Versions Compared

Old Version 6

changes.mady.by.user Davide Vaghetti

Saved on

compared with

New Version Current

changes.mady.by.user Maja Górecka-Wolniewicz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. First, download the directory structure and the necessary files for this distribution. Download the file: EduGAIN-Metadata-Processing.zip

  2. Unarchive the distribution:

    unzip eduGAIN-Metadata-Processing.zip
  3. Change the working directory:
    cd eduGAIN-Metadata-Processing
  4. Download latest version of the Shibboleth Metadata Aggregator Command Line Interface:
    wget http://shibboleth.net/downloads/metadata-aggregator/latest/aggregator-cli-0.9.2-bin.zip
    wget http://shibboleth.net/downloads/metadata-aggregator/latest/aggregator-cli-0.9.2-bin.zip.asc
  5. Verify fingerprint of the downloaded ZIP file:
    gpg aggregator-cli-0.9.2-bin.zip.asc
    The resulting output should be that the signature was created by “Ian A. Young <ian@iay.org.uk>” with key D7079C77.
  6. Unarchive the downloaded file
    unzip aggregator-cli-0.9.2-bin.zip
  7. Create a symlink
    ln -s aggregator-cli-0.9.2 aggregator-cli
    In order to verify eduGAIN metadata, it is necessary to provide the eduGAIN signing certificate to the Metadata Aggregator.
  8. Check the signature of the eduGAIN signer certificate:
    openssl x509 -fingerprint -in pki/eduGAIN-signer-ca.pem
    The SHA1 Fingerprint should be 8B5A:81D7:7A3F:0C8A:F3C1:F80C:3574:2F56:8541:9177:9F45:1145:37EB:1492:3F76:981F:913D:8C0D:F8E6:347C
  9. Adapt the main configuration in conf/mda.properties
    This file allows a very simple configuration of the eduGAIN Metadata Processing tool by setting a few properties. These properties then are used in the conf/mda.xml file that is a standard Spring context. More advanced configuration can be done directly in the file mda.xml. In the mda.properties file the parameters BasePath, EntitiesDescriptor, RegistrationAuthorityFilter, SigningKey and SigningCert should be set at minimum.

...

  1. Follow the instructions provided by pyFF Documentation to install pyFF software.
  2. Create the needed directories:
    cd /opt/pyff ; mkdir output ; mkdir certs ; mkdir scripts
  3. Create the certificate and the key needed to sign the output metadata:
    - Generate Metadata Signer Key: openssl genrsa -out /opt/pyff/certs/sign.key 2048
    - Generate Metadata Signer Certificate: openssl req -key /opt/pyff/certs/sign.key -new -x509 -days 3650 -out /opt/pyff/certs/sign.crt
  4. Download and Check the eduGAIN Signer certificate:
    wget https://technical.edugain.org/mds-v2.cer -O /opt/pyff/certs/eduGAIN-signer-ca.pem
  5. Check the signature of the eduGAIN signer certificate:
    openssl x509 -fingerprint -in /opt/pyff/certs/eduGAIN-signer-ca.pem
    The SHA1 Fingerprint should be 8B5A:81D7:7A3F:0C8A:F3C1:F80C:3574:2F56:8541:9177:9F45:1145:37EB:1492:3F76:981F:913D:8C0D:F8E6:347C
  6. Create the interfederation configuration file(/opt/pyff/interfederation.fd) by adapting this content to your needs:

...