Documentazione Area Sistemi Informativi

Strumenti Utente

Strumenti Sito

Ti trovi qui: start » guide_pubbliche » howto » identity » sp_windows_iis
guide_pubbliche:howto:identity:sp_windows_iis

Differenze

Queste sono le differenze tra la revisione selezionata e la versione attuale della pagina.

Link a questa pagina di confronto

Entrambe le parti precedenti la revisioneRevisione precedente
Prossima revisione		Revisione precedente
guide_pubbliche:howto:identity:sp_windows_iis [2022/02/17 12:13] – [Scaricare il proprio Metadata da inviare a UNIPR] riccardo.cappone@unipr.itguide_pubbliche:howto:identity:sp_windows_iis [2022/02/18 06:31] (versione attuale) – [Riavvio del service provider e di IIS] riccardo.cappone@unipr.it
Linea 166: Linea 166:
 E' possibile scaricare una versione del Metadata relativo al proprio SP direttamente dal link del proprio server su cui avete installato il service provider shibboleth: E' possibile scaricare una versione del Metadata relativo al proprio SP direttamente dal link del proprio server su cui avete installato il service provider shibboleth:
  
 +<code>
 https://<fqdn_server_shibboleth_SP>/Shibboleth.sso/Metadata https://<fqdn_server_shibboleth_SP>/Shibboleth.sso/Metadata
 +</code>
  
-Esempio di Metadata generato:+==== Raccogliere gli attributi rilasciati dall'IdP dalle variabili server via IIS ==== 
 + 
 +Esempio di pagina ASP per raccogliere gli attributi rilasciati dell'IdP in variabili server:
  
 <code> <code>
-<!-- +<%@ language="javascript"%> 
-This is example metadata only. Do *NOT* supply it as is without review, +<!DOCTYPE html> 
-and do *NOT* provide it in real time to your partners. +<html> 
- --+<body
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadataID="_ead11ca66483ec6b1d726d99486e48af73d37f6a" entityID="https://app-infocad-dev2016.unipr.it/shibboleth">+<
 +Response.Write("<h1>Variabili Server</h1>")
  
-  <md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"> 
-    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> 
-    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> 
-    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> 
-    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> 
-    <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> 
-    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> 
-    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> 
-    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> 
-    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> 
-    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> 
-    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> 
-    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> 
-    <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> 
-    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> 
-    <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
-    <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> 
-  </md:Extensions> 
  
-  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"+Response.Write("Cognome: "+ Request.ServerVariables["sn"]) 
-    <md:Extensions> +Response.Write("<br>"); 
-      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/Login"/> +Response.Write("Nome: "Request.ServerVariables["givenName"]) 
-    </md:Extensions> +Response.Write("<br>"); 
-    <md:KeyDescriptor use="signing"> +Response.Write("CF: "+ Request.ServerVariables["codicefiscale"]) 
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"+Response.Write("<br>"); 
-        <ds:KeyName>app-infocad-dev2016.unipr.it</ds:KeyName+Response.Write("Email: "+ Request.ServerVariables["mail"]) 
-        <ds:KeyName>https://app-infocad-dev2016.unipr.it/shibboleth</ds:KeyName> +Response.Write("<br>"); 
-        <ds:X509Data> +Response.Write("OU: "+ Request.ServerVariables["organizationalUnit"])
-          <ds:X509SubjectName>CN=app-infocad-dev2016.unipr.it</ds:X509SubjectName> +
-          <ds:X509Certificate>MIIEVzCCAr+gAwIBAgIUdAlLy/PFQKS2nz24qba2jJl7zDQwDQYJKoZIhvcNAQEL +
-BQAwJzElMCMGA1UEAxMcYXBwLWluZm9jYWQtZGV2MjAxNi51bmlwci5pdDAeFw0y +
-MjAyMTcwODU5MzdaFw0yMzAyMTcwODU5MzdaMCcxJTAjBgNVBAMTHGFwcC1pbmZv +
-Y2FkLWRldjIwMTYudW5pcHIuaXQwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGK +
-AoIBgQC56e/5MdgstUlAxAYKZusASX3k5lWwUe4ChMHnbSJI4SwO3sYi4vT7ip7B +
-hYkUALbvSWJz+ALa5vrQh7kcc5rryeryrtyetytyAlxQyp/FrUJAL7FDaBylFiI9 +
-rt7SF2istpwIClwyh/jGiNwhRH2QY/YbPz4S/3oNJI0PGb9WcfjIZQk/INRe40EJ +
-VlZcEE7PGOGiYqaMuKb+ON03dKWJkPfe3INBA19P8s+tCLdMzoyY03LwFoCRAZ2y +
-Ah7OVBWZT9o97Bd1r++Shv4u1YSYNOKaQNjq6FmBC52C7p6c0ynEUIsEAXrtxQCF +
-RIfHmGnMICBLkzhH0++ZyYqcf8v5auMY2s/O9PgrXBVj5hTTAT8a+ofRcBdRWEnz +
-bqG4yjGDV7PsstZb7WSJqYICNlYnQ+zVPgHUC37onp+JW/vhBbK/5TATPnkJDl+x +
-pFT33DsCAwEAAaN7MHkwWAYDVR0RBFEwT4IcYXBwLWluZm9jYWQtZGV2MjAxNi51 +
-bmlwci5pdIYvaHR0cHM6Ly9hcHAtaW5mb2NhZC1kZXYyMDE2LnVuaXByLml0L3No +
-aWJib2xldGgwHQYDVR0OBBYEFJPioiVDyRcwWRKvGmDep5JSBZxVMA0GCSqGSIb3 +
-DQEBCwUAA4IBgQCvOPZqy45+vf1IYDP7i7Yl+WXq6EyY7PTum7rdmHqzALaEjcKZ +
-zBjrnj1V4D/CKnU4Q27GC7+ugenk6SLmOsUV5RAlNf0eZ5eX+Vh2e7jgBKXgzoMj +
-wICOJk5eMXH3MfIPCh63QDh+zLU4iIJhqQw/9xdzinlqh3y7h/mrh/i4k+mGD77Z +
-pJAKWNxcEdaj99LRUTgkwFP9Prtyr4y465rOXVC502UVBzc8XwH4XtWtWaFRPqQU +
-NP7Wvy2XHxcKwGQbYPJfRBf4pmgoJe5NGIUlWnT1pL+1rE4hbo2iwz2w8dAPCjAv +
-79w4K1+VL8bDLqzhQCXr6LFTS8AEc+QOSWAuidCIKfR0VQcIL8GfK65gu2gdhJ66 +
-RKB6dAMIgj56Da7pGk2Z3tKsuDfOqeOtmK4fE+xMo3RyOU7bWm7wEyM0Y95s9B7N +
-26V6oUNYusWZC0UH0UYN1wh6oXShfYwD4291vIgjN3Om3UMe92WFeeEKd4JyxGt7 +
-GialwGVCPjQpvZs= +
-</ds:X509Certificate> +
-        </ds:X509Data> +
-      </ds:KeyInfo> +
-    </md:KeyDescriptor> +
-    <md:KeyDescriptor use="encryption"> +
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> +
-        <ds:KeyName>app-infocad-dev2016.unipr.it</ds:KeyName> +
-        <ds:KeyName>https://app-infocad-dev2016.unipr.it/shibboleth</ds:KeyName> +
-        <ds:X509Data> +
-          <ds:X509SubjectName>CN=app-infocad-dev2016.unipr.it</ds:X509SubjectName> +
-          <ds:X509Certificate>MIIEVzCCAr+gAwIBAgIUGP+/MVob2czUBSHCg7per+pOnJMwDQYJKoZIhvcNAQEL +
-BQAwJzElMCMGA1UEAxMcYXBwLWluZm9jYWQtZGV2MjAxNi51bmlwci5pdDAeFw0y +
-MjAyMTcwODU5NTFaFw0yMzAyMTcwODU5NTFaMCcxJTAjBgNVBAMTHGFwcC1pbmZv +
-Y2FkLWRldjIwMTYudW5pcHIuaXQwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGK +
-AoIBgQDMusBGKj4LGUwdhurF7dFPwVKknEzYp9xTouWfIOkLynPnUOwbeouQgk1G +
-imaDK74Op3mE9TgZyDB4sSV0ynXkPLelNOr5DDWtG9WQBZvJJQ7DQ7yq7ogymMPs +
-LAKACVGmusNpBmn0BSVpT56MPKrXfpyG7L7HrgI6TzQ+FohFsFH0t+kGjAtxPZkf +
-99ORyodFPNLZrthrththtrhy2KabqcfgE5rbpsss8arH0WdlRv+s4tWGhp+mK2pH +
-Ebz99Pkq3tWcSPXDZB/RGtWBrTnnZksZc4MGJMeAf691sCA/kzoDZNiuGrnKa27H +
-CpxruR+c9+58XAfWuKaBkg0/IQC+yIMCR3Q7W9ICx7g4w7KksGPYPmxHIAMmIgPC +
-V4/ZSluIPOkdSdzFyaUqzRuWMk/BhxSeBvfN/APubSjzVMpMo+dn5Vqp6oynEQkd +
-77UsI1hzPURhlVX6ir5kqyDMB5fK2iO5PjSmf0E2sRXlrvat/2YkwRV7KnD7PaZG +
-X21vV/MCAwEAAaN7MHkwWAYDVR0RBFEwT4IcYXBwLWluZm9jYWQtZGV2MjAxNi51 +
-bmlwci5pdtygrewtghrthcHAtaW5mb2NhZC1kZXYyMDE2LnVuaXByLml0L3No343 +
-aWJib2xldGgwHQYDVR0OBBYEFDiTah7AYoXJMT6e49+eTzwJaOT/MA0GCSqGSIb3 +
-DQEBCwUAA4IBgQB5isu/8YU9e1vKBntbE8Zyy6nmXqxfqKJ8c6isVsqnsJNP/teM +
-W/51Huz5B8XyE2bxZpiVua4Fh5pXCqh1xzV04TTGy8YZL83VgZN5ZFhAGEVzpWo9 +
-3MupMhl1BRC8aBNmvxg36iq7rVopISGLeY8PwF+/2k6jZUU6BCpjwvIqbH18uMZZ +
-8Fe3D1siu8D/dBeWVjx258kwHcsBERpwl8l1DPl/9xFgAOCe95CYakrHSHjO8M+3 +
-uYwewymWEKG9eGozrHyA7YbL4VeEnUJBWxEf7H+al5cvfh5ZB4XzJc5OM3R5jWc9 +
-kubznp/9sCNkGjEzO3BSXFquD+HF8ZMg7VVBiLcfwgNi6VndSufpSnkckyp2OZkA +
-WTRBLCT+EvKQw+IuOB8+EeTYPezkVY0j8u8xIla6GxdmmY4E21eiDK/4AvxofKob +
-wY8SmNEiNNQ/U1VOfAU1mfeENLAVWaFvUBJ7wsgXcwygOcCF9bmRyGmZQwJPeKU8 +
-KIqyoFclQ8sAXWU= +
-</ds:X509Certificate> +
-        </ds:X509Data> +
-      </ds:KeyInfo> +
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> +
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> +
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> +
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> +
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> +
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> +
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> +
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/> +
-      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> +
-    </md:KeyDescriptor> +
-    <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/Artifact/SOAP" index="1"/> +
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAPLocation="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/SLO/SOAP"/> +
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-RedirectLocation="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/SLO/Redirect"/> +
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POSTLocation="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/SLO/POST"/> +
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/SLO/Artifact"/> +
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/SAML2/POST" index="1"/> +
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSignLocation="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/SAML2/POST-SimpleSignindex="2"/> +
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-ArtifactLocation="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/SAML2/Artifact" index="3"/> +
-    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://app-infocad-dev2016.unipr.it/Shibboleth.sso/SAML2/ECP" index="4"/> +
-  </md:SPSSODescriptor>+
  
-</md:EntityDescriptor>+%> 
 +</body> 
 +</html>
 </code> </code>
  
 +Alcune versioni o combinazioni di versioni di sistema operativo e shibboleth service provider potrebbero rilasciare i valori degli attributi duplicati, pertanto la soluzione per recuperare valori singoli degli attributi è la seguente:
 +
 +<code>
 +<%@ language="javascript"%>
 +<!DOCTYPE html>
 +<html>
 +<body>
 +<%
 +Response.Write("<h1>Variabili Server</h1>")
 +
 +
 +Response.Write("Cognome: "+ Request.ServerVariables["sn"].split(';')[0])
 +Response.Write("<br>");
 +Response.Write("Nome: "+ Request.ServerVariables["givenName"].split(';')[0])
 +Response.Write("<br>");
 +Response.Write("CF: "+ Request.ServerVariables["codicefiscale"].split(';')[0])
 +Response.Write("<br>");
 +Response.Write("Email: "+ Request.ServerVariables["mail"].split(';')[0])
 +Response.Write("<br>");
 +Response.Write("OU: "+ Request.ServerVariables["organizationalUnit"].split(';')[0])
 +
 +%>
 +</body>
 +</html>
 +</code>
 +
 +==== Riavvio del service provider e di IIS ====
 +
 +Al termine delle operazioni di configurazione riavviare il demone di Shibboleth service provider e del web server IIS
 +
 +  * Riavvio di Shibboleth SP
 +
 +{{:guide_pubbliche:howto:identity:006.png?600|}}
 +
 +  * Riavvio di IIS
  
 +{{:guide_pubbliche:howto:identity:007.png?600|}}
guide_pubbliche/howto/identity/sp_windows_iis.1645099990.txt.gz · Ultima modifica: da riccardo.cappone@unipr.it
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki