Belnet R&E Federation Workshop Shibboleth IdP Deployment Belnet – Mario Vandaele Brussels – 15 March 2012.

Slides:



Advertisements
Similar presentations
RSDB Installation & Configuration
Advertisements

Digital Certificate Installation & User Guide For Class-2 Certificates.
Developing in CAS. Why? As distributed you edit CAS 3 with Eclipse and build with Maven 2 – Best Practice for Release Engineering – Difficult edit-debug.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
IdP Basics & Installation. © 2010 SWITCH 2 Current Environment Network Java Tomcat LDAP –Create apacheDS run directory mkdir /var/run/apacheds/default.
Object-Oriented Enterprise Application Development Tomcat 3.2 Configuration Last Updated: 03/30/2001.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Implementing Native Mode and Internet Based Client Management.
Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from
DT211/3 Internet Application Development Web Servers.
APACHE SERVER By Innovationframes.com »
Tomcat Celsina Bignoli History of Tomcat Tomcat is the result of the integration of two groups of developers. – JServ, an open source.
Amazon EC2 Quick Start adapted from EC2_GetStarted.html.
Linux Operations and Administration
Course 201 – Administration, Content Inspection and SSL VPN
Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.
Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.
Using Opal to deploy a real scientific application as a Web service Sriram Krishnan
One to One instructions Installing and configuring samba on Ubuntu Linux to enable Linux to share files and documents with Windows XP.
Apache Tomcat Web Server SNU OOPSLA Lab. October 2005.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
IDigBio is funded by a grant from the National Science Foundation’s Advancing Digitization of Biodiversity Collections Program (Cooperative Agreement EF ).
© 2012 Cisco and/or its affiliates. All rights reserved. BRKUCC Cisco Public (SAML) Single Sign-On (SSO) for Cisco Unified Communications 10.x By.
Copyright ®xSpring Pte Ltd, All rights reserved Versions DateVersionDescriptionAuthor May First version. Modified from Enterprise edition.NBL.
Shibboleth IdP Training: Productionalization January, 2009.
Copyright 2000 eMation SECURITY - Controlling Data Access with
CS441 CURRENT TOPICS IN PROGRAMMING LANGUAGES LECTURE 5_1 George Koutsogiannakis/ Summer
Integrating with UCSF’s Shibboleth system
I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.
1 Apache and Virtual Sites and SSL Dorcas Muthoni.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.
TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,
Cisco ASA 5505 Joseph Cicero Northeast Wisconsin Technical College.
SE-2840 Dr. Mark L. Hornick1 Web Application Security.
Shibboleth 2.0 IdP Training: Authentication January, 2009.
Connect. Communicate. Collaborate The Installation of RRD Measurement Archive (MA) Roman Łapacz, PSNC 27 th September, 2006 SEEREN2 Summer School, Heraklion.
Authentication. 2 © 2010 SWITCH Terms: Authentication Mechanism A concrete mechanism used to authenticate a user. Shibboleth 2 currently supports REMOTE_USER,
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Shibboleth and IIS Integration Tips, Tricks, Alternatives
Apache Web Server Quick and Dirty for AfNOG 2015 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Apache Web Server Quick and Dirty Evelyn NAMARA for AfNOG 2014 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.
Apache Web Server Quick and Dirty Kevin G. Chege for AfNOG 2013 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
Linux Services Configuration
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Tomcat Setup BCIS 3680 Enterprise Programming. One-Click Tomcat Setup 2  This semester we’ll try to set up Tomcat with a PowerShell script.  Preparation.
LAB#8 PKI & DIGITAL CERTIFICATE CPIT 425. Public Key Infrastructure PKI 2  Public key infrastructure is the term used to describe the laws, policies,
INTERNET APPLICATIONS CPIT405 Install a web server and analyze packets.
Installation. All Rights Reserved © Alcatel-Lucent | Installation Module Objectives  Installation  Startup and process monitoring  Uninstallation.
Building Your Own Website Using:. Install & configure LAMP. Download WordPress and run it as a local website on your Raspberry Pi. Configure WordPress.
1 E-Site - FTP Services Setup / install guide. 2 About FTP services can run on any desired port(s) Runs as a windows service Works for all sites installed.
Training Objectives About D2F Download Installation Configuration
Hyrax Configuration.
Hadoop Architecture Mr. Sriram
Apache web server Quick overview.
MyProxy Server Installation
Tomcat Celsina Bignoli
Configuring tomcat for https
Installation & User Guide
Lab 1 introduction, debrief
IBM Certified WAS 8.5 Administrator
INSTALLING AND SETTING UP APACHE2 IN A LINUX ENVIRONMENT
IIS.
Introduction to JBoss application server
Configuration Of A Pull Network.
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Belnet R&E Federation Workshop Shibboleth IdP Deployment Belnet – Mario Vandaele Brussels – 15 March 2012

2Workshop Belnet R&E Federation Login – Linux / MacOSX Start terminal Login into your virtual machine – With # being your assigned group number Insert password ssh 57ud3n7

3Workshop Belnet R&E Federation Login – Windows

Login 4Workshop Belnet R&E Federation Output

5Workshop Belnet R&E Federation Login – sudo The “student” account doesn’t have “root” priviliges, so let’s temporarily enable them Insert password sudo su - 57ud3n7

Shibboleth IdP installation Extract Shibboleth IdP archive in your local source directory Check content of Shibboleth directory 6Workshop Belnet R&E Federation cd /home/student/workshop cp shibboleth-identityprovider bin.zip /usr/local/src unzip shibboleth-identityprovider bin.zip cd /usr/local/src/shibboleth-identityprovider ls -l

Shibboleth IdP installation 7Workshop Belnet R&E Federation … -rwxrwxrwx 1 root root :25 LICENSE.txt -rwxrwxrwx 1 root root :25 install.bat -rwxr-xr-x 1 root root :52 install.sh -rwxrwxrwx 1 root root :52 cpappend.bat drwxrwxrwx 2 root root :35 doc drwxrwxrwx 5 root root :36 src drwxrwxrwx 2 root root :36 lib drwxrwxrwx 2 root root :36 endorsed … Output

Shibboleth IdP installation 8Workshop Belnet R&E Federation Some extra java classes, bundled into jar files, required by Shibboleth must be endorsed by our java servlet engine (tomcat) Check content of the new directory mkdir /usr/share/tomcat6/endorsed/ cp./endorsed/*.jar /usr/share/tomcat6/endorsed/ ls -l /usr/share/tomcat6/endorsed

Shibboleth IdP installation 9Workshop Belnet R&E Federation Output … -r--r--r-- 1 root root :31 xalan jar -r--r--r-- 1 root root :31 serializer jar -r--r--r-- 1 root root :31 xml-resolver-1.2.jar -r--r--r-- 1 root root :31 xml-apis jar -r--r--r-- 1 root root :31 xercesImpl jar …

Shibboleth IdP installation 10Workshop Belnet R&E Federation (Optional) Pre-build preparation: check java environment Output update-alternatives --config java Selection PathPriority Status /usr/lib/jvm/java-6-openjdk/jre/bin/java 1061 auto mode 1/opt/java/64/jre1.6.0_31/bin/java 1 manual mode 2/usr/lib/jvm/java-6-openjdk/jre/bin/java 1061 manual mode 3 /usr/lib/jvm/java-6-sun/jre/bin/java 63 manual mode

Shibboleth IdP installation 11Workshop Belnet R&E Federation (Optional) Pre-build preparation: set & check JAVA_HOME Pre-build preparation: set & check IDP_HOME export JAVA_HOME=/usr/lib/jvm/java-6-sun/jre echo $JAVA_HOME export IDP_HOME=/opt/shibboleth-idp echo $IDP_HOME /usr/lib/jvm/java-6-sun/jre /opt/shibboleth-idp /export IDP_SRC=/usr/local/shibboleth-identityprovider-2.3.5

Shibboleth IdP installation 12Workshop Belnet R&E Federation (Optional) Set IdPCertLifetime for self-signed server certificate – If you want to overrule the default lifetime of 20 years for the self-signed certificate, you must set the environment variable IdPCertLifetime to a value of your choice – This server certificate is NOT the same as the CA issued (TERENA) server certificate for HTTPS, so don’t use this one in your web server configuration (Apache) env IdPCertLifetime=3

Shibboleth IdP installation 13Workshop Belnet R&E Federation Build the Shibboleth IdP web application and provide input when requested by the script – Installation directory = /opt/shibboleth-idp – FQDM = idp#.ws.belnet.be With # being your assigned group number – Keystore password = 57ud3n7 cd $IDP_SRC./install.sh

Shibboleth IdP installation 14Workshop Belnet R&E Federation Output (1/3) Buildfile: src/installer/resources/build.xml install: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Be sure you have read the installation/upgrade instructions on the Shibboleth website before proceeding. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Where should the Shibboleth Identity Provider software be installed? [/opt/shibboleth-idp] What is the fully qualified hostname of the Shibboleth Identity Provider server? [idp.example.org] idp#.ws.belnet.be

Shibboleth IdP installation 15Workshop Belnet R&E Federation Output (2/3) A keystore is about to be generated for you. Please enter a password that will be used to protect it. 57ud3n7 Updating property file: /usr/local/src/shibboleth-identityprovider /src/installer/resources/install.properties Created dir: /opt/shibboleth-idp Created dir: /opt/shibboleth-idp/bin Created dir: /opt/shibboleth-idp/conf Created dir: /opt/shibboleth-idp/credentials Created dir: /opt/shibboleth-idp/lib Created dir: /opt/shibboleth-idp/lib/endorsed Created dir: /opt/shibboleth-idp/logs Created dir: /opt/shibboleth-idp/metadata Created dir: /opt/shibboleth-idp/war Generating signing and encryption key, certificate, and keystore.

Shibboleth IdP installation 16Workshop Belnet R&E Federation Output (3/3) Copying 5 files to /opt/shibboleth-idp/bin Copying 8 files to /opt/shibboleth-idp/conf Copying 1 file to /opt/shibboleth-idp/metadata Copying 51 files to /opt/shibboleth-idp/lib Copying 5 files to /opt/shibboleth-idp/lib/endorsed Copying 1 file to /usr/local/src/shibboleth-identityprovider-2.3.5/src/installer Building war: /usr/local/src/shibboleth-identityprovider-2.3.5/src/installer/idp.war Copying 1 file to /opt/shibboleth-idp/war Deleting: /usr/local/src/shibboleth-identityprovider-2.3.5/src/installer/web.xml Deleting: /usr/local/src/shibboleth-identityprovider-2.3.5/src/installer/idp.war BUILD SUCCESSFUL

Shibboleth IdP installation 17Workshop Belnet R&E Federation Check content of IDP_HOME Output ls -l $IDP_HOME drwxr-xr-x 2 root root :42 bin drwxr-xr-x 2 root root :42 conf drwxr-xr-x 2 root root :42 credentials drwxr-xr-x 3 root root :42 lib drwxr-xr-x 2 root root :42 logs drwxr-xr-x 2 root root :42 metadata drwxr-xr-x 2 root root :42 war

Shibboleth IdP installation 18Workshop Belnet R&E Federation IDP/bin  command line tools – aacli.sh: attribute authority cli to simulate attribute resolving and filtering – version.sh: provides the version of Shibboleth IdP -rw-r--r-- 1 root root :52 aacli.bat -rwxr-xr-x 1 root root :52 aacli.sh -rw-r--r-- 1 root root :52 cpappend.bat -rw-r--r-- 1 root root :52 version.bat -rwxr-xr-x 1 root root :52 version.sh ls -l $IDP_HOME/bin

Shibboleth IdP installation 19Workshop Belnet R&E Federation IDP_HOME/conf  configuration files -rw-r--r-- 1 root root :34 attribute-filter.xml -rw-r--r-- 1 root root :38 attribute-resolver.xml -rw-r--r-- 1 root root :41 handler.xml -rw-r--r-- 1 root root :41 internal.xml -rw-r--r-- 1 root root :52 logging.xml -rw-r--r-- 1 root root :13 login.config -rw-r--r-- 1 root root :37 relying-party.xml -rw-r--r-- 1 root root :44 service.xml ls -l $IDP_HOME/bin

Shibboleth IdP installation 20Workshop Belnet R&E Federation IDP_HOME/credentials  private keys & public certificate & keystore – The private key (idp.key) is used for signing SAML messages – The public key (idp.crt) is published via the metadata and can be used to encrypt SAML messages from the SP to the IdP – different from credentials used for HTTPS  Apache configuration uses CA issued server certificates -rw-r--r-- 1 root root :42 idp.crt -rw-r--r-- 1 root root :42 idp.jks -rw-r--r-- 1 root root :42 idp.key ls -l $IDP_HOME/credentials

Shibboleth IdP installation 21Workshop Belnet R&E Federation IDP_HOME/credentials  private keys & public certificate & keystore – For this workshop we have generated self-signed credentials which are already present in the federation metadata cp /home/student/workshop/idp.key $IDP_HOME/credentials/ cp /home/student/workshop/idp.crt $IDP_HOME/credentials/

Shibboleth IdP installation 22Workshop Belnet R&E Federation IDP_HOME/lib – Contains all java libraries (jar-files) which make up the IdP – These files are copies of those present in the war-file – Only used by the command line tools – Java libraries < JAR < WAR < EAR -rw-r--r-- 1 root root :11 activation-1.1.jar … -rw-r--r-- 1 root root :36 xmltooling jar ls -l $IDP_HOME/lib

Shibboleth IdP installation 23Workshop Belnet R&E Federation IDP/logs – To be configured in logging.xml – Process log: detailed description of IdP processing requests – Access log: record of all clients which connect to IdP – Audit log: record of all information sent out by IdP – Soon audit logging will be available on SP side as well ls -l $IDP_HOME/logs …

Shibboleth IdP installation 24Workshop Belnet R&E Federation IDP_HOME/metadata – Default location where local metadata and backups of remote metadata files are stored – The IdP does not automatically load any metadata  IdP must be explicitly told where to look for metadata  relying-party.xml -rw-r--r-- 1 root root :52 idp-metadata.xml ls -l $IDP_HOME/metadata

Shibboleth IdP installation 25Workshop Belnet R&E Federation IDP_HOME/war – The actual file used by Tomcat the deploy the IdP web application – Tomcat must be told where to find the war-file -rw-r--r-- 1 root root :42 idp.war ls -l $IDP_HOME/war

Shibboleth IdP installation 26Workshop Belnet R&E Federation Context descriptor for IdP in Tomcat – Create file /etc/tomcat6/Catalina/localhost/idp.xml where idp will be the path – Workshop specific: <Context docBase="/opt/shibboleth-idp/war/idp.war" privileged="true" antiResourceLocking="false" antiJARLocking="false" unpackWAR="false" swallowOutput="true" /> cd /home/student/workshop/ cp catalina-idp.xml /etc/tomcat6/Catalina/localhost/idp.xml cp idp-workshop.war /opt/shibboleth-idp/war/idp.war

Tomcat Configuration 27Workshop Belnet R&E Federation Define communication ports between Tomcat and Apache – Configure /etc/tomcat6/server.xml – Put in comment connector on port 8080 … … vim /etc/tomcat6/server.xml

Tomcat Configuration 28Workshop Belnet R&E Federation Restart tomcat and check listening port /etc/init.d/tomcat6 restart * Stopping Tomcat servlet engine tomcat6 [ OK ] * Starting Tomcat servlet engine tomcat6 [ OK ] netstat –nl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp : :* LISTEN tcp : :* LISTEN tcp : :* LISTEN tcp : :* LISTEN tcp : :* LISTEN tcp : :* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp :8005 :::* LISTEN

CA-issued Server Certificate 29Workshop Belnet R&E Federation Request server certificate: – Workshop specific: The chain file comodo-chain.pem is already present in /etc/ssl/certs/  don’t forget to download and install this chain certificate when requesting your IdP server certificate for your own environment cd /home/student/workshop cp idp#.ws.belnet.be.key /etc/ssl/private/ cp idp#.ws.belnet.be.pem /etc/ssl/certs/

Apache configuration 30Workshop Belnet R&E Federation Create specific configuration file for IdP – Create file /etc/apache2/sites-available/idp – Workshop specific: – Replace [#] with your assigned group number – Press [ESC] – :%s/\[#\]/your number/g cd /home/student/workshop cp apache-your-idp-site-config /etc/apache2/sites-available/idp vim /etc/apache2/sites-available/idp

Apache configuration 31Workshop Belnet R&E Federation Two important sections in configuration file: – Virtual host listening on port 443: TERENA SSL certificate AJP connector to Tomcat – Virtual host listening on port 8443: Self-signed certificate SSL client authentication to identify SP’s (based on trust in metadata) AJP connector to Tomcat

Apache configuration 32Workshop Belnet R&E Federation Enable the IdP configuration file Enable ssl_mod Enable ajp_mod a2ensite idp a2enmod ssl a2enmod proxy_ajp

Apache configuration 33Workshop Belnet R&E Federation Check & restart Apache Syntax OK apache2ctl -t apache2ctl -k restart netstat -nl

Shibboleth IdP Configuration 34Workshop Belnet R&E Federation Set IdP directory & file permissions chown tomcat6 $IDP_HOME/metadata chown tomcat6 $IDP_HOME/logs chown -R tomcat6 $IDP_HOME/credentials chmod 750 $IDP_HOME/credentials cd $IDP_HOME/credentials chmod 440 idp.key chmod 644 idp.crt

Shibboleth IdP Configuration 35Workshop Belnet R&E Federation Download R&E Test Federation certificate – The Test Federation metadata is signed with this certificate, so your IdP can check the authenticity during download – Workshop specific: certificate.federation.belnet.be.pem is already present in /etc/ssl/certs/ – Don’t forget to also put the TERENA chain file in /etc/ssl/certs/ cd $IDP_HOME/credentials wget certificate.federation.belnet.be.pem

Shibboleth IdP Configuration 36Workshop Belnet R&E Federation Create IdP metadata file – The IdP must be made aware of it’s own identity – Workshop specific: – Fill in your organization information, which is required for Belnet R&E Federation ls -l $IDP_HOME/metadata cp /home/student/workshop/idp-metadata.xml $IDP_HOME/metadata/idp- metadata.xml vim $IDP_HOME/metadata/idp-metadata.xml

Shibboleth IdP Configuration 37Workshop Belnet R&E Federation Configure the Relying Party elements IdP’s own metadata configuration – No changes required vim $IDP_HOME/conf/relying-party.xml <metadata:MetadataResource xsi:type="resource:FilesystemResource" xmlns="urn:mace:shibboleth:2.0:metadata" file="/opt/shibboleth-idp/metadata/idp-medata.xml"/>

Shibboleth IdP Configuration 38Workshop Belnet R&E Federation Security configuration for IdP – No changes required /opt/shibboleth-idp/credentials/idp.key /opt/shibboleth-idp/credentials/idp.crt

Shibboleth IdP Configuration 39Workshop Belnet R&E Federation Metadata configuration – Test Federation <metadata:MetadataProvider id="URLMD" xsi:type="metadata:FileBackedHTTPMetadataProvider" metadataURL=" backingFile="/opt/shibboleth-idp/metadata/testfederation-metadata.xml"> <metadata:MetadataFilter xsi:type="metadata:RequiredValidUntil" maxValidityInterval=”P10D" /> <metadata:MetadataFilter xsi:type="metadata:SignatureValidation" trustEngineRef="shibboleth.MetadataTrustEngine" requireSignedMetadata="true" /> samlmd:SPSSODescriptor

Shibboleth IdP Configuration 40Workshop Belnet R&E Federation Security configuration – Test Federation – Uncomment this trust engine – Location of the Test Federation certificate used by IdP to validate the Test Federation metadata during download /opt/shibboleth- idp/credentials/ certificate.federation.belnet.be.pem

Shibboleth IdP Configuration 41Workshop Belnet R&E Federation Set log-level to DEBUG – Replace INFO, ERROR, WARN by DEBUG vim $IDP_HOME/conf/logging.xml

User Authentication 42Workshop Belnet R&E Federation Define what user authentication mechanism will be used – Define username and password mechanism in IDP_HOME/conf/handler.xml – Take out of comment and put in comment Login Handler “RemoteUser” <ph:LoginHandler xsi:type="ph:UsernamePassword" jaasConfigurationLocation="file:///opt/shibboleth-idp/conf/login.config"> urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

User Authentication 43Workshop Belnet R&E Federation Report correct authentication method with SSO – Add reportPreviousSessionAuthnMethod=“true” – Report previous session authentication method whenever SSO is used <!-- Removal of this login handler will disable SSO support, that is it will require the user to authenticate on every request. --> urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession

User Authentication 44Workshop Belnet R&E Federation Define JAAS LDAP authentication – Configure JAAS in IDP_HOME/conf/login.config – Edit the LDAP section and remove comments – See Shibboleth wiki edu.vt.middleware.ldap.jaas.LdapLoginModule required ldapUrl="ldap://ldap.ws.belnet.be:389" baseDn="dc=belnet,dc=be" bindDn="cn=idp,dc=belnet,dc=be" bindCredential="workshop" ssl="false" userFilter="uid={0}" subtreeSearch="true"; vim $IDP_HOME/conf/login.config

Attribute Resolving 45Workshop Belnet R&E Federation Define how IdP will search for user attributes – Configure LDAP access in “Data Connector” section of IDP_HOME/conf/attribute-resolver.xml <resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc" ldapURL="ldap://ldap.ws.belnet.be" baseDN="dc=belnet,dc=be" principal="cn=idp,dc=belnet,dc=be" searchScope="SUBTREE" principalCredential="workshop"> <![CDATA[ (uid=$requestContext.principalName) ]]> cp /home/student/workshop/attribute-resolver.xml $IDP_HOME/conf/

Basic Attributes Configuration 46Workshop Belnet R&E Federation Mapping of SAML attributes to LDAP attributes – Configure in “Attribute Definitions” section of IDP_HOME/conf/attribute-resolver.xml – Warning! The Belnet R&E Federation requires the eduPerson schema extension: – Platform specific instructions: Platform specific instructions:

Basic Attribute Filter Policy Configuration 47Workshop Belnet R&E Federation Release all known attributes to all SP (1/2) – Add content to IDP_HOME/conf/attribute-filter.xml

Basic Attribute Filter Policy Configuration 48Workshop Belnet R&E Federation Release all known attributes to all SP (2/2)

Test IdP Attributes 49Workshop Belnet R&E Federation Test Resolver Test Resolver & Filter cd $IDP_HOME/bin./aacli.sh –configDir $IDP_HOME/conf/ --principal cd $IDP_HOME/bin./aacli.sh –configDir $IDP_HOME/conf/ --principal –requester ‘

Registration IdP metadata 50Workshop Belnet R&E Federation Get your IdP metadata: – Surf to Belnet R&E Federation management – – Login with username student & password workshop – Submit the IdP metadata – Wait till Admin has accepted & reloaded metadata Restart tomcat * Stopping Tomcat servlet engine tomcat6[OK] * Starting Tomcat servlet engine tomcat6[OK] /etc/init.d/tomcat6 restart

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.