/
安装IdP3.4.7(脚本安装第3/11步)
安装IdP3.4.7(脚本安装第3/11步)
1.下载安装脚本和相应的软件
CentOS7系统进行以下操作
注意:脚本只能在CentOS7的操作系统下运行,运行前请务必确认文件md5值一致
[root@www ~]# curl -O https://ds.carsi.edu.cn/install/CentOS7/idp3script [root@www ~]# curl -O https://ds.carsi.edu.cn/install/shibboleth-identity-provider-3.4.7.tar.gz [root@www ~]# curl -O https://ds.carsi.edu.cn/install/apache-tomcat-9.0.39.tar.gz #确认所下载文件的md5,核对md5值是否一致,如果不一致请重新下载文件 [root@www ~]# md5sum idp3script;md5sum shibboleth-identity-provider-3.4.7.tar.gz;md5sum apache-tomcat-9.0.39.tar.gz d80af09fe52116f3ef14b1f4285bd0a9 idp3script cccd7c819166e15c02ea3dab67c4bae3 shibboleth-identity-provider-3.4.7.tar.gz 6fec9dfb94a2a24cb117681cafc2c73b apache-tomcat-9.0.39.tar.gz #赋予脚本可执行权限 [root@www ~]# chmod 755 idp3script
CentOS8系统进行以下操作
注意:脚本只能在CentOS8的操作系统下运行,运行前请务必确认文件md5值一致
[root@www ~]# curl -O https://ds.carsi.edu.cn/install/CentOS8/idp3script [root@www ~]# curl -O https://ds.carsi.edu.cn/install/shibboleth-identity-provider-3.4.7.tar.gz [root@www ~]# curl -O https://ds.carsi.edu.cn/install/apache-tomcat-9.0.39.tar.gz #确认所下载文件的md5,核对md5值是否一致,如果不一致请重新下载文件 [root@www ~]# md5sum idp3script;md5sum shibboleth-identity-provider-3.4.7.tar.gz;md5sum apache-tomcat-9.0.39.tar.gz 5a27d02ef0b7456bf0d5aacb4392ed38 idp3script cccd7c819166e15c02ea3dab67c4bae3 shibboleth-identity-provider-3.4.7.tar.gz 6fec9dfb94a2a24cb117681cafc2c73b apache-tomcat-9.0.39.tar.gz #赋予脚本可执行权限 [root@www ~]# chmod 755 idp3script
2.登录mgmt.carsi.edu.cn获取脚本授权码
进入我的CARSI->我的IdP,获取授权码。
3.安装IdP
3.1 运行环境测试
[root@www ~]# ./idp3script Beginning installing shibboleth idp 2020.11.10 15:03:09 This script is using to installing shibboleth idp 3.4.7 copyright @ Peking University Script Version v3.8.1 Checking Internet access... Internet access success! Checking script version... The current version is already up to date
3.2 验证授权码
You can get your license code by login mgmt.carsi.edu.cn, my carsi->my idp Please enter your license code: #输入license code,登录mgmt.carsi.edu.cn,进入我的CARSI,我的IdP获取CARSI IdP授权码 idp domain should be same with mgmt.carsi.edu.cn, my carsi->my idp Please enter your idp domain name: #输入idp域名,与mgmt.carsi.edu.cn,我的CARSI,我的IdP中的域名一致 license code is ok Setting timezone... Testing installing envirenment... Testing shibboleth idp installing tar success! Testing apache tomcat installing tar success!
3.3 选择是否备份IdP,如果机器之前安装过IdP,会提示是否需要重装,请根据实际情况进行选择。
You have installed shibboleth idp in /opt/shibboleth-idp, do you want to reinstall it? 1.reinstall shibboleth idp without backup #重装idp 2.backup and reinstall shibboleth idp #备份并重装idp 3.exit Please enter your choice:
注意:如果IdP已经上线,用脚本对IdP进行重装,请选择2备份并重装IdP,会在安装路径生成IdP备份压缩文件,重装后如何恢复IdP请参考IdP3.4.7备份恢复及高可用方案。
3.4 安装java、nginx、tomcat运行环境
Installing java... download fileforjava1 success! Installing nginx... download filefornginx1 success! download filefornginx2 success! download filefornginx3 success! download filefornginx4 success! Closing seclinux... Installing apache tomcat... download filefortomcat1 success! download filefortomcat2 success! download filefortomcat3 success!
3.5 安装IdP
Installing shibbolet idp... Source (Distribution) Directory (press <enter> to accept default): [/root/inst/shibboleth-identity-provider-3.4.7] #回车 Installation Directory: [/opt/shibboleth-idp] #回车 Hostname: [idp.xxx.edu.cn] enter #确认是修改后的域名,无误后回车,如果不是,请手动输入idp域名 SAML EntityID: [https://域名/idp/shibboleth] #默认回车 Attribute Scope: [xxx.edu.cn] #输入学校域名,如xxx.edu.cn 回车 Backchannel PKCS12 Password: #创建后台证书密码 Re-enter password: #再输入一遍 Cookie Encryption Key Password: #创建Cookie加密密码 Re-enter password: #再输入一遍 Warning: /opt/shibboleth-idp/bin does not exist. Warning: /opt/shibboleth-idp/dist does not exist. Warning: /opt/shibboleth-idp/doc does not exist. Warning: /opt/shibboleth-idp/system does not exist. Warning: /opt/shibboleth-idp/webapp does not exist. Generating Signing Key, CN = 域名 URI = https://域名/idp/shibboleth ... ...done Creating Encryption Key, CN = 域名 = https://域名/idp/shibboleth ... ...done Creating Backchannel keystore, CN = 域名 URI = https://域名/idp/shibboleth ... ...done Creating cookie encryption key files... ...done Rebuilding /opt/shibboleth-idp/war/idp.war ... ...done BUILD SUCCESSFUL Total time: 4 minutes 3 seconds
3.6 选择认证对接方式,根据实际情况选择
Please chosing your idp authentication type... 1.LDAP(easiest way) 2.CAS 3.Oauth2 4.Tencent WeChat Work(企业微信) 5.Tencent Weixiao(腾讯微校) 6.exit Please enter your choice:#选择认证对接的方式 download fileforldap1 success! download fileforldap2 success! download fileforldap3 success! download fileforldap4 success! download fileforall1 success! download fileforall2 success! download fileforall3 success! download fileforall4 success! download fileforall5 success! download fileforall6 success! download fileforall7 success! download fileforall8 success! download fileforall9 success! download fileforall10 success!
3.7 重新编译war,重启nginx和tomcat,防火墙开通80和443端口
Rebuilding /opt/shibboleth-idp/war/idp.war Installation Directory: [/opt/shibboleth-idp] #回车 Rebuilding /opt/shibboleth-idp/war/idp.war ... ...done BUILD SUCCESSFUL Total time: 21 seconds restarting tomcat... tomcat restarted restarting nginx... nginx restarted... opening firewall 443 for https... success opening firewall 80 for http... success reloading firewall... success shibboleth idp installed success!
版权所有©北京大学计算中心