Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

1. 向CARSI联盟上传IdP Metadata

        登陆 CARSI会员自服务系统 用户名为申请时填的学校域名,密码为申请时填的项目负责人的手机号。

       在“我的CARSI→我的IdP”中,选择“上传Metadata”,上传本校idp系统的/opt/shibboleth-idp/metadata/idp-metadata.xml文件。上传成功后该页面会显示“已提供”。
(请新安装部署IdPv5.1.2版本的学校注意,此版本metadata文件有个小bug,上传之前请手动修改一下,否则会影响到后期使用。在idp-metadata.xml文件的第104行,在Location=“https://idpxxx.edu.cn/idp/profile/SAML2/POST/SSO” 的idp前缺少一个“/”, 请添加,请参考下面的示例)

原来错误的如下:
104 <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp512-cas.pku.edu.cnidp/profile/SAML2/POST/SSO" />

修改为:
104 <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp512-cas.pku.edu.cn/idp/profile/SAML2/POST/SSO" />

升级安装的学校不需要修改,升级安装的学校需要使用原来旧系统的元数据,不会上传此文件。

2. 上传Metadata后,下载CARSI预上线环境metadata

[carsi@www ~]$ sudo curl -o /opt/shibboleth-idp/metadata/carsifed-metadata-pre.xml  https://www.carsi.edu.cn/carsimetadata/carsifed-metadata-pre.xml

[carsi@www ~]$ sudo systemctl restart jetty

注:重启jetty需要1分钟左右。可以用下述方式查看一下IdP状态,如果出现IdP运行信息,则说明IdP启动成功。

[carsi@www ~]$ sudo /opt/shibboleth-idp/bin/status.sh
### Operating Environment Information
operating_system: Linux
operating_system_version: 4.18.0-193.el8.x86_64
operating_system_architecture: amd64
jdk_version: 11.0.9
available_cores: 8
used_memory: 156 MB
maximum_memory: 1954 MB

### Identity Provider Information
idp_version: 3.4.7
start_time: 2020-11-11T09:01:50+08:00
current_time: 2020-11-11T09:01:52+08:00
uptime: 2116 ms

service: shibboleth.LoggingService
last successful reload attempt: 2020-11-10T07:15:51Z
last reload attempt: 2020-11-10T07:15:51Z

service: shibboleth.ReloadableAccessControlService
last successful reload attempt: 2020-11-10T07:17:02Z
last reload attempt: 2020-11-10T07:17:02Z

service: shibboleth.MetadataResolverService
last successful reload attempt: 2020-11-10T07:16:57Z
last reload attempt: 2020-11-10T07:16:57Z

        metadata source: HTTPMetadata
        last refresh attempt: 2020-11-11T00:54:38Z
        last successful refresh: 2020-11-11T00:54:38Z
        last update: 2020-11-11T00:17:07Z
        root validUntil: 2020-12-09T00:11:15Z

service: shibboleth.RelyingPartyResolverService
last successful reload attempt: 2020-11-10T07:16:52Z
last reload attempt: 2020-11-10T07:16:52Z

service: shibboleth.NameIdentifierGenerationService
last successful reload attempt: 2020-11-10T07:16:52Z
last reload attempt: 2020-11-10T07:16:52Z

service: shibboleth.AttributeResolverService
last reload attempt: 2020-11-11T00:46:52Z
last failure cause: net.shibboleth.utilities.java.support.service.ServiceException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myLDAP': Invocation of init method failed; nested exception is net.shibboleth.utilities.java.support.component.ComponentInitializationException: Data Connector 'myLDAP': Invalid connector configuration

service: shibboleth.AttributeFilterService
last successful reload attempt: 2020-11-10T07:16:10Z
last reload attempt: 2020-11-10T07:16:10Z
  • No labels