blob: c75b3cf996b00d9a65a79d1272f7f2834551b19e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
|
Lasso Exemples
----------------------------------
SOFTWARE
This directory include a Liberty Alliance Service Provider (sample-sp)
and a Liverty Alliance Identity Provider (sample-idp) written in PHP
with the Lasso extension.
INSTALLATION
You need the fallowing components :
- The Apache Web Server with SSL support (http://www.apache.org)
- OpenSSL (http://www.openssl.org)
- PHP4 version 4.3 with OpenSSL support enabled (http://www.php.net)
- The Lasso Extension for PHP (http://lasso.entrouvert.org)
- A PostgreSQL database server (http://www.postgresql.org/)
- PHP Pear modules : DB, HTML_QuickForm, Log (http://pear.php.net)
Debian packages for the Lasso extension are available, they are included
in the current development version (sid) and packages for the current stable
version (sarge) are available in the entr'ouvert's apt repository:
deb http://www.entrouvert.org ./debian/lasso/
Add this line in your /etc/apt/sources.list and install the fallow packages :
apt-get install apache-ssl php4 php4-lasso php4-pgsql php4-pear postgresql
Pear packages can be installed with the pear command :
# pear install DB HTML_Common HTML_Form HTML_QuickForm Log
CONFIGURATION
PostgreSQL
Change user "postgres" password to access the database.
You can do this by executing in a shell :
# su - postgres
$ psql template1
template1=# ALTER USER postgres password 'new_pass';
ALTER USER
template1=# \q
Change your PostgreSQL server configuration to use passwords to
authenticate users writing in your /etc/postgresql/pg_hba.conf file:
local all all password
host all all 127.0.0.1 255.255.255.255 password
Then, restart the postmaster with /etc/init.d/postgresql restart.
# /etc/init.d/postgresql restart
Now you can create users idp and sp in postgres. Thoses users can create
database.
$ createuser -A -d -P idp
Enter password for new user:
Enter it again:
Password: <-- postgres's password used to access the database
CREATE USER
$ createuser -A -d -P sp
[ ... ]
Create databases for idp and sp.
$ createdb -U idp idp
Password: <-- idp's password
CREATE DATABASE
$ createdb -U sp sp
[ ... ]
Database setup is finished.
Copy example source code in /var/lib/www :
# cp -r sample-idp /var/www/idp
# cp -r sample-sp /var/www/sp
# chown -R www-data: /var/www/idp /var/www/sp
OpenSSL
To generate SSL certificat for the Identity Provider and the Service
Provider you need the openssl command line utility. You need to create
a certificate, a public and private key :
# cd /var/www/sp
# openssl req -out certificate_sp1.pem -keyout private-key-raw_sp1.pem -x509 -nodes -newkey rsa:2048
[ ... ]
Common Name (eg, YOUR name) []:sp1
[ ... ]
# openssl x509 -in certificate_sp1.pem -noout -pubkey > public-key_sp1.pem
# chown www-data: *.pem
# cd /var/www/idp
# openssl req -out certificate_idp1.pem -keyout private-key-raw_idp1.pem -x509 -nodes -newkey rsa:2048
[ ... ]
Common Name (eg, YOUR name) []:idp1
[ ... ]
# openssl x509 -in certificate_idp1.pem -noout -pubkey > public-key_idp1.pem
# chown www-data: *.pem
Then, copy the IdP's certificate and public key in the SP directory :
# cd /var/www
# cp -p idp/certificate_idp1.pem idp/public-key_idp1.pem sp/
Copy the SP's certificate and public key in the IdP directory :
# cd /var/www
# cp -p sp/certificate_sp1.pem sp/public-key_sp1.pem idp/
Enable PHP in Apache
Change you Apache's configuration file to load PHP as module in your
/etc/apache-ssl/modules.conf file :
LoadModule php4_module /usr/lib/apache/1.3/libphp4.so
Add Type Mime for PHP
In /etc/apache-ssl/httpd.conf write :
#
# And for PHP 4.x, use:
#
AddType application/x-httpd-php .php
PHP 4
Edit PHP 4 configuration file to enable the Lasso and Postgres extension
at the end of /etc/php4/apache/php.ini file :
extension=pgsql.so
extension=lasso.so
Configure Virtual Host in Apache
With a two virtual hosts setup, one for the IdP and another for the SP,
you can try Lasso on one physical machine.
At first we need to add two hosts in the /etc/hosts file :
127.0.0.2 idp1
127.0.0.3 sp1
In the Apache configuration file add two lines :
Listen idp1:1998
Listen sp1:2006
<VirtualHost 127.0.0.2:1998>
DocumentRoot /var/www/idp
ServerName idp1
SSLCertificateFile /var/www/idp/certificate_idp1.pem
SSLCertificateKeyFile /var/www/idp/private-key-raw_idp1.pem
</VirtualHost>
<VirtualHost 127.0.0.3:2006>
DocumentRoot /var/www/sp
ServerName sp1
SSLCertificateFile /var/www/sp/certificate_sp1.pem
SSLCertificateKeyFile /var/www/sp/private-key-raw_sp1.pem
</VirtualHost>
SETUP
Now launch your favorite web browser and go to :
https://idp1:1998/setup.php
or
https://sp1:2006/setup.php
|
