consortiumgarr / idem-tutorials Goto Github PK
View Code? Open in Web Editor NEWSimple step-by-step tutorials provided by IDEM GARR AAI
Simple step-by-step tutorials provided by IDEM GARR AAI
Hello,
I'm trying to install Shibboleth Idp4.X on CentOS 8. I saw this error when came to the step below:
[root@XXShibboleth ~]# yum install -y java-11-amazon-corretto-devel
Last metadata expiration check: 0:12:44 ago on Wed 28 Oct 2020 03:24:44 PM CST.
No match for argument: java-11-amazon-corretto-devel
Could you please let me know how to fix this?
Thanks,
Peng
There are tutorials for Apache/CentOS: https://github.com/ConsortiumGARR/idem-tutorials/blob/master/idem-fedops/HOWTO-Shibboleth/Service%20Provider/CentOS/HOWTO%20Install%20and%20Configure%20a%20Shibboleth%20SP%20v3.x%20on%20CentOS%207%20(x86_64).md
But, greatly missing Nginx/Cent OS that's a popular combination for many live servers.
Already someone noted it https://stackoverflow.com/questions/49498613/how-to-configure-shibboleth-sp-running-on-nginx-web-server-on-centos-7
(For the sake of record, I tried combination of such tutorials; but none of them builds nginx-http-shibboleth.so
)
hello, this URL is no longer working:
http://www.marcocappellacci.info/repository/nginx_1.10.1-1~jessie_amd64.deb
p.s.: it would be interesting to have scripts to compile the packages for different OSs (namely create rpm and deb).
The following line refers to a Debian/Ubuntu install of Apache (apache2). While the rest of the instructions are for Centos Apache (httpd):
"Modify the file /etc/apache2/sites-available/default-ssl.conf as follows:"
This line et. al. should be changed to "/etc/httpd/sites-available" with mkdir and adding "IncludeOptional sites-enabled/*.conf" to "/etc/httpd/conf/httpd.conf" as the provided instructions will not work.
Dears,
I dont know if anyone encountered this problem before as I am having difficulty solving it.
Debian with Spv3 on apache and tomecat backend is extracting two duplicate attribute values for SchacHoneOrganization and Eppn. Any idea why this is happening two duplicate values instead of one value? Sur name and displayName are working fine.
Also note that IDP is sending one value for each as I have checked it using the aacli script.
Thank you
Ho eseguito passo passo la guida:
HOWTO Install and Configure a Shibboleth IdP v3.4.x on CentOS 7 with Apache2 + Jetty9
Arrivato al punto 11 della sezione "Install Jetty 9 Web Server" denominato "Check if the Apache Welcome page is available:" non ho rilevato alcun servizio apache in esecuzione.
NOTA: Il link per il download di jetty andrebbe modificato in :
Failing package is: shibboleth-3.3.0-1.x86_64
Issue: GPG key is broken
Key URL: https://download.opensuse.org/repositories/security:/shibboleth/CentOS_7/repodata/repomd.xml.key
error on line 1 at column 1: Document is empty
my workaround has been to disable the GPG Keys check
yum install shibboleth --nogpgcheck
This works fine but would be considered a temporary fix.
Errori e miglioramenti notati da Scott Cantor. Processiamoli uno alla volta aprendo una issue per ognuno.
[email protected] Scott Cantor added a comment - 5 days ago
I'll try and cover all the problems here as best I can. I'm not just closing out the bug because I still think it's a bug (though not ours), but this is really more of a "how not to configure the IdP" set of issues.
1. You're using a database for a bunch of things you absolute do NOT want to use one for and don't need to be. I doubt you're even using SAML artifact support, are you? if you don't have a back channel, you can't be. So that doesn't matter much. But you most definitely do NOT want to use a database for sessions. You should use client side sessions unless you can provide a strong argument as to why you shouldn't. We provide the software defaulting to that for a reason.
2. You have the computed ID strategy property there uncommented, so your identifiers must be, for the most, all coming from the original salted hash approach and just being stored in the database that way. You can look at the stored ID table and check, and if they're all long and base64 or base32-encoded, and not just simple UUIDs, then you don't need a database for them at all. Dump the stored ID approach and leave it configured to produce them with the computed approach alone. Major problem solved there.
3. You're sharing the same DataSource bean across two different subsystems when you could easily separate them into two, and have the StoredID support (which you don't need most likely, see #2) separate from the StorageService support. That solves the "nothing works when consent fails" problem. Isolation is good.
4. I still have to assume the problem here is your driver and/or the settings. We don't really provide support for that layer but offhand I don't see anything obvious. Without much more logging, there's really nothing I can say about the driver (other than make sure it's the absolute newest one you can get).
I do think you created the storage service database with the wrong schema, perhaps. The context and key columns have to be be case sensitively handling the primary key constraint, which should make the new records non-conflicting with the originals that had the mixed case. If that's not possible in the database you're using, it can't be used, but I assume it just wasn't created correctly. It could also be a Hibernate limitation, I don't know anything about it, but I'll ask the author. It seems like it must be finding the old records on a case-insensitive search, so that might be the root of it.
After the fact, getting the records updated to fix the mixed case would seem like the obvious fix to me. You can't make it work any other way if it's going to keep failing to create those new records, even if the connections didn't become unstable when it failed.
need to add nano and wget to install
after adding key for nginx sources 'apt-get update' required
nginx 1.16.0 is current build
need instructions for key genertion or link https://www.akadia.com/services/ssh_test_certificate.html
Add metadataprovider should have a pointer to where to add xml it qould be assumed to be inside the 'session' tag but should be outside
the header files aren't moved to the correct dicrectory
Is there any docker implementation coming soon?
I think that the following could be usefull for security reasons
idp.cookie.secure = true
idp.frameoptions = DENY
Opinione di Scott Cantor
But you most definitely do NOT want to use a database for sessions. You should use client side sessions
unless you can provide a strong argument as to why you shouldn't. We provide the software defaulting to that for a reason.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.