[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[upki-fed:280] Re: [upki-fed:279] Re: SSL$B%"%/%;%i%l!<%?4D(B$B6-(B

Subject: [upki-fed:280] Re: [upki-fed:279] Re: SSL$B%"%/%;%i%l!<%?4D(B$B6-(B
Date: Thu, 18 Nov 2010 17:28:33 +0900
From: kohei teraguchi <xxxxxxxxxx@xxxxxxxxxxxxxx>
$B$*@$OC$K$J$C$F$*$j$^$9!#(B
$B;{8}$G$9!#(B

SSL$B%"%/%;%i%l!<%?4D6-$G$N@_Dj$K$D$$$FJs9p$$$?$7$^$9!#(B

1.$BF0:n3NG'4D6-(B
   OS$B!'(BRed Hat Enterprise Linux Server release 5.2 (Tikanga)
   Web$B%5!<%P!'(BApache/2.2.3
   shibbolethSP$B!'(Bshibboleth-2.3.1-1.3
   shibbolethIdP$B!'(Bshibboleth-identityprovider-2.2.0
   $B%I%a%$%s!'(Btest.researchmap.jp


2.$B%m%0%$%s2hLL$NI=<((B
2-1.apache$B$N@_DjJQ99(B
   ServerName test.researchmap.jp
       $B"-(B
   ServerName https://test.researchmap.jp

   https://spaces.internet2.edu/display/SHIB/SPNoSSL
   $B$G$O!"%]!<%HHV9f$N;XDj$H(BUseCanonicalName$B$r(BOn$B$K@_Dj$7$F$$$^$9$,!"(B
   $BL5$/$F$bF0:n$$$?$7$^$7$?!#(B

2-2.apache$B!](Btomcat$BO"7H$N@_DjJQ99(B
   <Connector port="8009" protocol="AJP/1.3"  redirectPort="8443"
              enableLookups="false"
              request.tomcatAuthentication="false"
              address="127.0.0.1" />
       $B"-(B
   <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
              enableLookups="false"
              proxyPort="443" scheme="https"
              request.tomcatAuthentication="false"
              address="127.0.0.1" />

   $B;29M!'(B
   http://groups.google.com/group/shibboleth-users/browse_thread/thread/3247848f1087777c/a2bc1ce79fb1f428?lnk=gst&q=SAML+message+intended+destination+endpoint#a2bc1ce79fb1f428


3.$BG'>Z=hM}(B
3-1.$BGX7J!"8=>](B
   SSL$B%"%/%;%i%l!<%?$rDL$7$?(BWEB$B%5!<%P$X$N%j%/%(%9%H$OA4$F(Bhttp$B$K$J$k$?$a!"(B
   SP$B!J(Bshibboleth2.xml$B!K!"5Z$S!"(BIdP$B!J(Brelying-party.xml$B!K$K@_Dj$5$l$F$$$k(B
   $BHkL)80$H>ZL@=q$OI,MW$J$$$HH=CG$7@_Dj$r9T$C$F$$$J$+$C$?$,!"(B
   $B@_Dj$r9T$o$J$$$H!"%m%0%$%s;~$K%(%i!<$,H/@8$9$k!#(B

3-1.SP$B$N@_Dj(B
   shibboleth2.xml
   <CredentialResolver type="File" key="sp-key.pem"
certificate="sp-cert.pem" />
       $B"-(B
   <CredentialResolver type="File"
                       key="/opt/shibboleth-idp/credentials/idp.key"
                       certificate="/opt/shibboleth-idp/credentials/idp.crt" />

3-2.IdP$B$N@_Dj(B
   relying-party.xml
   <security:Credential id="IdPCredential" xsi:type="security:X509Filesystem">
       <security:PrivateKey>/opt/shibboleth-idp/credentials/idp.key</security:PrivateKey>
       <security:Certificate>/opt/shibboleth-idp/credentials/idp.crt</security:Certificate>
   </security:Credential>

   $B%G%U%)%k%H$N$^$^$GJQ99$J$7!#(B

3-3.$B80@_Dj(B
   /opt/shibboleth-idp/credentials/idp.key$B$K(Btest.researchmap.jp$B$NHkL)80$r@_Dj(B
   /opt/shibboleth-idp/credentials/idp.crt$B$K(Btest.researchmap.jp$B$N>ZL@=q$r@_Dj(B


$B0J>e$N@_Dj$G!"(Btomcat$B:F5/F0!"(Bapache$B:FFI9~$_$r9T$C$?$H$3$mF0:n$$$?$7$^$7$?!#(B


2-1$B$N@_Dj$K$D$$$F$O!"(BServerName$B$rJQ99$7$F$$$k$?$a!"(B
WEB$B%"%W%j%1!<%7%g%sB&$K1F6A$,=P$k2DG=@-$,$"$k$+$H;W$$$^$9$N$G!"(B
$B:#8e!"D4::$7$?$$$H;W$$$^$9!#(B

$B$^$?!"(B2$B!"(B3$B$N@_Dj$,$I$N$h$&$K1F6A$7$FF0:n$9$k$h$&$K$J$C$?$N$+!"(B
$B$$$^$$$AM}2r$7$F$*$j$^$;$s!#!#!#!#(B

$B$H$/$K!"(B3$B$N@_Dj$G!"(BSP$B$N80!"(BIdP$B$N80!"%a%?%G!<%?Fb$N>ZL@=q$,!"(B
$B$$$D!"2?$N$?$a$K;H$o$l$F$$$k$N$+5$$K$J$j$^$9!#(B
$BA[Dj$G$O!"(B
$B!&(BSP$B$NHkL)80$O(BSAML$B$N>pJs$r0E9f2=$9$k:]$K;HMQ$7$F$$$k!#(B
$B!&(BSP$B$N>ZL@=q$O(BSP$BK\?M3NG'$N$?$a$N%G%8%?%k=pL>$K;HMQ$7$F$$$k!#(B
$B!&(BIdP$B$NHkL)80$O(BSAML$B$N>pJs$r0E9f2=$9$k:]$K;HMQ$7$F$$$k!#(B
$B!&(BIdP$B$N>ZL@=q$O(BIdP$BK\?M3NG'$N$?$a$N%G%8%?%k=pL>$K;HMQ$7$F$$$k!#(B
$B!&%a%?%G!<%?Fb$N>ZL@=q$O(BSAML$B$N>pJs$rJ#9g$9$k:]$K;HMQ$7$F$$$k!#(B
$B$NMM$J46$8$+$H;W$C$F$*$j$^$9!#(B

$B$=$NJU$j$N>pJsEy!">\$7$$J}$,$$$i$C$7$c$$$^$7$?$i$465




Follow-Ups:

[upki-fed:281] Re: [upki-fed:280] Re: [upki-fed:279] Re: SSL$B%"%/%;%i%l!<%?4D6-(B
From: Takeshi NISHIMURA



References:

[upki-fed:276] SSL$B%"%/%;%i%l!<%?4D6-(B
From: kohei teraguchi
[upki-fed:277] Re: [upki-fed:276] SSL$B%"%/%;%i(B$B%l!<%?4D6-(B
From: yamaji
[upki-fed:278] Re: [upki-fed:277] Re: [upki-fed:276] SSL$B%"%/%;(B$B%i%l!<%?4D6-(B
From: kohei teraguchi
[upki-fed:279] Re: SSL$B%"%/%;%i%l!<%?4D6-(B
From: yamaji




Prev by Date:
[upki-fed:279] Re: SSL$B%"%/%;%i%l!<%?4D6-(B

Next by Date:
[upki-fed:281] Re: [upki-fed:280] Re: [upki-fed:279] Re: SSL$B%"%/%;%i%l!<%?4D6-(B

Previous by thread:
[upki-fed:279] Re: SSL$B%"%/%;%i%l!<%?4D6-(B

Next by thread:
[upki-fed:281] Re: [upki-fed:280] Re: [upki-fed:279] Re: SSL$B%"%/%;%i%l!<%?4D6-(B

Index(es):

Date
Thread
[upki-fed:280] Re: [upki-fed:279] Re: SSL$B%"%/%;%i%l!<%?4D(B$B6-(B

[upki-fed:280] Re: [upki-fed:279] Re: SSL$B%"%/%;%i%l!<%?4D(B$B6-(B
