Differenze

Queste sono le differenze tra la revisione selezionata e la versione attuale della pagina.

--- guide_pubbliche:howto:identity:sp_windows_iis [2022/02/17 12:11]
riccardo.cappone@unipr.it
+++ guide_pubbliche:howto:identity:sp_windows_iis [2022/02/18 06:31] (versione attuale)
riccardo.cappone@unipr.it [Riavvio del service provider e di IIS]
@@ Linea 164: / Linea 164: @@
 ==== Scaricare il proprio Metadata da inviare a UNIPR ====
-E' possibile scaricare una versione del Metadata relativo al proprio SP direttamente dal link:
+E' possibile scaricare una versione del Metadata relativo al proprio SP direttamente dal link del proprio server su cui avete installato il service provider shibboleth:
-https://app-infocad-dev2016.unipr.it/Shibboleth.sso/Metadata
+<code>
+https://<fqdn_server_shibboleth_SP>/Shibboleth.sso/Metadata
+</code>
-Esempio di Metadata generato:
+==== Raccogliere gli attributi rilasciati dall'IdP dalle variabili server via IIS ====
+Esempio di pagina ASP per raccogliere gli attributi rilasciati dell'IdP in variabili server:
 <code>
-<!--
+<%@ language="javascript"%>
-This is example metadata only. Do *NOT* supply it as is without review,
+<!DOCTYPE html>
-and do *NOT* provide it in real time to your partners.
+<html>
- -->
+<body>
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_ead11ca66483ec6b1d726d99486e48af73d37f6a" entityID="https://app-infocad-dev2016.unipr.it/shibboleth">
+<%
+Response.Write("<h1>Variabili Server</h1>")
-  <md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport">
-    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
-    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
-    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
-    <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/>
-    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/>
-    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
-    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/>
-    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
-    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
-    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
-    <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
-    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
-    <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-    <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
-  </md:Extensions>
-  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+Response.Write("Cognome: "+ Request.ServerVariables["sn"])
-    <md:Extensions>
+Response.Write("<br>");
-      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/Login"/>
+Response.Write("Nome: "+ Request.ServerVariables["givenName"])
-    </md:Extensions>
+Response.Write("<br>");
-    <md:KeyDescriptor use="signing">
+Response.Write("CF: "+ Request.ServerVariables["codicefiscale"])
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+Response.Write("<br>");
-        <ds:KeyName>app-infocad-dev2016.unipr.it</ds:KeyName>
+Response.Write("Email: "+ Request.ServerVariables["mail"])
-        <ds:KeyName>https://app-infocad-dev2016.unipr.it/shibboleth</ds:KeyName>
+Response.Write("<br>");
-        <ds:X509Data>
+Response.Write("OU: "+ Request.ServerVariables["organizationalUnit"])
-          <ds:X509SubjectName>CN=app-infocad-dev2016.unipr.it</ds:X509SubjectName>
-          <ds:X509Certificate>MIIEVzCCAr+gAwIBAgIUdAlLy/PFQKS2nz24qba2jJl7zDQwDQYJKoZIhvcNAQEL
-BQAwJzElMCMGA1UEAxMcYXBwLWluZm9jYWQtZGV2MjAxNi51bmlwci5pdDAeFw0y
-MjAyMTcwODU5MzdaFw0yMzAyMTcwODU5MzdaMCcxJTAjBgNVBAMTHGFwcC1pbmZv
-Y2FkLWRldjIwMTYudW5pcHIuaXQwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGK
-AoIBgQC56e/5MdgstUlAxAYKZusASX3k5lWwUe4ChMHnbSJI4SwO3sYi4vT7ip7B
-hYkUALbvSWJz+ALa5vrQh7kcc5rryeryrtyetytyAlxQyp/FrUJAL7FDaBylFiI9
-rt7SF2istpwIClwyh/jGiNwhRH2QY/YbPz4S/3oNJI0PGb9WcfjIZQk/INRe40EJ
-VlZcEE7PGOGiYqaMuKb+ON03dKWJkPfe3INBA19P8s+tCLdMzoyY03LwFoCRAZ2y
-Ah7OVBWZT9o97Bd1r++Shv4u1YSYNOKaQNjq6FmBC52C7p6c0ynEUIsEAXrtxQCF
-RIfHmGnMICBLkzhH0++ZyYqcf8v5auMY2s/O9PgrXBVj5hTTAT8a+ofRcBdRWEnz
-bqG4yjGDV7PsstZb7WSJqYICNlYnQ+zVPgHUC37onp+JW/vhBbK/5TATPnkJDl+x
-pFT33DsCAwEAAaN7MHkwWAYDVR0RBFEwT4IcYXBwLWluZm9jYWQtZGV2MjAxNi51
-bmlwci5pdIYvaHR0cHM6Ly9hcHAtaW5mb2NhZC1kZXYyMDE2LnVuaXByLml0L3No
-aWJib2xldGgwHQYDVR0OBBYEFJPioiVDyRcwWRKvGmDep5JSBZxVMA0GCSqGSIb3
-DQEBCwUAA4IBgQCvOPZqy45+vf1IYDP7i7Yl+WXq6EyY7PTum7rdmHqzALaEjcKZ
-zBjrnj1V4D/CKnU4Q27GC7+ugenk6SLmOsUV5RAlNf0eZ5eX+Vh2e7jgBKXgzoMj
-wICOJk5eMXH3MfIPCh63QDh+zLU4iIJhqQw/9xdzinlqh3y7h/mrh/i4k+mGD77Z
-pJAKWNxcEdaj99LRUTgkwFP9Prtyr4y465rOXVC502UVBzc8XwH4XtWtWaFRPqQU
-NP7Wvy2XHxcKwGQbYPJfRBf4pmgoJe5NGIUlWnT1pL+1rE4hbo2iwz2w8dAPCjAv
-w4K1+VL8bDLqzhQCXr6LFTS8AEc+QOSWAuidCIKfR0VQcIL8GfK65gu2gdhJ66
-RKB6dAMIgj56Da7pGk2Z3tKsuDfOqeOtmK4fE+xMo3RyOU7bWm7wEyM0Y95s9B7N
-V6oUNYusWZC0UH0UYN1wh6oXShfYwD4291vIgjN3Om3UMe92WFeeEKd4JyxGt7
-GialwGVCPjQpvZs=
-</ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </md:KeyDescriptor>
-    <md:KeyDescriptor use="encryption">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:KeyName>app-infocad-dev2016.unipr.it</ds:KeyName>
-        <ds:KeyName>https://app-infocad-dev2016.unipr.it/shibboleth</ds:KeyName>
-        <ds:X509Data>
-          <ds:X509SubjectName>CN=app-infocad-dev2016.unipr.it</ds:X509SubjectName>
-          <ds:X509Certificate>MIIEVzCCAr+gAwIBAgIUGP+/MVob2czUBSHCg7per+pOnJMwDQYJKoZIhvcNAQEL
-BQAwJzElMCMGA1UEAxMcYXBwLWluZm9jYWQtZGV2MjAxNi51bmlwci5pdDAeFw0y
-MjAyMTcwODU5NTFaFw0yMzAyMTcwODU5NTFaMCcxJTAjBgNVBAMTHGFwcC1pbmZv
-Y2FkLWRldjIwMTYudW5pcHIuaXQwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGK
-AoIBgQDMusBGKj4LGUwdhurF7dFPwVKknEzYp9xTouWfIOkLynPnUOwbeouQgk1G
-imaDK74Op3mE9TgZyDB4sSV0ynXkPLelNOr5DDWtG9WQBZvJJQ7DQ7yq7ogymMPs
-LAKACVGmusNpBmn0BSVpT56MPKrXfpyG7L7HrgI6TzQ+FohFsFH0t+kGjAtxPZkf
-ORyodFPNLZrthrththtrhy2KabqcfgE5rbpsss8arH0WdlRv+s4tWGhp+mK2pH
-Ebz99Pkq3tWcSPXDZB/RGtWBrTnnZksZc4MGJMeAf691sCA/kzoDZNiuGrnKa27H
-CpxruR+c9+58XAfWuKaBkg0/IQC+yIMCR3Q7W9ICx7g4w7KksGPYPmxHIAMmIgPC
-V4/ZSluIPOkdSdzFyaUqzRuWMk/BhxSeBvfN/APubSjzVMpMo+dn5Vqp6oynEQkd
-UsI1hzPURhlVX6ir5kqyDMB5fK2iO5PjSmf0E2sRXlrvat/2YkwRV7KnD7PaZG
-X21vV/MCAwEAAaN7MHkwWAYDVR0RBFEwT4IcYXBwLWluZm9jYWQtZGV2MjAxNi51
-bmlwci5pdtygrewtghrthcHAtaW5mb2NhZC1kZXYyMDE2LnVuaXByLml0L3No343
-aWJib2xldGgwHQYDVR0OBBYEFDiTah7AYoXJMT6e49+eTzwJaOT/MA0GCSqGSIb3
-DQEBCwUAA4IBgQB5isu/8YU9e1vKBntbE8Zyy6nmXqxfqKJ8c6isVsqnsJNP/teM
-W/51Huz5B8XyE2bxZpiVua4Fh5pXCqh1xzV04TTGy8YZL83VgZN5ZFhAGEVzpWo9
-MupMhl1BRC8aBNmvxg36iq7rVopISGLeY8PwF+/2k6jZUU6BCpjwvIqbH18uMZZ
-Fe3D1siu8D/dBeWVjx258kwHcsBERpwl8l1DPl/9xFgAOCe95CYakrHSHjO8M+3
-uYwewymWEKG9eGozrHyA7YbL4VeEnUJBWxEf7H+al5cvfh5ZB4XzJc5OM3R5jWc9
-kubznp/9sCNkGjEzO3BSXFquD+HF8ZMg7VVBiLcfwgNi6VndSufpSnkckyp2OZkA
-WTRBLCT+EvKQw+IuOB8+EeTYPezkVY0j8u8xIla6GxdmmY4E21eiDK/4AvxofKob
-wY8SmNEiNNQ/U1VOfAU1mfeENLAVWaFvUBJ7wsgXcwygOcCF9bmRyGmZQwJPeKU8
-KIqyoFclQ8sAXWU=
-</ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
-    </md:KeyDescriptor>
-    <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/Artifact/SOAP" index="1"/>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/SLO/SOAP"/>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/SLO/Redirect"/>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/SLO/POST"/>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/SLO/Artifact"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/SAML2/POST" index="1"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/SAML2/Artifact" index="3"/>
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/SAML2/ECP" index="4"/>
-  </md:SPSSODescriptor>
-</md:EntityDescriptor>
+%>
+</body>
+</html>
 </code>
+Alcune versioni o combinazioni di versioni di sistema operativo e shibboleth service provider potrebbero rilasciare i valori degli attributi duplicati, pertanto la soluzione per recuperare valori singoli degli attributi è la seguente:
+<code>
+<%@ language="javascript"%>
+<!DOCTYPE html>
+<html>
+<body>
+<%
+Response.Write("<h1>Variabili Server</h1>")
+Response.Write("Cognome: "+ Request.ServerVariables["sn"].split(';')[0])
+Response.Write("<br>");
+Response.Write("Nome: "+ Request.ServerVariables["givenName"].split(';')[0])
+Response.Write("<br>");
+Response.Write("CF: "+ Request.ServerVariables["codicefiscale"].split(';')[0])
+Response.Write("<br>");
+Response.Write("Email: "+ Request.ServerVariables["mail"].split(';')[0])
+Response.Write("<br>");
+Response.Write("OU: "+ Request.ServerVariables["organizationalUnit"].split(';')[0])
+%>
+</body>
+</html>
+</code>
+==== Riavvio del service provider e di IIS ====
+Al termine delle operazioni di configurazione riavviare il demone di Shibboleth service provider e del web server IIS
+  * Riavvio di Shibboleth SP
+{{:guide_pubbliche:howto:identity:006.png?600|}}
+  * Riavvio di IIS
+{{:guide_pubbliche:howto:identity:007.png?600|}}

Documentazione Area Sistemi Informativi

Strumenti Utente

Strumenti Sito

Differenze

Strumenti Pagina