Oidc workbook
OIDC OP notes
java
apt-get install default-jdk-headless
set JAVA_HOME and IDP_HOME in /etc/zsh/zshenv:
export IDP_HOME=/opt/shibboleth-idp export JAVA_HOME=/usr/lib/jvm/latest
set non-blocking entropy source
securerandom.source=file:/dev/urandom
in
/etc/java-11-openjdk/security/java.security
jetty
Collect example files:
cd ~ && git clone -b 10 https://git.shibboleth.net/git/java-idp-jetty-base cd java-idp-jetty-base/src/main/resources/jetty-base cp -v webapps/idp.xml /opt/jetty-base/webapps/ cp -v modules/idp.mod /opt/jetty-base/modules/
Comment in idp.mod https and ssl. Edit idp.xml in webapps for correct war path.
From $JETTY_BASE:
$ java -jar /opt/jetty-home/start.jar --add-module=logging-logback $ java -jar /opt/jetty-home/start.jar --add-module=hhtp $ java -jar /opt/jetty-home/start.jar --add-module=http-forwarded
jetty systemd service:
[Unit] Description=Eclipse Jetty http server After=network.target [Service] #PrivateTmp=true #PIDFile=/run/jetty.pid Type=simple #Environment=JAVA_HOME=/usr/jvm/lib/latest Environment=JETTY_BASE=/opt/jetty-base/ #User=jetty #Group=jetty ExecStart=/opt/jetty-home/bin/jetty.sh run ExecStop=/opt/jetty-home/bin/jetty.sh stop [Install] WantedBy=multi-user.target
IdP installation
sudo ./bin/install.sh -Didp.keysize=4096
apache2 reverse proxy
$ sudo a2enmod proxy_http
At this time you should be able to connect to https://oidcop.unimore.it/idp/shibboleth and peek metadata.
Authentication
Start with Password authentication:
bin/module.sh -t idp.authn.Password || bin/module.sh -e idp.authn.Password
then check LDAP authentication: