SimpleSAMLphp paketo versijos atnaujinimas

Iš LITNET WIKI.
Peršokti į: navigacija, paiešką

Laikome, kad sena versija įdiegta kataloge /usr/local/www pagal instrukciją.

cd /tmp
wget https://simplesamlphp.org/res/downloads/simplesamlphp-*.tar.gz

tar -xvf simplesamlphp-*.tar.gz -C /usr/local/www
 • Nukopijuojame konfigūracijos ir metaduomenų katalogus iš senos versijos:
cd /usr/local/www/simplesamlphp-*

cp -rv /usr/local/www/simplesamlphp/config config
cp -rv /usr/local/www/simplesamlphp/metadata metadata
diff config/config.php config-templates/config.php 
 • Nukopijuojame sertifikatą ir raktą iš senojo paketo:
cp -rv /usr/local/www/simplesamlphp/cert/* cert/
 • Jei turite savo kurtų arba trečiosios šalies modulių, juos nukopijuojame (pvz. KTU temos modulis):
cp -rv /usr/local/www/simplesamlphp/modules/KTU/ modules/
 • Įjungiame kitus modulius, kurie pagal nutylėjimą išjungti, tačiau senojoje versijoje buvo įjungti:
find /var/www/login.ktu.lt/simplesamlphp/modules -name enable -ls
  344  0 -rw-r--r--  1 root   root      0 May 28 15:05 /var/www/login.ktu.lt/simplesamlphp/modules/statistics/enable
 8718  0 -rw-r--r--  1 root   root      0 May 28 14:04 /var/www/login.ktu.lt/simplesamlphp/modules/memcacheMonitor/enable
 8716  0 -rw-r--r--  1 root   root      0 May 28 15:26 /var/www/login.ktu.lt/simplesamlphp/modules/cron/enable
touch {statistics,memcacheMonitor,cron}/enable
 • Pakeičiame grupę ir grupės teises metadata/ katalogui:
chgrp -R www-data metadata/
chmod g+w -R metadata/
 • Nukreipiame kreipinius į naują paketo versiją:
cd /usr/local/www
rm -rf simplesamlphp
ln -s simplesamlphp-* simplesamlphp
 • KTU IdP: Patikrinti, ar teisingas kelias iki SSL rakto el.pašto autorizacijos modulyje, metaduomenyse:
$metadata['https://pastas.ktu.lt/shibboleth'] = array (
 'entityid' => 'https://pastas.ktu.lt/shibboleth',
 'contacts' =>
 array (
 ),

 'redirect.sign'        => true,

        'name' => array (
            'en' => 'KTU Email system',
            'lt' => 'KTU El.pasto sistema',
        ),

 'attributes' => array( 'eduPersonPrincipalName', 'uid', 'cn', 'mail', 'ktuEduPersonMemberOfDN', 'dvpass', 'ticket', 'ticket_base'),
    'authproc' => array(
    10 => array(
            'class' => 'KTU:dvsess',
            'priv_key' =>'/usr/local/www/simplesamlphp/cert/login.ktu.lt.pem',
            'memcache_servers' => '127.0.0.1:11211',
            'session_iv' =>  '.....',
            'static_iv' =>  '.....',
            'static_password' => 'excvtyu.....',
            )
    ),


 • KTU IdP: Pridėti truksmatus atributų mapus:
attributemap/name2oid.php

// KTU eduPerson schema
'ktuEduPersonWindowsLiveID' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.1',
'ktuEduPersonTargetDegree' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.2',
'ktuEduPersonStudentCategory' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.3',
'ktuEduPersonStudyStart' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.5',
'ktuEduPersonStudyToEnd' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.6',
'ktuEduPersonPrimaryGroup' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.7',
'ktuEduPersonActive' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.8',
'ktuEduPersonBlocked' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.9',
'ktuEduPersonBlockedReason' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.10',
'ktuEduPersonActivationCode' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.11',
'ktuEduPersonStudyState' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.12',
'ktuEduPersonMemberOfDN' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.13',
'ktuEduPersonMailDir' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.14',
'ktuEduPersonMailActive' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.15',
'ktuEduPersonMailExpires' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.16',
'ktuEduPersonVacationActive' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.17',
'ktuEduPersonVacationMessage' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.18',
'ktuEduPersonPrimaryMail' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.19',
'ktuEduPersonSecondaryMail' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.20',
'ktuEduPersonExpires' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.21',
'ktuEduPersonVerificationCode' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.22',
'ktuEduPersonVerificationCodeExpires' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.23',
'ktuEduPersonAffiliation' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.24',
'ktuEduPersonStudyField' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.25',
'ktuEduPersonStudyBranch' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.26',
'ktuEduPersonEmeritusExpires' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.27',
'ktuEduPersonStudentExpires' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.28',
'ktuEduPersonEmployeeExpires' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.29',
'ktuEduPersonEntrantExpires' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.30',
'ktuEduPersonDormitoryExpires' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.33',
'ktuEduPersonAlumExpires' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.34',
'ktuEduPersonProxyAddresses' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.35',
'ktuEduGroupID' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.31',
'ktuEduGroupType' => 'urn:oid:1.3.6.1.4.1.35468.2.2.1.32',
// LITNET eduPerson schema
'litnetEduPersonStudyField' => 'urn:oid:1.3.6.1.4.1.7865.1.2.1',
'litnetEduPersonStudyBranch' => 'urn:oid:1.3.6.1.4.1.7865.1.2.2',
'litnetEduPersonStudentCategory' => 'urn:oid:1.3.6.1.4.1.7865.1.2.3',
'litnetEduPersonTargetDegree' => 'urn:oid:1.3.6.1.4.1.7865.1.2.4',
'litnetEduPersonLABTusrlibrary' => 'urn:oid:1.3.6.1.4.1.7865.1.2.5',
attributemap/oid2name.php

// KTU eduPerson
'urn:oid:1.3.6.1.4.1.35468.2.2.1.1' => 'ktuEduPersonWindowsLiveID',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.2' => 'ktuEduPersonTargetDegree',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.3' => 'ktuEduPersonStudentCategory',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.5' => 'ktuEduPersonStudyStart',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.6' => 'ktuEduPersonStudyToEnd',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.7' => 'ktuEduPersonPrimaryGroup',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.8' => 'ktuEduPersonActive',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.9' => 'ktuEduPersonBlocked',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.10' => 'ktuEduPersonBlockedReason',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.11' => 'ktuEduPersonActivationCode',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.12' => 'ktuEduPersonStudyState',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.13' => 'ktuEduPersonMemberOfDN',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.14' => 'ktuEduPersonMailDir',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.15' => 'ktuEduPersonMailActive',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.16' => 'ktuEduPersonMailExpires',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.17' => 'ktuEduPersonVacationActive',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.18' => 'ktuEduPersonVacationMessage',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.19' => 'ktuEduPersonPrimaryMail',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.20' => 'ktuEduPersonSecondaryMail',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.21' => 'ktuEduPersonExpires',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.22' => 'ktuEduPersonVerificationCode',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.23' => 'ktuEduPersonVerificationCodeExpires',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.24' => 'ktuEduPersonAffiliation',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.25' => 'ktuEduPersonStudyField',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.26' => 'ktuEduPersonStudyBranch',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.27' => 'ktuEduPersonEmeritusExpires',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.28' => 'ktuEduPersonStudentExpires',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.29' => 'ktuEduPersonEmployeeExpires',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.30' => 'ktuEduPersonEntrantExpires',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.33' => 'ktuEduPersonDormitoryExpires',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.34' => 'ktuEduPersonAlumExpires',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.35' => 'ktuEduPersonProxyAddresses',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.31' => 'ktuEduGroupID',
'urn:oid:1.3.6.1.4.1.35468.2.2.1.32' => 'ktuEduGroupType',
// LITNET eduPerson
'urn:oid:1.3.6.1.4.1.7865.1.2.1' => 'litnetEduPersonStudyField',
'urn:oid:1.3.6.1.4.1.7865.1.2.2' => 'litnetEduPersonStudyBranch',
'urn:oid:1.3.6.1.4.1.7865.1.2.3' => 'litnetEduPersonStudentCategory',
'urn:oid:1.3.6.1.4.1.7865.1.2.4' => 'litnetEduPersonTargetDegree',
'urn:oid:1.3.6.1.4.1.7865.1.2.5' => 'litnetEduPersonLABTusrlibrary',