准备Metadata

        本部分工作在预上线环境完成。

1. 向CARSI联盟上传IdP Metadata

        登陆 CARSI会员自服务系统 用户名为申请时填的学校域名,密码为申请时填的项目负责人的手机号。

       在“我的CARSI→我的IdP”中,选择“上传Metadata”,上传本校idp系统的/opt/shibboleth-idp/metadata/idp-metadata.xml文件。上传成功后该页面会显示“已提供”。

2.下载CARSI预上线环境metadata

[root@www ~]# curl -o /opt/shibboleth-idp/metadata/carsifed-metadata-pre.xml https://dspre.carsi.edu.cn/carsifed-metadata-pre.xml
[root@www ~]# chown -R tomcat.tomcat /opt/shibboleth-idp
[root@www ~]# systemctl restart tomcat9

注:重启tomcat需要1分钟左右。可以用下述方式查看一下IdP状态,如果出现IdP运行信息,则说明IdP启动成功。

[root@www ~]# curl -k https://localhost/idp/status
### Operating Environment Information
operating_system: Linux
operating_system_version: 4.18.0-193.el8.x86_64
operating_system_architecture: amd64
jdk_version: 11.0.9
available_cores: 8
used_memory: 156 MB
maximum_memory: 1954 MB

### Identity Provider Information
idp_version: 3.4.7
start_time: 2020-11-11T09:01:50+08:00
current_time: 2020-11-11T09:01:52+08:00
uptime: 2116 ms

service: shibboleth.LoggingService
last successful reload attempt: 2020-11-10T07:15:51Z
last reload attempt: 2020-11-10T07:15:51Z

service: shibboleth.ReloadableAccessControlService
last successful reload attempt: 2020-11-10T07:17:02Z
last reload attempt: 2020-11-10T07:17:02Z

service: shibboleth.MetadataResolverService
last successful reload attempt: 2020-11-10T07:16:57Z
last reload attempt: 2020-11-10T07:16:57Z

        metadata source: HTTPMetadata
        last refresh attempt: 2020-11-11T00:54:38Z
        last successful refresh: 2020-11-11T00:54:38Z
        last update: 2020-11-11T00:17:07Z
        root validUntil: 2020-12-09T00:11:15Z

service: shibboleth.RelyingPartyResolverService
last successful reload attempt: 2020-11-10T07:16:52Z
last reload attempt: 2020-11-10T07:16:52Z

service: shibboleth.NameIdentifierGenerationService
last successful reload attempt: 2020-11-10T07:16:52Z
last reload attempt: 2020-11-10T07:16:52Z

service: shibboleth.AttributeResolverService
last reload attempt: 2020-11-11T00:46:52Z
last failure cause: net.shibboleth.utilities.java.support.service.ServiceException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myLDAP': Invocation of init method failed; nested exception is net.shibboleth.utilities.java.support.component.ComponentInitializationException: Data Connector 'myLDAP': Invalid connector configuration

service: shibboleth.AttributeFilterService
last successful reload attempt: 2020-11-10T07:16:10Z
last reload attempt: 2020-11-10T07:16:10Z

版权所有©北京大学计算中心