Differences

This shows you the differences between two versions of the page.

--- docpublic:systemes:shibboleth:idpv5xa9 [2024/05/29 20:38]
adminjp [external CAS auth]
+++ docpublic:systemes:shibboleth:idpv5xa9 [2024/06/27 16:47] (current)
adminjp [Scripted Attributes]
@@ Line 5: / Line 5: @@
   - https://shibboleth.atlassian.net/wiki/spaces/IDP5/overview
   - https://www.ukfederation.org.uk/content/News/2023-10-24-c-Shib-IdPv5-Release
+  - https://services.renater.fr/federation/documentation/guides-installation/idp5/index
+  - https://docs.tuakiri.ac.nz/identity_providers/upgrading_a_4_x_idp_to_5_x
 ===== requirements =====
@@ Line 505: / Line 507: @@
 </code>
-==== Attributes Filter ====
-  * https://shibboleth.atlassian.net/wiki/spaces/IDP5/pages/3199510442/HttpClientConfiguration
-  * https://shibboleth.atlassian.net/wiki/spaces/IDP5/pages/3199507990/HTTPResource
 ===== external CAS auth =====
@@ Line 588: / Line 586: @@
 </code>
+===== Attributes Definition =====
+https://shibboleth.atlassian.net/wiki/spaces/IDP5/pages/3199510514/AttributeRegistryConfiguration
+==== ajout d'attributs  Supann ====
+nous definitions nos attributs Supann dans un fichier XML : {{ :docpublic:systemes:shibboleth:supann.xml |}}
+puis on les charge avec les autres (eduPerson, Schac ...) via// conf/attributes/default-rules.xml//
+<code>
+[root@idp5 attributes]# vim default-rules.xml
+[root@idp5 attributes]# grep supann.xml default-rules.xml
+    <import resource="supann.xml" />
+</code>
+==== Attributes Filter ====
+  * https://shibboleth.atlassian.net/wiki/spaces/IDP5/pages/3199510442/HttpClientConfiguration
+  * https://shibboleth.atlassian.net/wiki/spaces/IDP5/pages/3199507990/HTTPResource
+==== Scripted Attributes ====
+  * https://shibboleth.atlassian.net/wiki/spaces/IDP5/pages/3199510349/ScriptTypeConfiguration
+=> //Scripting Language
+The default scripting language is JavaScript (language=”javascript”). Therefore all of the sample scripts are written in JavaScript, which is based on the ECMAScript standard. As the IdP requires Java versions new enough that no scripting engines are provided, it is required to install one of the plugins provided by the project to supply either a Nashorn or Rhino engine to implement the default language//
+depuis les versions recentes de Java , il n'y a plus d'interpreteur de javascript par defaut, sans chargement d'un interpreteur, la definition d'un ScriptedAttribute provoque l'erreur:
+<code>
+Error creating bean with name 'eduPersonEntitlement': Cannot create inner bean '(inner bean)#4c69826d' of type [net.shibboleth.shared.spring.factory.EvaluableScriptFactoryBean] while setting bean property 'script'
+Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#4c69826d': No scripting engine associated with scripting language javascript
+</code>
+ il faut installer un interpreteur via un plugin, voici les 2 interpreteurs disponibles sous forme de plugin
+<code>
+[root@idp5 bin]# ./plugin.sh -L | grep -E  'nashorn|rhino'
+Plugin net.shibboleth.idp.plugin.rhino: version 2.0.0 available for install
+Plugin net.shibboleth.idp.plugin.nashorn: version 2.0.0 available for install
+</code>
+=== installation interpreteur nashorn ===
+  * https://shibboleth.atlassian.net/wiki/spaces/IDPPLUGINS/pages/1374027996/Nashorn
+<code>
+[root@idp5 bin]# ./plugin.sh -I net.shibboleth.idp.plugin.nashorn
+INFO  - Downloading from HTTPResource [http://shibboleth.net/downloads/identity-provider/plugins/scripting/2.0.0/idp-plugin-nashorn-jdk-dist-2.0.0.tar.gz]
+....................................
+INFO  - Downloading from HTTPResource [http://shibboleth.net/downloads/identity-provider/plugins/scripting/2.0.0/idp-plugin-nashorn-jdk-dist-2.0.0.tar.gz.asc]
+INFO  - Plugin net.shibboleth.idp.plugin.nashorn: Trust store folder does not exist, creating
+INFO  - Plugin net.shibboleth.idp.plugin.nashorn: Trust store does not exist, creating
+INFO  - TrustStore does not contain signature 0x1483F262A4B3FF0
+Accept this key:
+Signature:	0x1483F262A4B3FF0
+FingerPrint:	4AF4D83EEDDF43DA3C06CB3101483F262A4B3FF0
+Username:	Rod Widdowson <rdw@steadingsoftware.com>
+ [yN] y
+INFO  - Installing Plugin 'net.shibboleth.idp.plugin.nashorn' version 2.0.0
+INFO  - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 5.1.2
+INFO  - Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
+INFO  - Overlay from /opt/shibboleth-idp/dist/plugin-webapp to /opt/shibboleth-idp/webpapp.tmp
+INFO  - Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
+INFO  - Creating war file /opt/shibboleth-idp/war/idp.war
+</code>
+le re-build de idp.war provoque un auto-re-deploiement et rechargement de l'application shibboleth-idp dans tomcat
+<code>
+-06-23 19:33:37,763 -  - INFO [net.shibboleth.shared.spring.service.ReloadableSpringService:426] - Service 'shibboleth.ManagedBeanService': Reload complete
+-06-23 19:33:37,763 -  - INFO [net.shibboleth.shared.service.AbstractReloadableService:198] - Service 'shibboleth.ManagedBeanService': Reload interval set to: PT15M, starting refresh thread
+-06-23 19:33:37,884 -  - DEBUG [net.shibboleth.idp.admin.impl.ReportModuleStatus:86] - Checking required modules for plugin net.shibboleth.idp.plugin.nashorn
+-06-23 19:33:37,928 -  - INFO [net.shibboleth.idp.admin.impl.LogImplementationDetails:57] - Shibboleth IdP Version 5.1.2
+-06-23 19:33:37,929 -  - INFO [net.shibboleth.idp.admin.impl.LogImplementationDetails:58] - Java version='17.0.11' vendor='Red Hat, Inc.'
+-06-23 19:33:37,930 -  - INFO [net.shibboleth.idp.admin.impl.LogImplementationDetails:73] - Plugins:
+-06-23 19:33:37,931 -  - INFO [net.shibboleth.idp.admin.impl.LogImplementationDetails:75] - 		net.shibboleth.idp.plugin.nashorn : v2.0.0
+-06-23 19:33:37,934 -  - INFO [net.shibboleth.idp.admin.impl.LogImplementationDetails:93] - Enabled Modules:
+-06-23 19:33:37,935 -  - INFO [net.shibboleth.idp.admin.impl.LogImplementationDetails:95] - 		Core IdP Functions (Required)
+-06-23 19:33:37,935 -  - INFO [net.shibboleth.idp.admin.impl.LogImplementationDetails:95] - 		Command Line Scripts
+-06-23 19:33:37,935 -  - INFO [net.shibboleth.idp.admin.impl.LogImplementationDetails:95] - 		Overlay Tree for WAR Build
+-06-23 19:33:37,935 -  - INFO [net.shibboleth.idp.admin.impl.LogImplementationDetails:95] - 		Password Authentication
+-06-23 19:33:37,935 -  - INFO [net.shibboleth.idp.admin.impl.LogImplementationDetails:95] - 		Hello World
+-06-23 19:33:38,409 -  - INFO [net.shibboleth.idp.admin.impl.ReportUpdateStatus:136] - No upgrade available from 5.1.2
+-06-23 19:33:38,410 -  - INFO [net.shibboleth.idp.admin.impl.ReportUpdateStatus:147] - Version 5.1.2 is current
+</code>
+===== attributes Consent =====
+https://shibboleth.atlassian.net/wiki/spaces/IDP5/pages/3199509862/ConsentConfiguration
+<code>
+[root@idp5 shibboleth-idp]#  bin/module.sh -t idp.intercept.Consent || bin/module.sh -e idp.intercept.Consent
+INFO  - Including auto-located properties in bin/../conf/services.properties
+INFO  - Including auto-located properties in bin/../conf/authn/authn.properties
+INFO  - Including auto-located properties in bin/../conf/admin/admin.properties
+INFO  - Including auto-located properties in bin/../conf/c14n/subject-c14n.properties
+INFO  - Including auto-located properties in bin/../conf/ldap.properties
+INFO  - Including auto-located properties in bin/../conf/saml-nameid.properties
+INFO  - Including auto-located properties in bin/../conf/services.properties
+INFO  - Including auto-located properties in bin/../conf/authn/authn.properties
+INFO  - Including auto-located properties in bin/../conf/admin/admin.properties
+INFO  - Including auto-located properties in bin/../conf/c14n/subject-c14n.properties
+INFO  - Including auto-located properties in bin/../conf/ldap.properties
+INFO  - Including auto-located properties in bin/../conf/saml-nameid.properties
+Enabling idp.intercept.Consent...
+	conf/intercept/consent-intercept-config.xml created
+	views/intercept/attribute-release.vm created
+	views/intercept/terms-of-use.vm created
+[OK]
+</code>

docpublic/systemes/shibboleth/idpv5xa9.1717015136.txt.gz · Last modified: 2024/05/29 20:38 by adminjp

Show page Old revisions

[unknown link type]Back to top