LPS:Java-idp-webauth-login-handler
Z HelpDesk
Webauth Login Handler Installation instructions
internal
ForceAuthn [Optional] 2042 A Boolean value. If "true", the identity provider MUST authenticate the presenter directly rather than 2043 rely on a previous security context. If a value is not provided, the default is "false". However, if both 2044 ForceAuthn and IsPassive are "true", the identity provider MUST NOT freshly authenticate the 2045 presenter unless the constraints of IsPassive can be met. 2046
- todo
- je potreba kod vycistit a upravit do prijatelne formy
- je potreba prohodit nastavovani uzivatelskeho jmena a kontroly tokenu, abychom nenastavovali zbytecne kdyz potom stejne uzivatele odmitneme
- je potreba predelat forcereauth v pripade ze uzivatel prisel s "p" z jine casti aplikace ne na cas jak je to ted, ale na identifikator predchoziho prihlaseni (security context), aby to presne odpovidalo specifikaci a nebylo tam zadne koslave okno pro podvadeni ...
Requirements
Installation and configuration
Download and build the source (replace X.0 with the last stable version, e.g.: "tags/1.0"):
svn export https://subversds.d..........zcu.cz cd java-idp-webauth-login-handler mvn package
IdP - Configuration
Copy the .jar file to the installation folder:
cp target/webauth-login-handler-X.0.jar $IDP_INSTALL_DIR/lib
Configuring the server (tomcat)
In the web-application you have to enable the Webauth login servlet. You do that in $IDP_INSTALL_DIR/src/main/webapp/WEB-INF/web.xml:
<webapp> (...) <servlet> <servlet-name>WebauthAuthServlet</servlet-name> <servlet-class>cz.zcu.civ.idp.webauth.WebauthAuthServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>WebauthAuthServlet</servlet-name> <url-pattern>/Authn/Webauth</url-pattern> </servlet-mapping> (...) </webapp>
Apache configuration
# RUSS 2 <Location /wareauth> ## WebAuth AuthType WebAuth require valid-user #WA3 ## WebAuthForceLogin on ## WebAuthAppTokenLifetime 1m # WA4 WebAuthRequireSessionFactor p RewriteEngine on RewriteRule .* https://shib2.zcu.cz/idp/Authn/RemoteUser [R,L] </Location>
handler.xml configuration
Configure the handler.xml at:
- new install: $IDP_INSTALL_DIR/src/installer/resources/conf-tmpl/handler.xml
- reinstall: $IDP_DIR/conf/handler.xml
<ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" (...) xmlns:webauth="http://support.zcu.cz/java-idp-webauth-login-handler" <<<<< (...) xsi:schemaLocation=" urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd http://support.zcu.cz/java-idp-webauth-login-handler classpath:/schema/webauth-login-handler.xsd <<<<< (...) "> (...) <ph:LoginHandler xsi:type="webauth:Webauth"> <<<<< <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:Webauth</ph:AuthenticationMethod> <<<<< </ph:LoginHandler> <<<<< (...) </ph:ProfileHandlerGroup>
Log configuration
The logging for the Handler is configured in the logging.xml file. It can be found at:
- new install: $IDP_INSTALL_DIR/src/installer/resources/conf-tmpl/logging.xml
- reinstall: $IDP_DIR/conf/logging.xml
(...) <logger name="cz.zcu.civ.idp.webauth"> <level value="DEBUG"/> </logger> (...)
Deployment
Backup the IdP configuration before re-deploying the application:
$IDP_INSTALL_DIR/install.sh
Troubleshooting
- Project page (bugs, features): http://support.zcu.cz/java-idp-webauth-login-handler
- Contact for comments/questions: paja@civ.zcu.cz