shibboleth
リポジトリ取得
> wget http://download.opensuse.org/repositories/security://shibboleth/CentOS_5/security:shibboleth.repo > sudo cp security\:shibboleth.repo /etc/yum.repos.d/shibboleth.repo
GPG鍵取得
> wget http://shibboleth.internet2.edu/downloads/KEYS > gpg --import KEYS; gpg --fingerprint 0x7D0A1B3D > sudo rpm --import KEYS
shibboleth インストール
> sudo yum install shibboleth Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: shibboleth i386 2.3.1-1.3 security_shibboleth 1.2 M Installing for dependencies: log4shib i386 1.0.4-1.3 security_shibboleth 82 k opensaml i386 2.3-1.9 security_shibboleth 1.2 M unixODBC i386 2.2.11-7.1 base 832 k xerces-c i386 3.0.1-6.3 security_shibboleth 1.3 M xml-security-c i386 1.5.1-4.3 security_shibboleth 447 k xmltooling i386 1.3.3-1.2 security_shibboleth 747 k Transaction Summary ============================================================================= Install 7 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 5.7 M Is this ok [y/N]: y
shibdの起動と,apacheへの適用
(基本的に再起動するのみ)
> /sbin/service shibd start > /sbin/service httpd restart
アサーション署名用のSelfSign証明書,鍵の準備
openssl req -new -keyout credentials/sp-key.pem -newkey rsa:1024 -nodes
-out /etc/shibboleth/credentials/sp-cert.p10
-subj "/C=JP/O=ABC/OU=XYZ/OU=sp/CN=xxx.xxx.xx.xx"
openssl x509 -req -in credentials/sp-cert.p10 -signkey credentials/sp-key.pem
-days 3650 -out /etc/shibboleth/sp-cert.pem
メタデータの取得
> wget --no-proxy http://localhost/shib/Metadata
---
update at 2018/03/02 22:04:51
※注:当サイトは特定環境において確認できた事象のみを記述しています。他の環境での動作は一切保証しません。