{"id":23468,"date":"2021-03-25T15:35:49","date_gmt":"2021-03-25T19:35:49","guid":{"rendered":"https:\/\/canarie.machinedev.ca\/?post_type=document&#038;p=23468"},"modified":"2021-03-25T15:35:50","modified_gmt":"2021-03-25T19:35:50","slug":"fca-parametres-de-configuration-de-base-de-sp-de-shibboleth","status":"publish","type":"document","link":"https:\/\/www.canarie.ca\/fr\/document\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\/","title":{"rendered":"FCA &#8211; Param\u00e8tres de configuration de base de SP de Shibboleth"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Configuration du service SP de Shibboleth pour le chargement des m\u00e9tadonn\u00e9es<\/h2>\n\n\n\n<p>Le service SP de Shibboleth pour les plateformes Unix et Windows peut \u00eatre t\u00e9l\u00e9charg\u00e9 du site de Shibboleth. Les instructions qui suivent ne concernent que la configuration de base.<\/p>\n\n\n\n<p>Nous pr\u00e9conisons la lecture des documents que voici pour en apprendre davantage sur les fournisseurs de services&nbsp;:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/wiki.shibboleth.net\/confluence\/display\/SHIB2\/NativeSPGettingStarted\" target=\"_blank\" rel=\"noreferrer noopener\">Installation<\/a><\/li><li><a href=\"https:\/\/wiki.shibboleth.net\/confluence\/display\/SHIB2\/NativeSPMetadataProvider\" target=\"_blank\" rel=\"noreferrer noopener\">Configuration des m\u00e9tadonn\u00e9es<\/a><\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Ajout des agr\u00e9gats de production FIM au service SP de Shibboleth<\/h2>\n\n\n\n<p>Pour que votre service SP accepte les agr\u00e9gats de production FIM apr\u00e8s installation, modifiez le fichier \/etc\/shibboleth\/shibboleth2.xml en y ajoutant les deux blocs MetadataProvider que voici, le premier pour les agr\u00e9gats de production canadiens et le second pour les agr\u00e9gats de production inter-f\u00e9d\u00e9ration :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;MetadataProvider type=\"XML\" uri=\"https:\/\/caf-shib2ops.ca\/CoreServices\/caf_metadata_signed_sha256.xml\" backingFilePath=\"CAF-metadata.xml\" reloadInterval=\"3600\"&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \n             &lt;MetadataFilter type=\"Signature\" certificate=\"md_signer.crt\"\/&gt;\n&lt;\/MetadataProvider&gt;\n\n&lt;MetadataProvider type=\"XML\" uri=\"https:\/\/caf-shib2ops.ca\/CoreServices\/caf_interfed_signed.xml\" backingFilePath=\"caf_interfed_metadata.xml\" reloadInterval=\"3600\"&gt;\n\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;MetadataFilter type=\"Signature\"&nbsp; certificate=\"md_signer.crt\"\/&gt;\n\n&lt;\/MetadataProvider&gt;<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Ajout de l\u2019agr\u00e9gat d\u2019essai FIM au service SP de Shibboleth<\/h2>\n\n\n\n<p>Pour que votre service SP accepte les agr\u00e9gats d\u2019essai FIM, modifiez le fichier \/etc\/shibboleth\/shibboleth2.xml file en y ajoutant le bloc MetadataProvider que voici :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;MetadataProvider type=\"XML\" uri=\"http:\/\/caf-shib2ops.ca\/CoreServices\/testbed\/caf_test_fed_unsigned.xml\"<\/code><\/pre>\n\n\n\n<p>Remarquez que, dans ce cas, il n\u2019y a pas v\u00e9rification de la signature.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Configuration du SP de Shibboleth pour qu\u2019il utilise le service de d\u00e9couverte central FIM<\/h2>\n\n\n\n<p>On peut configurer le service SP de Shibboleth de diverses mani\u00e8res pour qu\u2019il aide l\u2019utilisateur \u00e0 se connecter au service. C\u2019est ce qu\u2019on appelle le \u00ab&nbsp;service de d\u00e9couverte&nbsp;\u00bb (Discovery Service), que l\u2019on configure \u00e0 la partie \u00ab&nbsp;Session&nbsp;\u00bb de la configuration de Shibboleth, dans \/etc\/shibboleth\/Shibboleth2.xml.<\/p>\n\n\n\n<p>On trouvera les documents de r\u00e9f\u00e9rence sur ce sujet \u00e0 la partie \u00ab&nbsp;SSO&nbsp;\u00bb, \u00e0 l\u2019adresse&nbsp;:<\/p>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/wiki.shibboleth.net\/confluence\/display\/SHIB2\/NativeSPSessions\n<\/div><\/figure>\n\n\n\n<p>Par d\u00e9faut, on recommande que le syst\u00e8me GFI (FIM) utilise le service de d\u00e9couverte central FIM h\u00e9berg\u00e9 par CANARIE, auquel tous les sites ont acc\u00e8s.<\/p>\n\n\n\n<p>La section pertinente de \/etc\/shibboleth\/shibboleth2.xml ressemble \u00e0 ceci&nbsp;:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;&lt;!--&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Configures SSO for a default IdP. To allow for &gt;1 IdP, remove\n\n &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; entityID property and adjust discoveryURL to point to discovery service.\n\n&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; (Set discoveryProtocol to \"WAYF\" for legacy Shibboleth WAYF support.)\n\n&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; You can also override entityID on \/Login query string, or in RequestMap\/htaccess.\n\n&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --&gt;\n\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<strong>&lt;SSO entityID=\"https:\/\/idp.example.org\/idp\/shibboleth\"<\/strong>\n\n<strong>&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; &nbsp; &nbsp; discoveryProtocol=\"SAMLDS\" discoveryURL=\"<\/strong> <strong>https:\/\/caf-shib2ops.ca\/DS\/CAF.ds\"&gt;<\/strong>\n<strong>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; SAML2 SAML1<\/strong>\n\n<strong>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;\/SSO&gt;<\/strong><\/code><\/pre>\n\n\n\n<p>Pour que les utilisateurs qui se connectent \u00e0 votre service soient imm\u00e9diatement dirig\u00e9s vers un SP sp\u00e9cifique, modifiez le champ entityID en utilisant l\u2019IdP de votre choix.<\/p>\n\n\n\n<p>Pour un service de d\u00e9couverte local int\u00e9gr\u00e9 ou un autre service de d\u00e9couverte central, modifiez discoveryURL en cons\u00e9quence. discoveryProtocol devrait rester \u00ab&nbsp;SAMLDS&nbsp;\u00bb.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Le discoveryURL de production de la FCA est&nbsp;:&nbsp;<a href=\"https:\/\/caf-shib2ops.ca\/DS\/CAF.ds\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/caf-shib2ops.ca\/DS\/CAF.ds<\/a><\/li><li>Le discoveryURL d\u2019essai de la FCA est&nbsp;:&nbsp;<a href=\"https:\/\/ds.caftest.canarie.ca\/discovery\/WAYF\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/ds.caftest.canarie.ca\/discovery\/WAYF<\/a><\/li><\/ul>\n\n\n\n<p>Lecture recommand\u00e9e pour en savoir plus sur les services de d\u00e9couverte int\u00e9gr\u00e9s&nbsp;:&nbsp;<a href=\"https:\/\/wiki.shibboleth.net\/confluence\/display\/EDS10\/Embedded+Discovery+Service\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/wiki.shibboleth.net\/confluence\/display\/EDS10\/Embedded+Discovery+Service<\/a><\/p>\n","protected":false},"featured_media":20431,"parent":0,"template":"","program":[137],"document_type":[229,195],"class_list":["post-23468","document","type-document","status-publish","has-post-thumbnail","hentry","program-fca","document_type-configuration-gfi","document_type-soutien-technique"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>FCA - Param\u00e8tres de configuration de base de SP de Shibboleth - CANARIE<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.canarie.ca\/fr\/document\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FCA - Param\u00e8tres de configuration de base de SP de Shibboleth - CANARIE\" \/>\n<meta property=\"og:description\" content=\"Configuration du service SP de Shibboleth pour le chargement des m\u00e9tadonn\u00e9es Le service SP de Shibboleth pour les plateformes Unix [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.canarie.ca\/fr\/document\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\/\" \/>\n<meta property=\"og:site_name\" content=\"CANARIE\" \/>\n<meta property=\"article:modified_time\" content=\"2021-03-25T19:35:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.canarie.ca\/wp-content\/uploads\/2018\/02\/news_FIM.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"405\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/document\\\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\\\/\",\"url\":\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/document\\\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\\\/\",\"name\":\"FCA - Param\u00e8tres de configuration de base de SP de Shibboleth - CANARIE\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.canarie.ca\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/document\\\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/document\\\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.canarie.ca\\\/wp-content\\\/uploads\\\/2018\\\/02\\\/news_FIM.png\",\"datePublished\":\"2021-03-25T19:35:49+00:00\",\"dateModified\":\"2021-03-25T19:35:50+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/document\\\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/document\\\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/document\\\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.canarie.ca\\\/wp-content\\\/uploads\\\/2018\\\/02\\\/news_FIM.png\",\"contentUrl\":\"https:\\\/\\\/www.canarie.ca\\\/wp-content\\\/uploads\\\/2018\\\/02\\\/news_FIM.png\",\"width\":800,\"height\":405,\"caption\":\"caf fim\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/document\\\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"FCA &#8211; Param\u00e8tres de configuration de base de SP de Shibboleth\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.canarie.ca\\\/#website\",\"url\":\"https:\\\/\\\/www.canarie.ca\\\/\",\"name\":\"CANARIE\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.canarie.ca\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FCA - Param\u00e8tres de configuration de base de SP de Shibboleth - CANARIE","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.canarie.ca\/fr\/document\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\/","og_locale":"fr_FR","og_type":"article","og_title":"FCA - Param\u00e8tres de configuration de base de SP de Shibboleth - CANARIE","og_description":"Configuration du service SP de Shibboleth pour le chargement des m\u00e9tadonn\u00e9es Le service SP de Shibboleth pour les plateformes Unix [&hellip;]","og_url":"https:\/\/www.canarie.ca\/fr\/document\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\/","og_site_name":"CANARIE","article_modified_time":"2021-03-25T19:35:50+00:00","og_image":[{"width":800,"height":405,"url":"https:\/\/www.canarie.ca\/wp-content\/uploads\/2018\/02\/news_FIM.png","type":"image\/png"}],"twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.canarie.ca\/fr\/document\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\/","url":"https:\/\/www.canarie.ca\/fr\/document\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\/","name":"FCA - Param\u00e8tres de configuration de base de SP de Shibboleth - CANARIE","isPartOf":{"@id":"https:\/\/www.canarie.ca\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.canarie.ca\/fr\/document\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\/#primaryimage"},"image":{"@id":"https:\/\/www.canarie.ca\/fr\/document\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\/#primaryimage"},"thumbnailUrl":"https:\/\/www.canarie.ca\/wp-content\/uploads\/2018\/02\/news_FIM.png","datePublished":"2021-03-25T19:35:49+00:00","dateModified":"2021-03-25T19:35:50+00:00","breadcrumb":{"@id":"https:\/\/www.canarie.ca\/fr\/document\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.canarie.ca\/fr\/document\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.canarie.ca\/fr\/document\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\/#primaryimage","url":"https:\/\/www.canarie.ca\/wp-content\/uploads\/2018\/02\/news_FIM.png","contentUrl":"https:\/\/www.canarie.ca\/wp-content\/uploads\/2018\/02\/news_FIM.png","width":800,"height":405,"caption":"caf fim"},{"@type":"BreadcrumbList","@id":"https:\/\/www.canarie.ca\/fr\/document\/fca-parametres-de-configuration-de-base-de-sp-de-shibboleth\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.canarie.ca\/fr\/"},{"@type":"ListItem","position":2,"name":"FCA &#8211; Param\u00e8tres de configuration de base de SP de Shibboleth"}]},{"@type":"WebSite","@id":"https:\/\/www.canarie.ca\/#website","url":"https:\/\/www.canarie.ca\/","name":"CANARIE","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.canarie.ca\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"}]}},"_links":{"self":[{"href":"https:\/\/www.canarie.ca\/fr\/wp-json\/wp\/v2\/document\/23468","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.canarie.ca\/fr\/wp-json\/wp\/v2\/document"}],"about":[{"href":"https:\/\/www.canarie.ca\/fr\/wp-json\/wp\/v2\/types\/document"}],"version-history":[{"count":0,"href":"https:\/\/www.canarie.ca\/fr\/wp-json\/wp\/v2\/document\/23468\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.canarie.ca\/fr\/wp-json\/wp\/v2\/media\/20431"}],"wp:attachment":[{"href":"https:\/\/www.canarie.ca\/fr\/wp-json\/wp\/v2\/media?parent=23468"}],"wp:term":[{"taxonomy":"program","embeddable":true,"href":"https:\/\/www.canarie.ca\/fr\/wp-json\/wp\/v2\/program?post=23468"},{"taxonomy":"document_type","embeddable":true,"href":"https:\/\/www.canarie.ca\/fr\/wp-json\/wp\/v2\/document_type?post=23468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}