LPS:Java-idp-webauth-login-handler
Z HelpDesk
Webauth Login Handler Installation instructions
Requirements
Installation and configuration
Download and build the source (replace X.0 with the last stable version, e.g.: "tags/1.0"):
svn export https://subversds.d..........zcu.cz cd java-idp-webauth-login-handler mvn package
IdP - Configuration
Copy the .jar file to the installation folder:
cp target/webauth-login-handler-X.0.jar $IDP_INSTALL_DIR/lib
Configuring the server (tomcat)
In the web-application you have to enable the Webauth login servlet. You do that in $IDP_INSTALL_DIR/src/main/webapp/WEB-INF/web.xml:
<webapp> (...) <servlet> <servlet-name>WebauthLoginServlet</servlet-name> <servlet-class>cz.zcu.civ.idp.webauth.WebauthLoginServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>WebauthLoginServlet</servlet-name> <url-pattern>/Authn/Webauth</url-pattern> </servlet-mapping> (...) </webapp>
handler.xml configuration
Configure the handler.xml at:
- new install: $IDP_INSTALL_DIR/src/installer/resources/conf-tmpl/handler.xml
- reinstall: $IDP_DIR/conf/handler.xml
<ProfileHandlerGroup xmlns= "urn:mace:shibboleth:2.0:idp:profile-handler"
(...)
xmlns:krb="http://www.switch.ch/aai/idp/kerberos" xsi:schemaLocation=" urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd
(...)
http://www.switch.ch/aai/idp/kerberos classpath:/schema/kerberos-login-handler.xsd ">
(...)
<ph:LoginHandler xsi:type="krb:KERBEROS" kerberosCfg="/opt/kerberos/krb5.conf" customUnauthorized="/opt/shibboleth-identityprovider-2.2.0/src/main/webapp/unauthorized.html" > <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos</ph:AuthenticationMethod> <krb:Realm domain="DOMAIN_A.COM"> <krb:principal>HTTP/aai-logon.domain_a.com@DOMAIN_A.COM</krb:principal> <krb:keytab>/opt/kerberos/http_domainA.keytab</krb:keytab> </krb:Realm>
<krb:Realm domain="DOMAIN_B.COM"> <krb:principal>HTTP/aai-logon.domain_b.com@DOMAIN_B.COM</krb:principal> <krb:keytab>/opt/kerberos/http_domainB.keytab</krb:keytab> </krb:Realm> </ph:LoginHandler>
(...) </ProfileHandlerGroup>