Oidc workbook

Da sia.
Vai alla navigazione Vai alla ricerca

OIDC OP notes

java

   apt-get install default-jdk-headless

set JAVA_HOME and IDP_HOME in /etc/zsh/zshenv:

   export IDP_HOME=/opt/shibboleth-idp
   export JAVA_HOME=/usr/lib/jvm/latest

set non-blocking entropy source

   securerandom.source=file:/dev/urandom

in

   /etc/java-11-openjdk/security/java.security

jetty

Collect example files:

   cd ~ && git clone -b 10 https://git.shibboleth.net/git/java-idp-jetty-base
   cd java-idp-jetty-base/src/main/resources/jetty-base
   cp -v webapps/idp.xml /opt/jetty-base/webapps/
   cp -v modules/idp.mod /opt/jetty-base/modules/
   

Comment in idp.mod https and ssl. Edit idp.xml in webapps for correct war path.

From $JETTY_BASE:

   $ java -jar /opt/jetty-home/start.jar --add-module=logging-logback
   $ java -jar /opt/jetty-home/start.jar --add-module=hhtp
   $ java -jar /opt/jetty-home/start.jar --add-module=http-forwarded


jetty systemd service:

[Unit]
Description=Eclipse Jetty http server
After=network.target

[Service]
#PrivateTmp=true
#PIDFile=/run/jetty.pid
Type=simple
#Environment=JAVA_HOME=/usr/jvm/lib/latest
Environment=JETTY_BASE=/opt/jetty-base/
#User=jetty
#Group=jetty
ExecStart=/opt/jetty-home/bin/jetty.sh run
ExecStop=/opt/jetty-home/bin/jetty.sh stop

[Install]
WantedBy=multi-user.target

IdP installation

   sudo ./bin/install.sh -Didp.keysize=4096

apache2 reverse proxy

   $ sudo a2enmod proxy_http

At this time you should be able to connect to https://oidcop.unimore.it/idp/shibboleth and peek metadata.

Authentication

Start with Password authentication:

   bin/module.sh -t idp.authn.Password || bin/module.sh -e idp.authn.Password

then check LDAP authentication:

Attribute resolver

Basic configuration up to admin/hello page

Configure ui