$ yum install mod_perl $ yum install perl-Config-IniFiles perl-Algorithm-Diff perl-Text-Diff perl-CGI-Session perl-Digest-SHA1 patch rcs diff ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: patch i386 2.5.4-24 base 62 k perl-Algorithm-Diff noarch 1.1901-1.2.fc4.rf dries 46 k perl-CGI-Session noarch 4.09-1.fc4.rf dries 112 k perl-Config-IniFiles noarch 2.39-3.fc4 extras 45 k perl-Digest-SHA1 i386 2.10-1 base 48 k perl-Text-Diff noarch 0.35-2.fc4 extras 33 k rcs i386 5.7-28 base 299 k diffutils i386 2.8.1-15 base 208 k Installing for dependencies: perl-DBD-Pg i386 1.41-2 base 102 k perl-FreezeThaw noarch 0.43-2 extras 16 k postgresql-libs i386 8.0.8-1.FC4.1 updates-released 184 k |
[root@xserv /var/www/html] $ mkdir twiki ; cd twiki/ [root@xserv /var/www/html/twiki] $ tar xvfz /root/TWiki-4.0.2.tgz |
[root@xserv /var/www/html] $ chown -R apache twiki |
[root@xserv /var/www/html/twiki/lib] $ cp LocalSite.cfg.txt LocalSite.cfg |
/var/www/html/twiki
:[root@xserv /var/www/html/twiki/lib] $ vi LocalSite.cfg replace path, vi command: :1,$s/home\/httpd/var\/www\/html/ 3 substitutions on 3 lines |
[root@xserv /etc/httpd/conf.d] $ cp /var/www/html/twiki/twiki_httpd_conf.txt ./twiki_httpd.conf |
/var/www/html/twiki
::1,$s/home\/httpd/var\/www\/html/ 10 substitutions on 10 lines |
$ /etc/init.d/httpd restart Arrêt de httpd : [ OK ] Démarrage de httpd : [ OK ] |
Failed to open /var/www/html/twiki/lib/LocalSite.cfg for write at /var/www/html/twiki/bin/configure line 1108. |
[root@xserv /var/www/html/twiki/lib] $ ls -al LocalSite.cfg -r--r----- 1 apache root 2123 jun 7 17:25 LocalSite.cfg [root@xserv /var/www/html/twiki/lib] $ chmod 640 LocalSite.cfg |
Configuration Password changed Updating configuration $TWiki::cfg{LocalesDir} old new /var/www/html/twiki/locale $TWiki::cfg{Site}{CharSet} old new iso-8859-15 $TWiki::cfg{Site}{Lang} old new en $TWiki::cfg{Site}{FullLang} old new en-us 5 configuration items changed. Return to configuration |
in {LoginManager} choose TWiki::Client::ApacheLogin more info: \url{http://twiki.org/cgi-bin/view/TWiki04/TWikiUserAuthentication#Apache_Login} The \verb+REMOTE_USER+ might contain some exotic characters that aren't WikiName-conform. Therefore, we need to map this \verb+REMOTE_USER+ (also LoginName) to a WikiName. {MapUserToWikiName} checked When using Shibboleth for authentication, of course you don't need to provide a password at registration. {PasswordManager} None Let the LoginName field appear in the registration form. {Register}{AllowLoginName} checked |
Configuration Updating configuration $TWiki::cfg{LoginManager} old none new TWiki::Client::ApacheLogin $TWiki::cfg{PasswordManager} old TWiki::Users::HtPasswdUser new none $TWiki::cfg{Register}{AllowLoginName} old new 1 3 configuration items changed. Return to configuration |
Configuration Updating configuration $TWiki::cfg{Site}{Locale} old en_US.ISO-8859-1 new fr_FR.ISO-8859-15 $TWiki::cfg{Site}{Lang} old en new us 2 configuration items changed. Return to configuration |
[root@wpublic /etc/httpd/conf.d] $ tail -20 twiki_httpd.conf #Make sure the shibboleth module is loaded for the entire application <Directory "/var/www/html/twiki"> # AuthType Shibboleth # require shibboleth AuthType shibboleth ShibRequireSession On ShibExportAssertion On require statut permanent </Directory> # /bin/logon needs to be secured with authentication # require valid-user will take care of authentication only <Files "/var/www/TWiki/bin/logon*"> AuthType shibboleth ShibRequireSession On require valid-user </Files> |
REMOTE_USER
http env variable, which will eventually be the logged in user !resolver.xml
defines which attributes should be retrieved from the IDP.[root@shibidp /usr/local/shibboleth-idp/etc] $ vim resolver.xml <AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd"> <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:uid"> <DataConnectorDependency requires="get-test"/> </SimpleAttributeDefinition> <JNDIDirectoryDataConnector id="get-test"> <Search filter="uid=%PRINCIPAL%"> <Controls searchScope="SUBTREE_SCOPE" returningObjects="false" /> </Search> <Property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory" /> <Property name="java.naming.provider.url" value="ldap://ldap2.int-evry.fr/ou=people,dc=int-evry,dc=fr" /> <!-- <Property name="java.naming.security.protocol" value="ssl" /> --> <!-- <Property name="java.naming.security.principal" value="cn=admin,dc=example,dc=edu" /> --> <!-- <Property name="java.naming.security.credentials" value="examplepw" /> --> </JNDIDirectoryDataConnector> |
[root@shibidp /usr/local/shibboleth-idp/etc/arps] $ vim arp.site.xml <AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" > <Description>ARP GET</Description> <Rule> <Target> <AnyTarget/> </Target> <Attribute name="urn:mace:dir:attribute-def:uid"> <AnyValue release="permit"/> </Attribute> </Rule> </AttributeReleasePolicy> |
AAP.xml
file. Here the uid
attribute is sent in the http headers as the REMOTE_USER
environement variable .[root@wpublic /etc/shibboleth] $ vim AAP.xml <AttributeAcceptancePolicy xmlns="urn:mace:shibboleth:1.0"> <AttributeRule Name="urn:mace:dir:attribute-def:uid" Header="REMOTE_USER" Alias="uid"> <AnySite> <AnyValue/> </AnySite> </AttributeRule> </AttributeAcceptancePolicy> |
go to http://www-public.int-evry.fr/twiki/bin/view redirected to the WAYF: https://shibidp.int-evry.fr/cru-wayf/?shire=https%3A%2F%2Fwww-public.int-evry.fr%2Fshib%2FShibboleth.sso%2FSAML%2FPOST&time=1150207769&target=cookie&providerId=https%3A%2F%2Fwww-public.int-evry.fr%2Fshib Select state in france on the WAYF map: https://shibidp.int-evry.fr/cru-wayf/?action=selectMap&mapId=ileDeFrance redirected to CAS for INT site: https://cas2.int-evry.fr/cas/login?service=https%3A%2F%2Fshibidp.int-evry.fr%2Fshibboleth-idp%2FSSO%3Ftarget%3Dcookie%26shire%3Dhttps%253A%252F%252Fwww-public.int-evry.fr%252Fshib%252FShibboleth.sso%252FSAML%252FPOST%26providerId%3Dhttps%253A%252F%252Fwww-public.int-evry.fr%252Fshib%26time%3D1150207850 |
REMOTE_USER
= uid) so we get access to the service:
http://www-public.int-evry.fr/twiki/bin/view as the shibboleth logged in user :-) .TWIKIUSERNAME
, it will give you also a personnal page. To do that you need once to register.
Choose TwikiRegistrationInstalled: perl-HTML-Parser.i386 0:3.45-1 Dependency Installed: perl-HTML-Tagset.noarch 0:3.04-1 |
Ce document a été traduit de LATEX par HEVEA.