Difference between revisions of "Spider"
Jrobertson (talk | contribs) |
Jrobertson (talk | contribs) |
||
Line 40: | Line 40: | ||
</ISAPI> </InProcess> | </ISAPI> </InProcess> | ||
+ | |||
+ | </code> | ||
+ | |||
+ | === Update RequestMapper === | ||
+ | |||
+ | The RequestMapper tells IIS which Paths for a certain host need to use Shibboleth for authentication. We are going to use “user” for ours so any user going to host/user will need to be logged in if not they will be taken to the login page. If you wanted to add /admin to this, you can just copy and paste the user line and replace user with admin. | ||
+ | |||
+ | <code> | ||
+ | <RequestMapper type="Native"> | ||
+ | |||
+ | <RequestMap> | ||
+ | |||
+ | <Host name="spider.saintaug.nsw.edu.au" authType="shibboleth" requireSession="true"> | ||
+ | <Path name="CustomStAug" authType="none" requireSession="false" /> | ||
+ | <Path name="Images" authType="none" requireSession="false" /> | ||
+ | <Path name="images" authType="none" requireSession="false" /> | ||
+ | <Path name="fonts" authType="none" requireSession="false" /> | ||
+ | <Path name="ScriptResource.axd" authType="none" requireSession="false" /> | ||
+ | <Path name="WebResource.axd" authType="none" requireSession="false" /> | ||
+ | |||
+ | </Host> </RequestMap> </RequestMapper> | ||
</code> | </code> |
Revision as of 02:30, 16 January 2020
Contents
Shibboleth Installation & Configuration
Download the latest version of Shibboleth from: https://shibboleth.net/downloads/service-provider/latest/ and install it using the default options. All files will be found under [C:\opt\shibboleth-sp\etc\shibboleth]
Open shibboleth2.xml with a text editor
IIS Configuration (Shibboleth)
If you have not already done so install IIS onto either the PaperCut Application Server or a different server. If you install IIS onto the PaperCut Application Server make sure you have not configured PaperCut MF to use port 80 or 443 and make sure you don’t tell IIS to use any of the standard PaperCut ports (9191, 9192, 9193).
You will need to make sure that you have ISAPI Extensions and ISAPI Filters installed on IIS which can both be found under Add Server Roles > Web Server (IIS) > Web Server > App Development
Cloudwork Configuration
Download the metadata from here enter the FQDN for your IIS Server followed by /Shibboleth.sso/Metadata (For iis.domain.vm the URL would be iis.domain.vm/Shibboleth.sso/Metadata) and then upload the XML file
Edit InProcess so we use the correct IIS site
We need to change the site name. This will be the Fully Qualified Domain Name (FQDN) that your users connect to.
<InProcess logger="native.logger">
<ISAPI normalizeRequest="true" safeHeaderNames="true">
<Site id="1" name="iis.domain.vm" scheme="https" port="443"/>
</ISAPI>
</InProcess>
NOTE: If you are running Shibboleth V3 then an additional entry needs to be put into the code above. V3 requires the command useHeaders="true". Therefore, if you are implementing a Shibboleth V3 configuration, please use the code below instead, which has the useHeaders=“true” command added.
<InProcess logger="native.logger">
<ISAPI normalizeRequest="true" safeHeaderNames="true">
<Site id="1" name="iis.domain.vm" scheme="https" port="443" useHeaders="true" />
</ISAPI> </InProcess>
Update RequestMapper
The RequestMapper tells IIS which Paths for a certain host need to use Shibboleth for authentication. We are going to use “user” for ours so any user going to host/user will need to be logged in if not they will be taken to the login page. If you wanted to add /admin to this, you can just copy and paste the user line and replace user with admin.
<RequestMapper type="Native">
<RequestMap>
<Host name="spider.saintaug.nsw.edu.au" authType="shibboleth" requireSession="true">
<Path name="CustomStAug" authType="none" requireSession="false" />
<Path name="Images" authType="none" requireSession="false" />
<Path name="images" authType="none" requireSession="false" />
<Path name="fonts" authType="none" requireSession="false" />
<Path name="ScriptResource.axd" authType="none" requireSession="false" />
<Path name="WebResource.axd" authType="none" requireSession="false" />
</Host> </RequestMap> </RequestMapper>