PDF Export
 

Sp Shibboleth su Windows

https://www.switch.ch/aai/docs/shibboleth/SWITCH/2.3/sp/deployment/windows-iis.html

http://www.shibboleth.net/downloads/service-provider/latest/win32/shibboleth-sp-2.4.3-win32.msi

To configure an internal time server to synchronize with an external time source, follow these steps: http://support.microsoft.com/kb/816042

  1. Change the server type to NTP. To do this, follow these steps:
    1. Click Start, click Run, type regedit, and then click OK.
    2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
    3. In the right pane, right-click Type, and then click Modify.
    4. In Edit Value, type NTP in the Value data box, and then click OK.
  2. Set AnnounceFlags to 5. To do this, follow these steps:
    1. Locate and then click the following registry subkey:
    2. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
    3. In the right pane, right-click AnnounceFlags, and then click Modify.
    4. In Edit DWORD Value, type 5 in the Value data box, and then click OK.
  3. Enable NTPServer. To do this, follow these steps:
    1. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
    2. In the right pane, right-click Enabled, and then click Modify.
    3. In Edit DWORD Value, type 1 in the Value data box, and then click OK.
  4. Specify the time sources. To do this, follow these steps:
    1. Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
    2. In the right pane, right-click NtpServer, and then click Modify.
    3. In Edit Value, type Peers in the Value data box, and then click OK.
  5. net stop w32time && net start w32time

certificati

  • Aprire IIS.MSC %SYSTEMROOT%\System32\inetsrv\iis.msc
  • creare nuovo certificato

abilitare https

  • tasto destro sul site che volete proteggere con certificato
  • Edit Binding
  • Aggiungi https

ISAPI extension e Filter

After rebooting, IIS should be configured for basic support (if you asked it to do so and you installed the IIS 6 compatibility services mentioned above). If you have problems, need to manually configure it, or want to verify what happened, the IIS steps are as follows: Add the filter using the IIS Manager console. At either the top-level or individual Site level, select the “ISAPI Filters” feature; then, add a new filter called Shibboleth and specify the lib\shibboleth\isapi_shib.dll library. Map the .sso file extension to the ISAPI library so that virtual URLs can be specified to invoke the extension handler for each web site. This is done under “Handler Mappings” using the “Add Script Map…” action. The Executable box should point to isapi_shib.dll, and the “Extension” can be set to anything unlikely to conflict, but .sso is assumed (and the dot must be included). Add the Shibboleth ISAPI Extension to the list of permitted extensions in the list of allowed extensions. This is under “ISAPI and CGI Restrictions” at the top level. Restart IIS. At this point, I don't know enough of IIS7 to know how to diagnose filter load problems, but the filter does log startup and shutdown events in the Windows event log.

gestione-server/idemsso/sp/spshibwin.txt · Ultima modifica: 2011/11/16 12:37 (13 anni fa) da ascagnetto
 
Ad eccezione da dove è diversamente indicato, il contenuto di questo wiki è soggetto alla seguente licenza: CC Attribution-Noncommercial-Share Alike 4.0 International
© 2016 Università degli Studi di Trieste - Webmaster - Dove Siamo - Privacy - Accessibilità
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki