Dashboard > Project: People Picker > ... > idp-pp > quick-install

View Attachments (1) Info

quick-install

These instructions will get you up and running as a searchable idp in short order.

In these instructions we take you through these two tasks:

  • add the people picker web service to your idp
  • set your idp to respond to this new component when it asks for information.

Installing People Picker web service.

You need a tomcat server with axis2 version 1.2 running. To install axis2 on tomcat, just drop this .war file (after you unzip it) into your webapps directory and restart tomcat. More information about installing and using axis can be found at http://ws.apache.org/axis2/

Then you need to add

PeoplePicker.aar

To deploy your axis services (by dropping it in ../tomcat/webapps/axis2/WEB-INF/services/ and restarting tomcat).

Restart tomcat and you should see PeoplePicker in your list of services (although it will not be functional until we have done the full configuration).

However, this web service can't work since the idp has no knowledge of its existence and won't release information to it.

Connecting PeoplePicker and idp

  1. Insert the following section to tomcat/webapps/axis2/WEB-INF/web.xml before <display-name> section: 
    <context-param>
        <param-name>IdPConfigFile</param-name>
        <param-value>file:///usr/local/shibboleth-idp/etc/idp.xml</param-value>
    </context-param>
    <context-param>
        <param-name>principalAttribute</param-name>
        <param-value>urn:mace:dir:attribute-def:eduPersonPrincipalName</param-value>
    </context-param>
    <context-param>
        <param-name>converterClass</param-name>
        <param-value>au.edu.mq.melcoe.mams.peoplepicker.util.LDAPTermConverter</param-value>
    </context-param>
    <context-param>
        <param-name>searchId</param-name>
        <param-value>search</param-value>
    </context-param>
    <context-param> 
        <param-name>resultLimit</param-name>
        <param-value>4</param-value>
    </context-param>

    <context-param>
        <param-name>InitialAttributes</param-name>
        <param-value>urn:mace:dir:attribute-def:displayName,urn:mace:dir:attribute-def:mail</param-value>
    </context-param>
  2. Create a folder called conf in tomcat/webapps/axis2/WEB-INF/classes
  3. Put crosswalkconfig.properties into tomcat/webapps/axis2/WEB-INF/classes/conf
  4. Make sure /usr/local/shibboleth-idp/etc/idp.xml uses MAMSFileSystemArp (as instructed by ShARPE installation), i.e. it has this following section (at least this minimal config): 
    <ReleasePolicyEngine>
      <ArpRepository implementation="au.edu.mq.melcoe.mams.sharpe.shib.aa.arp.provider.MAMSFileSystemArpRepository">
         <Path>file:/usr/local/shibboleth-idp/etc/arps/</Path>
      </ArpRepository>
   </ReleasePolicyEngine>
  5. Make sure /usr/local/shibboleth-idp/etc/mams-core-crosswalk folder exists. if it doesn't exists, make sure to do this:
    • make folder mams-core-crosswalk in /usr/local/shibboleth-idp/etc
    • copy crosswalk.properties into mams-core-crosswalk
    • make a folder called mapper in /usr/local/shibboleth-idp/etc/mams-core-crosswalk
  6. Go to /usr/local/shibboleth-idp/etc/arps and edit arp.site.xml and add the following entry: 
    <Rule>
       <Description>hook for people picker</Description>
       <Target>
            <Requester>urn:mace:federation.org.au:testfed:pp.mams.org.au</Requester>
            <AnyResource/>
        </Target>
        <Attribute name="search">
            <AnyValue release="permit"/>
        </Attribute>
    </Rule>
  7. Add the following in /usr/local/shibboleth-idp/etc/resolver.ldap.xml (or whatever resolver mentioned in idp.xml) 
    <!-- this is for IdP WS -->
   <SimpleAttributeDefinition id="search" sourceName="uid">
        <DataConnectorDependency requires="searchdirectory"/>
   </SimpleAttributeDefinition>
   <JNDIDirectoryDataConnector id="searchdirectory" mergeMultipleResults="true">
        <Search filter="(&amp;(uid=*)(%PRINCIPAL%))">
            <Controls returningObjects="false" searchScope="SUBTREE_SCOPE"/>
        </Search>
        <Property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
        <Property name="java.naming.provider.url" value="ldap://XXXXXXXXXXXXXXXXXXXXX"/>
        <Property name="java.naming.security.principal" value="XXXXXXXXXXXXXXXXXXXXX"/>
        <Property name="java.naming.security.credentials" value="XXXXXXXXXXXXXXXXXXXXXX"/>
    </JNDIDirectoryDataConnector>

    Make sure the XXXXXXXXXXXXXXXXXXXXXX being replaced with your current active connector entries (just copy whatever entry that you currently use).

  8. Make sure port 8080 (or whatever port used in server) is open.
  9. Restart tomcat

Enable People Picker security

This is now a mandatory step, you can find instructions here

Now you should have an idp that can be searched be federated people picker services.

Testing your idp-pp

  1. Use TCPMON (it is in the scripts folder of the repository) to connect and send queries by hand.
  2. If you don't get what you expect, there are two particularly useful logs in .../tomcat/temp. idp-pp.log gives you an overall look at what happened and idp-pp.IdPConnector.log can be consulted if the other log tells you that initialising idp connector is where things when wrong.


Browse Space
- Pages
- Labels
- Attachments
- Mail
- News
- Advanced

Explore Confluence
- Popular Labels
- Notation Guide

Your Account
Log In

 

Other Features

View a printable version of the current page.

Add Content

Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.4.3 Build:#705 Mar 21, 2007)
Bug/feature request - Contact Administrators