleth idp installing tar success!
Testing apache tomcat installing tar success!

3.3 选择是否备份IdP,如果机器之前安装过IdP,会提示是否需要重装,请根据实际情况进行选择。

You have installed shibboleth idp in /opt/shibboleth-idp, do you want to reinstall it?
1.reinstall shibboleth idp without backup #重装idp
2.backup and reinstall shibboleth idp #备份并重装idp
3.exit
Please enter your choice:

注意:如果IdP已经上线,用脚本对IdP进行重装,请选择2备份并重装IdP,会在安装路径生成IdP备份压缩文件,重装后如何恢复IdP请参考IdP3.4.7备份恢复及高可用方案

3.4 安装java、nginx、tomcat运行环境

Installing java...
download fileforjava1 success!
Installing nginx...
download filefornginx1 success!
download filefornginx2 success!
download filefornginx3 success!
download filefornginx4 success!
Closing seclinux...
Installing apache tomcat...
download filefortomcat1 success!
download filefortomcat2 success!
download filefortomcat3 success!

3.5 安装IdP

Installing shibbolet idp...
Source (Distribution) Directory (press <enter> to accept default): [/root/inst/shibboleth-identity-provider-3.4.7] #回车
Installation Directory: [/opt/shibboleth-idp] #回车
Hostname: [idp.xxx.edu.cn] enter #确认是修改后的域名,无误后回车,如果不是,请手动输入idp域名
SAML EntityID: [https://域名/idp/shibboleth] #默认回车
Attribute Scope: [xxx.edu.cn] #输入学校域名,如xxx.edu.cn 回车
Backchannel PKCS12 Password: #创建后台证书密码
Re-enter password: #再输入一遍
Cookie Encryption Key Password: #创建Cookie加密密码
Re-enter password: #再输入一遍
Warning: /opt/shibboleth-idp/bin does not exist.
Warning: /opt/shibboleth-idp/dist does not exist.
Warning: /opt/shibboleth-idp/doc does not exist.
Warning: /opt/shibboleth-idp/system does not exist.
Warning: /opt/shibboleth-idp/webapp does not exist.
Generating Signing Key, CN = 域名 URI = https://域名/idp/shibboleth ...
...done
Creating Encryption Key, CN = 域名 = https://域名/idp/shibboleth ...
...done
Creating Backchannel keystore, CN = 域名 URI = https://域名/idp/shibboleth ...
...done
Creating cookie encryption key files...
...done
Rebuilding /opt/shibboleth-idp/war/idp.war ...
...done
BUILD SUCCESSFUL
Total time: 4 minutes 3 seconds

3.6 选择认证对接方式,根据实际情况选择

Please chosing your idp authentication type...
1.LDAP(easiest way)
2.CAS
3.Oauth2
4.Tencent WeChat Work(企业微信)
5.Tencent Weixiao(腾讯微校)
6.exit
Please enter your choice:#选择认证对接的方式
download fileforldap1 success!
download fileforldap2 success!
download fileforldap3 success!
download fileforldap4 success!
download fileforall1 success!
download fileforall2 success!
download fileforall3 success!
download fileforall4 success!
download fileforall5 success!
download fileforall6 success!
download fileforall7 success!
download fileforall8 success!
download fileforall9 success!
download fileforall10 success!

3.7 重新编译war,重启nginx和tomcat,防火墙开通80和443端口

Rebuilding /opt/shibboleth-idp/war/idp.war
Installation Directory: [/opt/shibboleth-idp] #回车
Rebuilding /opt/shibboleth-idp/war/idp.war ...
...done
BUILD SUCCESSFUL
Total time: 21 seconds
restarting tomcat...
tomcat restarted
restarting nginx...
nginx restarted...
opening firewall 443 for https...
success
opening firewall 80 for http...
success
reloading firewall...
success
shibboleth idp installed success!

版权所有©北京大学计算中心