LPS:Java-idp-webauth-login-handler

Z HelpDesk


Webauth Login Handler Installation instructions

Requirements

Installation and configuration

Download and build the source (replace X.0 with the last stable version, e.g.: "tags/1.0"): 

svn export https://subversds.d..........zcu.cz
cd java-idp-webauth-login-handler
mvn package

IdP - Configuration

Copy the .jar file to the installation folder: 

cp target/webauth-login-handler-X.0.jar $IDP_INSTALL_DIR/lib

Configuring the server (tomcat)

In the web-application you have to enable the Webauth login servlet. You do that in $IDP_INSTALL_DIR/src/main/webapp/WEB-INF/web.xml: 

<webapp>
(...)
  <servlet>
    <servlet-name>WebauthLoginServlet</servlet-name>
    <servlet-class>cz.zcu.civ.idp.webauth.WebauthLoginServlet</servlet-class>
  </servlet>

  <servlet-mapping>
    <servlet-name>WebauthLoginServlet</servlet-name>
    <url-pattern>/Authn/Webauth</url-pattern>
  </servlet-mapping>
(...)
</webapp>

handler.xml configuration

Configure the handler.xml at:

  • new install: $IDP_INSTALL_DIR/src/installer/resources/conf-tmpl/handler.xml
  • reinstall: $IDP_DIR/conf/handler.xml
<ProfileHandlerGroup xmlns=
   "urn:mace:shibboleth:2.0:idp:profile-handler"

(...) 

   xmlns:krb="http://www.switch.ch/aai/idp/kerberos"
   xsi:schemaLocation="
       urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd

(...) 

       http://www.switch.ch/aai/idp/kerberos classpath:/schema/kerberos-login-handler.xsd
       ">

(...) 

   <ph:LoginHandler xsi:type="krb:KERBEROS"
                 kerberosCfg="/opt/kerberos/krb5.conf"
                 customUnauthorized="/opt/shibboleth-identityprovider-2.2.0/src/main/webapp/unauthorized.html"
   >
       <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos</ph:AuthenticationMethod>
       <krb:Realm domain="DOMAIN_A.COM">
           <krb:principal>HTTP/aai-logon.domain_a.com@DOMAIN_A.COM</krb:principal>
           <krb:keytab>/opt/kerberos/http_domainA.keytab</krb:keytab>
       </krb:Realm>

       <krb:Realm domain="DOMAIN_B.COM">
           <krb:principal>HTTP/aai-logon.domain_b.com@DOMAIN_B.COM</krb:principal>
           <krb:keytab>/opt/kerberos/http_domainB.keytab</krb:keytab>
       </krb:Realm>
   </ph:LoginHandler>

(...) </ProfileHandlerGroup>

Citováno z „https://helpdesk.zcu.cz/index.php?title=LPS:Java-idp-webauth-login-handler&oldid=31366