peppelinux / ansible-shibboleth-idp-sp-debian Goto Github PK
View Code? Open in Web Editor NEWA fully automated setup of Shibboleth Idp and SP with many options and features
A fully automated setup of Shibboleth Idp and SP with many options and features
creare un indice
2019-10-16 10:31:04,168 - - WARN [DEPRECATED:122] - XML Element 'null:StartTLSTrustCredential', (file [/opt/shibboleth-idp/conf/attribute-resolver.xml]): This will be removed in the next major version of this software
2019-10-16 10:31:04,207 - - WARN [DEPRECATED:118] - XML Attribute 'sourceAttributeID', (file [/opt/shibboleth-idp/conf/attribute-resolver.xml]): This will be removed in the next major version of this software; replacement is InputAttributeDefinition or InputDataConnector
2019-10-16 10:32:01,885 - - WARN [DEPRECATED:122] - XML Element 'null:StartTLSTrustCredential', (file [/opt/shibboleth-idp/conf/attribute-resolver.xml]): This will be removed in the next major version of this software
2019-10-16 10:32:01,924 - - WARN [DEPRECATED:118] - XML Attribute 'sourceAttributeID', (file [/opt/shibboleth-idp/conf/attribute-resolver.xml]): This will be removed in the next major version of this software; replacement is InputAttributeDefinition or InputDataConnector
Hi,
thank you for your hard work with this. Shibboleth is a complex beast.
If this built is too complex for some, I've provided the VM with my approach:
SAML-Toolkits/python3-saml#202
Thanks
Ciao
Hi again,
this looks like a private repo:
debian:~# git clone https://github.com/ConsortiumGARR/Ansible-Shibboleth-IDP-SP-Debian
Cloning into 'Ansible-Shibboleth-IDP-SP-Debian'...
Username for 'https://github.com': ^C
Please confirm.
Thanks
Hi Giuseppe,
excellent work! There are a number of changes for VirtualBox to work but I got there.
020-07-22 00:08:18,267 - 10.0.2.2 - INFO [org.ldaptive.auth.Authenticator:291] - Authentication succeeded for dn: uid=gino,ou=people,dc=testunical,dc=it
After this, getting opensaml::FatalProfileException at (https://sp.testunical.it:4443/Shibboleth.sso/SAML2/POST)
Unable to establish security of incoming assertion.
Can we not sign the assertion or something? I'm not familiar with Apache Shib module.
Any ideas?
Here is the metadata:
debian:/home/jampy# grep --color -R "https://idp.testunical.it:444" /etc/shibboleth/*
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml:<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:req-attr="urn:oasis:names:tc:SAML:protocol:ext:req-attr" entityID="https://idp.testunical.it:4443/idp/shibboleth">
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml: <mdui:Logo height="80" width="80">https://idp.testunical.it:4443/Path/To/Logo.png</mdui:Logo>
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml: <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.testunical.it:4443/idp/profile/SAML2/POST/SLO"/>
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml: <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://idp.testunical.it:4443/idp/profile/SAML2/POST-SimpleSign/SLO"/>
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml: <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.testunical.it:4443/idp/profile/SAML2/Redirect/SLO"/>
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml: <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.testunical.it:4443/idp/profile/SAML2/SOAP/SLO"/>
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml: <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" req-attr:supportsRequestedAttributes="true" Location="https://idp.testunical.it:4443/idp/profile/SAML2/POST-SimpleSign/SSO"/>
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml: <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" req-attr:supportsRequestedAttributes="true" Location="https://idp.testunical.it:4443/idp/profile/SAML2/Redirect/SSO"/>
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml: <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" req-attr:supportsRequestedAttributes="true" Location="https://idp.testunical.it:4443/idp/profile/SAML2/POST/SSO"/>
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml: <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.testunical.it:4443/idp/profile/SAML2/SOAP/AttributeQuery"/>
/etc/shibboleth/shibboleth2.xml: entityID="https://idp.testunical.it:4443/idp/shibboleth">
And the log:
2020-07-21 23:47:13 WARN Shibboleth.SessionInitiator.SAML2 [8] [default]: unable to locate metadata for provider (https://idp.testunical.it:4443/idp/shibboleth)
2020-07-22 00:11:00 WARN OpenSAML.MessageDecoder.SAML2 [11] [default]: no metadata found, can't establish identity of issuer (https://idp.testunical.it/idp/shibboleth)
2020-07-22 00:11:00 WARN Shibboleth.SSO.SAML2 [11] [default]: no metadata found, can't establish identity of issuer (https://idp.testunical.it/idp/shibboleth)
2020-07-22 00:11:00 WARN Shibboleth.SSO.SAML2 [11] [default]: detected a problem with assertion: Unable to establish security of incoming assertion.
Not sure why is using https://idp.testunical.it/idp/shibboleth for identity when accessed by https://idp.testunical.it:4443/idp/shibboleth
Thanks
Cheers
Hi,
I think this line:
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=admin,dc=testunical,dc=it" -w slapdsecret -f ldap/idp_user.ldif
is missing idp_user.ldif
Thoughts?
Also, why would we need LXC? On VirtualBox this would fail on bridge, the reboot is needed.
The line:
lxc-attach $CONTAINER_NAME -- bash -c "cd /root/ansible-slapd-eduperson2016 && \
> bash make_CA.production.sh && \
> ansible-playbook -i "localhost," -c local playbook.production.yml"
would fail with:
TASK [Gathering Facts] ************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"ansible_facts": {}, "changed": false, "failed_modules": {"setup": {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3.7"}, "failed": true, "module_stderr": "/bin/sh: 1: sudo: not found\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 127, "warnings": ["Platform linux on host localhost is using the discovered Python interpreter at /usr/bin/python3.7, but future installation of another Python interpreter could change this. See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information."]}}, "msg": "The following modules failed to execute: setup\n"}
PLAY RECAP ************************************************************************************************************************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Cheers
Quella password è inutile, MariaDB in locale come utente root accede senza password
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.