http://federacion.riu.edu.ar/index.php?action=history&feed=atom&title=Mellon_como_SP 2026-04-27T09:52:26Z Historial de revisiones de esta página en la wiki MediaWiki 1.39.3 http://federacion.riu.edu.ar/index.php?title=Mellon_como_SP&diff=8&oldid=prev 2023-06-28T18:11:42Z

<p>Página creada con «= Service Provider = == Instalación == Instalación de mellon apt-get updatte apt-get install libapache2-mod-auth-mellon === Configuración === Habilito el modulo y configuro apache a2enmod mellon Editamos Apache &lt;Location /&gt; MellonEnable &quot;auth&quot; MellonUser &quot;uid&quot; MellonCond &quot;accessTo&quot; &quot;test.riu.edu.ar&quot; MellonSPPrivateKeyFile /etc/apache2/mellon-stats/https_test.riu.edu.ar.key MellonSPCertFile /etc/…»</p> <p><b>Página nueva</b></p><div>= Service Provider =<br /> <br /> == Instalación ==<br /> Instalación de mellon<br /> apt-get updatte<br /> apt-get install libapache2-mod-auth-mellon<br /> <br /> === Configuración ===<br /> Habilito el modulo y configuro apache<br /> a2enmod mellon<br /> Editamos Apache<br /> &lt;Location /&gt;<br /> MellonEnable &quot;auth&quot;<br /> MellonUser &quot;uid&quot;<br /> MellonCond &quot;accessTo&quot; &quot;test.riu.edu.ar&quot;<br /> MellonSPPrivateKeyFile /etc/apache2/mellon-stats/https_test.riu.edu.ar.key<br /> MellonSPCertFile /etc/apache2/mellon-stats/https_test.riu.edu.ar.cert<br /> MellonSPMetadataFile /etc/apache2/mellon-stats/https_test.riu.edu.ar.xml<br /> MellonIdPMetadataFile /etc/apache2/mellon-stats/idp-metadata.xml<br /> MellonEndpointPath /mellon<br /> &lt;/Location&gt;<br /> Creamos el script mellon_create_metadata.sh que nos servira para crear los metadatos de nuestro SP<br /> #!/usr/bin/env bash<br /> set -e<br /> <br /> PROG=&quot;$(basename &quot;$0&quot;)&quot;<br /> <br /> printUsage() {<br /> echo &quot;Usage: $PROG ENTITY-ID ENDPOINT-URL&quot;<br /> echo &quot;&quot;<br /> echo &quot;Example:&quot;<br /> echo &quot; $PROG &lt;nowiki&gt;urn:someservice&lt;/nowiki&gt; &lt;nowiki&gt;https://sp.example.org/mellon&lt;/nowiki&gt;&quot;<br /> echo &quot;&quot;<br /> }<br /> <br /> if [ &quot;$#&quot; -lt 2 ]; then<br /> printUsage<br /> exit 1<br /> fi<br /> <br /> ENTITYID=&quot;$1&quot;<br /> if [ -z &quot;$ENTITYID&quot; ]; then<br /> echo &quot;$PROG: An entity ID is required.&quot; &gt;&amp;2<br /> exit 1<br /> fi<br /> <br /> BASEURL=&quot;$2&quot;<br /> if [ -z &quot;$BASEURL&quot; ]; then<br /> echo &quot;$PROG: The URL to the MellonEndpointPath is required.&quot; &gt;&amp;2<br /> exit 1<br /> fi<br /> <br /> if ! echo &quot;$BASEURL&quot; | grep -q &#039;^https\?://&#039;; then<br /> echo &quot;$PROG: The URL must start with \&quot;http://\&quot; or \&quot;https://\&quot;.&quot; &gt;&amp;2<br /> exit 1<br /> fi<br /> <br /> HOST=&quot;$(echo &quot;$BASEURL&quot; | sed &#039;s#^[a-z]*://\([^:/]*\).*#\1#&#039;)&quot;<br /> BASEURL=&quot;$(echo &quot;$BASEURL&quot; | sed &#039;s#/$##&#039;)&quot;<br /> <br /> OUTFILE=&quot;$(echo &quot;$ENTITYID&quot; | sed &#039;s/[^0-9A-Za-z.]/_/g&#039; | sed &#039;s/__*/_/g&#039;)&quot;<br /> echo &quot;Output files:&quot;<br /> echo &quot;Private key: $OUTFILE.key&quot;<br /> echo &quot;Certificate: $OUTFILE.cert&quot;<br /> echo &quot;Metadata: $OUTFILE.xml&quot;<br /> echo &quot;Host: $HOST&quot;<br /> echo<br /> echo &quot;Endpoints:&quot;<br /> echo &quot;SingleLogoutService: $BASEURL/logout&quot;<br /> echo &quot;AssertionConsumerService: $BASEURL/postResponse&quot;<br /> echo<br /> <br /> # No files should not be readable by the rest of the world.<br /> umask 0077<br /> <br /> TEMPLATEFILE=&quot;$(mktemp -t mellon_create_sp.XXXXXXXXXX)&quot;<br /> <br /> cat &gt;&quot;$TEMPLATEFILE&quot; &lt;&lt;EOF<br /> RANDFILE = /dev/urandom<br /> [req]<br /> default_bits = 2048<br /> default_keyfile = privkey.pem<br /> distinguished_name = req_distinguished_name<br /> prompt = no<br /> policy = policy_anything<br /> [req_distinguished_name]<br /> commonName = $HOST<br /> EOF<br /> <br /> openssl req -utf8 -batch -config &quot;$TEMPLATEFILE&quot; -new -x509 -days 3652 -nodes -out &quot;$OUTFILE.cert&quot; -keyout &quot;$OUTFILE.key&quot; 2&gt;/dev/null<br /> <br /> rm -f &quot;$TEMPLATEFILE&quot;<br /> <br /> CERT=&quot;$(grep -v &#039;^-----&#039; &quot;$OUTFILE.cert&quot;)&quot;<br /> <br /> cat &gt;&quot;$OUTFILE.xml&quot; &lt;&lt;EOF<br /> &lt;EntityDescriptor entityID=&quot;$ENTITYID&quot; xmlns=&quot;&lt;nowiki&gt;urn:oasis:names:tc:SAML:2.0:metadata&lt;/nowiki&gt;&quot; xmlns:ds=&quot;&lt;nowiki&gt;http://www.w3.org/2000/09/xmldsig#&lt;/nowiki&gt;&quot;&gt;<br /> &lt;SPSSODescriptor protocolSupportEnumeration=&quot;&lt;nowiki&gt;urn:oasis:names:tc:SAML:2.0:protocol&lt;/nowiki&gt;&quot;&gt;<br /> &lt;KeyDescriptor use=&quot;signing&quot;&gt;<br /> &lt;ds:KeyInfo xmlns:ds=&quot;&lt;nowiki&gt;http://www.w3.org/2000/09/xmldsig#&lt;/nowiki&gt;&quot;&gt;<br /> &lt;ds:X509Data&gt;<br /> &lt;ds:X509Certificate&gt;$CERT&lt;/ds:X509Certificate&gt;<br /> &lt;/ds:X509Data&gt;<br /> &lt;/ds:KeyInfo&gt;<br /> &lt;/KeyDescriptor&gt;<br /> &lt;SingleLogoutService Binding=&quot;&lt;nowiki&gt;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect&lt;/nowiki&gt;&quot; Location=&quot;$BASEURL/logout&quot;/&gt;<br /> &lt;AssertionConsumerService Binding=&quot;&lt;nowiki&gt;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&lt;/nowiki&gt;&quot; Location=&quot;$BASEURL/postResponse&quot; index=&quot;0&quot;/&gt;<br /> &lt;/SPSSODescriptor&gt;<br /> &lt;/EntityDescriptor&gt;<br /> EOF<br /> <br /> umask 0777<br /> chmod go+r &quot;$OUTFILE.xml&quot;<br /> chmod go+r &quot;$OUTFILE.cert&quot;<br /> Creo los metadatos:<br /> /opt/mellon_create_metadata.sh &lt;nowiki&gt;https://test.riu.edu.ar&lt;/nowiki&gt; &lt;nowiki&gt;https://test.riu.edu.ar/mellon&lt;/nowiki&gt;<br /> El archivo idp-metadata.xml contiene los datos sacados desde idp.riu.edu.ar</div>

Mzigaran