Changes between Version 1 and Version 2 of ItunesuSpSetup


Ignore:
Timestamp:
11/15/11 12:21:59 (13 years ago)
Author:
jpmitchell@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • ItunesuSpSetup

    v1 v2  
    1 == [[https://iam.alaska.edu/shib|Shibboleth]] / Setup iTunesU Transfer Script SP == 
     1== [[/|Shibboleth]] / Setup iTunesU Transfer Script SP == 
    22 
    3 This page documents the setup of the iTunesU transfer script and associated integration components. 
     3This page documents the setup of the iTunesU transfer script and associated integration components. The integration consists of a perl script and a logical SP that is running on the same OS instance as the CAS/SHIB implementation. 
    44 
     51. Configure Apache 
     6{{{ 
     7[sxjpm@alligator ~]$ vi /etc/httpd/conf.d/ssl.conf 
     8<VirtualHost _default_:443> 
     9ServerName casshib.alaska.edu:443 
     10... 
     11    # iTunesU Integration Pieces 
     12    Alias /itunesu /var/www/html/itunesu 
     13    <Directory /var/www/html/itunesu> 
     14        DirectoryIndex index.pl 
     15        Options +ExecCGI 
     16        AddHandler cgi-script .pl 
     17    </Directory> 
     18    <Location /itunesu> 
     19        AuthType shibboleth 
     20        ShibRequestSetting requireSession 1 
     21        ShibRequestSetting applicationId itunesu 
     22        require valid-user 
     23    </Location> 
     24</VirtualHost> 
     25}}} 
     26 
     272. Configure Shibboleth Logical SP 
     28{{{ 
     29[sxjpm@alligator ~]$ vi /etc/shibboleth/shibboleth2.xml 
     30... 
     31        <!-- iTunesU Integration Stuff --> 
     32        <ApplicationOverride id="itunesu" entityID="https://casshib.alaska.edu/itunesu"> 
     33            <Sessions lifetime="28800" timeout="3600" 
     34                checkAddress="false" handlerURL="/itunesu/Shibboleth.sso" /> 
     35        </ApplicationOverride> 
     36... 
     37}}} 
     38 
     393. Generate Shibboleth Logical SP Metadata [[br]] Note that the md:AssertionConsumerService tags need to have their URLs tweaked before submitting the metadata to the IdP. The values 'itunesu/' must be inserted before the 'Shibboleth.sso' value. 
     40{{{ 
     41[sxjpm@alligator ~]$ cd /etc/shibboleth/ 
     42[sxjpm@alligator shibboleth]$ ./metagen.sh -h casshib.alaska.edu -e https://casshib.alaska.edu/itunesu 
     43<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://casshib.alaska.edu/itunesu"> 
     44  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol"> 
     45    <md:Extensions> 
     46      <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://casshib.alaska.edu/Shibboleth.sso/DS" index="1"/> 
     47    </md:Extensions> 
     48    <md:KeyDescriptor> 
     49      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
     50        <ds:X509Data> 
     51          <ds:X509Certificate> 
     52MIIC+jCCAeKgAwIBAgIJAJCjNskusfKlMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNV 
     53BAMTEWFtYXpvbi5hbGFza2EuZWR1MB4XDTEwMTAyMDIzMTYzOVoXDTIwMTAxNzIz 
     54MTYzOVowHDEaMBgGA1UEAxMRYW1hem9uLmFsYXNrYS5lZHUwggEiMA0GCSqGSIb3 
     55DQEBAQUAA4IBDwAwggEKAoIBAQDYNn6n8nATxM6TCF/4B0SBqfxMZ0U5S21XpGV1 
     56KjDpFvJzbYKKiZqFFS/utprcPnBTRtxklrCZTQ9TzAkqcyKy7yu10UjU3LE90nD5 
     57ap7XLL/ubvbzNZt7ExWq0MmUP+RoIxw0OarCd3l73+0gQjrbbOFoHDsKnVP/ecqm 
     58ihwq5y+0wYKaWJ0a8X66iqXDlxWncpA2fheSvCpJuQ0SFNP1UM+xB+rVqoV6Rsiq 
     59LBPPfNTxKw2Wo6LdzegLWr6IYEsekz8vUEtlPFu5O4WCNCoxkuD1LZVOckGyf8Cl 
     60FN3F584npoh9qYut2nof/FXlcyt8y/FQy3IveIUaHxOZ5IfDAgMBAAGjPzA9MBwG 
     61A1UdEQQVMBOCEWFtYXpvbi5hbGFza2EuZWR1MB0GA1UdDgQWBBR1r8eS+S/LgBlN 
     62/1M5ABOrjaySTDANBgkqhkiG9w0BAQUFAAOCAQEAv2P882jFULso1XAM1nJDX3YF 
     63DW1oQGPNEdDh44x5QWWnBRCR9/BEajtjRGFwP4IjEt4by4YXbLT3EoSvdR6eviAF 
     64vfVZA95Gm8ar/PMoJo9vWwd2pRHNC+h9E/bYblRV6tGVkfrDd4OjjsugvQfUAbu+ 
     65Gg0oyojg+QoZ9Ig7H++PEpQkfNIetFFautM4MGFD098pa03n+p5cUpczC32MT9D+ 
     66vvXYnBAlD0XqEos0m0oJbe3chCBkgP72tMl7/P5ty76QiXwLwWI/J1wwZxbiyRMV 
     67BAgIj3qYzIkpe0BFLXjRp9u489Ixq2eoxWVnFnW1EJq5ygjvqP7KGcXNQYExJQ== 
     68          </ds:X509Certificate> 
     69        </ds:X509Data> 
     70      </ds:KeyInfo> 
     71    </md:KeyDescriptor> 
     72    <!-- 
     73    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://casshib.alaska.edu/Shibboleth.sso/SLO/SOAP"/> 
     74    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://casshib.alaska.edu/Shibboleth.sso/SLO/Redirect"/> 
     75    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://casshib.alaska.edu/Shibboleth.sso/SLO/POST"/> 
     76    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://casshib.alaska.edu/Shibboleth.sso/SLO/Artifact"/> 
     77    <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://casshib.alaska.edu/Shibboleth.sso/NIM/SOAP"/> 
     78    <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://casshib.alaska.edu/Shibboleth.sso/NIM/Redirect"/> 
     79    <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://casshib.alaska.edu/Shibboleth.sso/NIM/POST"/> 
     80    <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://casshib.alaska.edu/Shibboleth.sso/NIM/Artifact"/> 
     81    --> 
     82    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://casshib.alaska.edu/Shibboleth.sso/SAML2/POST" index="1"/> 
     83    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://casshib.alaska.edu/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/> 
     84    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://casshib.alaska.edu/Shibboleth.sso/SAML2/Artifact" index="3"/> 
     85    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://casshib.alaska.edu/Shibboleth.sso/SAML2/ECP" index="4"/> 
     86    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://casshib.alaska.edu/Shibboleth.sso/SAML/POST" index="5"/> 
     87    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://casshib.alaska.edu/Shibboleth.sso/SAML/Artifact" index="6"/> 
     88  </md:SPSSODescriptor> 
     89</md:EntityDescriptor> 
     90}}} 
     91 
     924. Submit the modified metadata to the IdP [[br]] Refer to the https://iam.alaska.edu/shib/wiki/SetupSpRelyParty article for more info. 
     93 
     945. Request the eduPersonPrincipalName and eduPersonEntitlement attributes and configured the Shibboleth Logical SP attribute map.[[br]] See the https://iam.alaska.edu/shib/wiki/SetupSpAttrRelease wiki article for more information on releasing attributes. 
     95{{{ 
     96[sxjpm@alligator shibboleth]$ vi /etc/shibboleth/attribute-map.xml 
     97... 
     98    <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName" id="shibattr-eppn"> 
     99    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="shibattr-eppn"> 
     100        <AttributeDecoder xsi:type="ScopedAttributeDecoder"/> 
     101    </Attribute> 
     102... 
     103    <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement" id="entitlement"/> 
     104    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" id="entitlement"/> 
     105... 
     106}}} 
     107 
     1086. Setup the Apple iTunesU transfer script[[br]] The iTunesU base transfer script can be downloaded from Apple here: http://images.apple.com/support/itunes_u/docs/iTunes_U_Code_Samples.zip The support center can provide the correct values for the $siteURL, $debugSuffix, and $sharedSecret values. The $ENV values come from the attribute mapping in the Shibboleth Logical SP. 
     109{{{ 
     110[sxjpm@alligator shibboleth]$ cp ~/CodeSamples/Perl/ITunesU.pl /var/www/html/itunesu/index.pl 
     111[sxjpm@alligator shibboleth]$ vi /var/www/html/itunesu/index.pl 
     112... 
     113    # Define your site's information. Replace these 
     114    # values with ones appropriate for your site. 
     115    my $siteURL = "http://deimos3.apple.com/WebObjects/Core.woa/Browse/alaska.edu"; 
     116    my $debugSuffix = "/sun245"; 
     117    my $sharedSecret = "V8J3LE8YK8V55Y3LCWEPFG9FXXHCP3SM";  
     118... 
     119    # additional credentials and the iTunes U access they provide. 
     120    my $displayName = $ENV{shibattr_eppn}; 
     121    my $emailAddress = $ENV{shibattr_eppn}; 
     122    my $username = $ENV{shibattr_eppn}; 
     123    my $userIdentifier = $ENV{shibattr_eppn};  
     124... 
     125    # turn the array of credentials into a semicolon delimited string 
     126    my $credentials = $ENV{entitlement}; 
     127... 
     128}}}