×
热搜: 高考 专业 大学 考生 考试 招生
导航菜单
首页 >  用户访问指南IdP添加指南模板User Visit Guide IdP  > 2. 自建Shibboleth SP接入(Joining CARSI for Shibboleth SP)

2. 自建Shibboleth SP接入(Joining CARSI for Shibboleth SP)

2024-11-09 09:52:190 次浏览 投稿
技术调试前需做的准备(Preparation before technical debug):

        1.请确保已完成CARSI SP申请和接入流程 (CARSI SP joining process)的前七个步骤(第一步~第七步)。

        1.Please ensure that you have completed Steps 1 to 7 of CARSI SP申请和接入流程 (CARSI SP joining process).

        2.请仔细阅读 CARSI基本调试要求(CARSI Basic Debugging Requirements)。

        2.Please read CARSI基本调试要求(CARSI Basic Debugging Requirements) carefully.

       

技术调试 (Technical debug with CARSI):1. 向CARSI联盟提交SP配置信息(Add SP info into CARSI)

        审批通过后,登陆 CARSI会员自服务系统。

        Once the membership is approved, login CARSI Online Helpdesk.

     

  在“我的CARSI->SP管理”中,选择“添加SP”,按照提示完成添加 SP并上传metadata文件。

        On MyCarsi->SP Mgmt(SAML) page, click Add SP, follow the hints to add your SP and its metadata.

        添加完SP后,该SP即合并到CARSI联盟的预上线环境metadata中:https://www.carsi.edu.cn/carsimetadata/carsifed-metadata-pre.xml。

        Once added, the metadata of this SP would be merged into CARSI pre-production environment: https://www.carsi.edu.cn/carsimetadata/carsifed-metadata-pre.xml.

        请将此metadata加入到SP本地的MetadataProvider中,可参考以下步骤进行配置:

        Please configure your SP to use this metadata in MetadataProvider, for example:

        a. 将SSO配置为CARSI的SAMLDS服务:

        a. set SSO discoveryURL to be CARSI SAMLDS service (pre-production):

SAML2

        b. 添加CARSI的metadata到MetadataProvider中:

        b. Add CARSI pre-production metadata to MetadataProvider:

        这是一个新安装SP的环境配置,仅供参考:

        These are the steps for installing a new SP, just for your reference:

#通过yum源的方式安装(install through yum)[root@www ~]# wget http://download.opensuse.org/repositories/security://shibboleth/CentOS_7/security:shibboleth.repo -P /etc/yum.repos.d[root@www ~]# yum install shibboleth[root@www ~]# systemctl start shibd [root@www ~]# systemctl enable shibd[root@www ~]# systemctl restart httpd#配置SP受保护资源目录(config producted dir)[root@www ~]# vi /etc/httpd/conf.d/shib.conf#line 49 /secure 指的是受保护资源的目录,按照需要自行修改 protected dir, change it based on your demand#配置SP entityID(config SP Entity ID)[root@www ~]# vi /etc/shibboleth/shibboleth2.xml#将(replace):ApplicationDefaults entityID="https://sp.example.org/shibboleth"#改为(with):ApplicationDefaults entityID="https://[sp域名]/shibboleth"#将(replace)SAML2#改为(with)SAML2#在代码块内增加(/etc/shibboleth/carsifed-metadata-pre.xml为待生成的metadata备份文件)Add in block(/etc/shibboleth/carsifed-metadata-pre.xml is the backup metadata file to be generated)[root@www ~]# systemctl start shibd [root@www ~]# systemctl enable shibd[root@www ~]# systemctl restart httpd2.在预上线环境进行认证测试(Test on pre-production environment)

        访问待测试SP应用的CARSI登录

相关推荐:

栏目热门
最新标签