== [[/|Shibboleth]] / Setup iTunesU Transfer Script SP == This page documents the setup of the iTunesU transfer script and associated integration components. The integration consists of a perl script and a logical SP that is running on the same OS instance as the CAS/SHIB implementation. 1. Configure Apache {{{ [sxjpm@alligator ~]$ vi /etc/httpd/conf.d/ssl.conf ServerName casshib.alaska.edu:443 ... # iTunesU Integration Pieces Alias /itunesu /var/www/html/itunesu DirectoryIndex index.pl Options +ExecCGI AddHandler cgi-script .pl AuthType shibboleth ShibRequestSetting requireSession 1 ShibRequestSetting applicationId itunesu require valid-user }}} 2. Configure Shibboleth Logical SP {{{ [sxjpm@alligator ~]$ vi /etc/shibboleth/shibboleth2.xml ... ... }}} 3. Generate Shibboleth Logical SP Metadata [[br]] Note that the md:AssertionConsumerService tags need to have their URLs tweaked before submitting the metadata to the IdP. The values 'itunesu/' must be inserted before the 'Shibboleth.sso' value. {{{ [sxjpm@alligator ~]$ cd /etc/shibboleth/ [sxjpm@alligator shibboleth]$ ./metagen.sh -h casshib.alaska.edu -e https://casshib.alaska.edu/itunesu MIIC+jCCAeKgAwIBAgIJAJCjNskusfKlMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNV BAMTEWFtYXpvbi5hbGFza2EuZWR1MB4XDTEwMTAyMDIzMTYzOVoXDTIwMTAxNzIz MTYzOVowHDEaMBgGA1UEAxMRYW1hem9uLmFsYXNrYS5lZHUwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDYNn6n8nATxM6TCF/4B0SBqfxMZ0U5S21XpGV1 KjDpFvJzbYKKiZqFFS/utprcPnBTRtxklrCZTQ9TzAkqcyKy7yu10UjU3LE90nD5 ap7XLL/ubvbzNZt7ExWq0MmUP+RoIxw0OarCd3l73+0gQjrbbOFoHDsKnVP/ecqm ihwq5y+0wYKaWJ0a8X66iqXDlxWncpA2fheSvCpJuQ0SFNP1UM+xB+rVqoV6Rsiq LBPPfNTxKw2Wo6LdzegLWr6IYEsekz8vUEtlPFu5O4WCNCoxkuD1LZVOckGyf8Cl FN3F584npoh9qYut2nof/FXlcyt8y/FQy3IveIUaHxOZ5IfDAgMBAAGjPzA9MBwG A1UdEQQVMBOCEWFtYXpvbi5hbGFza2EuZWR1MB0GA1UdDgQWBBR1r8eS+S/LgBlN /1M5ABOrjaySTDANBgkqhkiG9w0BAQUFAAOCAQEAv2P882jFULso1XAM1nJDX3YF DW1oQGPNEdDh44x5QWWnBRCR9/BEajtjRGFwP4IjEt4by4YXbLT3EoSvdR6eviAF vfVZA95Gm8ar/PMoJo9vWwd2pRHNC+h9E/bYblRV6tGVkfrDd4OjjsugvQfUAbu+ Gg0oyojg+QoZ9Ig7H++PEpQkfNIetFFautM4MGFD098pa03n+p5cUpczC32MT9D+ vvXYnBAlD0XqEos0m0oJbe3chCBkgP72tMl7/P5ty76QiXwLwWI/J1wwZxbiyRMV BAgIj3qYzIkpe0BFLXjRp9u489Ixq2eoxWVnFnW1EJq5ygjvqP7KGcXNQYExJQ== }}} 4. Submit the modified metadata to the IdP [[br]] Refer to the https://iam.alaska.edu/shib/wiki/SetupSpRelyParty article for more info. 5. Request the eduPersonPrincipalName and eduPersonEntitlement attributes and configured the Shibboleth Logical SP attribute map.[[br]] See the https://iam.alaska.edu/shib/wiki/SetupSpAttrRelease wiki article for more information on releasing attributes. {{{ [sxjpm@alligator shibboleth]$ vi /etc/shibboleth/attribute-map.xml ... ... ... }}} 6. Setup the Apple iTunesU transfer script[[br]] The iTunesU base transfer script can be downloaded from Apple here: http://images.apple.com/support/itunes_u/docs/iTunes_U_Code_Samples.zip The support center can provide the correct values for the $siteURL, $debugSuffix, and $sharedSecret values. The $ENV values come from the attribute mapping in the Shibboleth Logical SP. {{{ [sxjpm@alligator shibboleth]$ cp ~/CodeSamples/Perl/ITunesU.pl /var/www/html/itunesu/index.pl [sxjpm@alligator shibboleth]$ vi /var/www/html/itunesu/index.pl ... # Define your site's information. Replace these # values with ones appropriate for your site. my $siteURL = "http://deimos3.apple.com/WebObjects/Core.woa/Browse/alaska.edu"; my $debugSuffix = "/sun245"; my $sharedSecret = "V8J3LE8YK8V55Y3LCWEPFG9FXXHCP3SM"; ... # additional credentials and the iTunes U access they provide. my $displayName = $ENV{shibattr_eppn}; my $emailAddress = $ENV{shibattr_eppn}; my $username = $ENV{shibattr_eppn}; my $userIdentifier = $ENV{shibattr_eppn}; ... # turn the array of credentials into a semicolon delimited string my $credentials = $ENV{entitlement}; ... }}}