...
Code Block |
---|
language | text |
---|
theme | RDark |
---|
title | Listing 1. Extract the zip file |
---|
|
cd /d "C:\Program Files\Ubisecure"unzip httpheaderap-X.X.XXXX.zip |
As a result, the following directory structure is created:
Code Block |
---|
language | text |
---|
theme | RDark |
---|
title | Listing 2. Directory structure |
---|
|
httpheaderap
├───ldap
├───logs
└───webapp
└───WEB-INF
├───classes
├───lib
└───uap
└───metadata |
...
Create a SAML identity provider configuration by running the following script containing base URL. Please note that the java command must be found in PATH to run this script.
Code Block |
---|
language | text | theme | RDark |
---|
title | Listing 3. Create SAML configuration |
---|
|
cd /d "C:\Program Files\Ubisecure\httpheaderap"
java -jar webapp\WEB-INF\lib\ubisaml2.jar Generate https://example.com/httpheaderap -o webapp\WEB-INF\uap -y -disable SingleLogoutService |
...
By default, the log files are generated to the following directory.
Code Block |
---|
language | text | theme | RDark |
---|
title | Listing 4. Default location of log files in Windows installation |
---|
|
c:\Program Files\Ubisecure\httpheaderap\logs |
In Unix installations, the log directory must be configured manually by modifying the log configuration file in the following location.
Code Block |
---|
language | text |
---|
theme | RDark |
---|
title | Listing 5. Location of the log configuration |
---|
|
httpheader/webapp/WEB-INF/uap/log4j.properties |
In Unix installations, the recommended location of the log files is the following directory.
Code Block |
---|
language | text |
---|
theme | RDark |
---|
title | Listing 6. Recommended location of log files in Unix installation |
---|
|
/usr/local/httpheaderap/logs |
...
The http header set by 3rd party Identity Provider are set to context parameters in web.xml.
Code Block |
---|
language | text | theme | RDark |
---|
title | Listing 7. Location of the web.xml |
---|
|
httpheader/webapp/WEB-INF/web.xml |
...
Additional attributes that will be sent with authentication if present are set to context parameter com.ubisecure.saml2.uap.httpheaderap.attributes in a comma separated list. The name of the attribute sent to UAS is the same as the name of the header. This list is a white list, meaning that no other attributes are sent than those present in this list and if header is not present, it is not sent.
Code Block |
---|
language | text | theme | RDark |
---|
title | Listing 8. Example configuration using header sm_user for subject name and a list of other headers that are sent as attributes. |
---|
|
<context-param>
<param-name>com.ubisecure.saml2.uap.httpheaderap.subject</param-name>
<param-value>sm_user</param-value>
</context-param>
<context-param>
<param-name>com.ubisecure.saml2.uap.httpheaderap.attributes</param-name>
<param-value>sm_realm,sm_universalid,sm_authtype,sm_userdn</param-value>
</context-param> |
...
Export the SAML identity provider metadata by running the following script.
Code Block |
---|
language | text |
---|
theme | RDark |
---|
title | Listing 9. Creating SAML metadata file |
---|
|
cd /d "C:\Program Files\Ubisecure\httpheaderap"
java -jar webapp\WEB-INF\lib\ubisaml2.jar Metadata webapp\WEB-INF\uap -idp -f metadata.xml -y |
...
The authentication method is added to the Ubisecure Directory by importing LDAP LDIF script files. Replace the dn and cn attributes with the name of the authentication method instance and use the following scripts to import the LDIF to Ubisecure Directory.
Code Block |
---|
language | text | theme | RDark |
---|
title | Listing 10. Windows |
---|
|
cd /d "C:\Program Files\Ubisecure\httpheaderap"
c:\ubisecure\ldap\adam\import.cmd ldap\httpheaderap.ldif |
Code Block |
---|
language | text | theme | RDark |
---|
title | Listing 11. Linux |
---|
|
cd /usr/local/httpheaderap
sh /usr/local/ubisecure/ldap/openldap/import.sh ldap/httpheaderap.ldif |
Code Block |
---|
language | text |
---|
theme | RDark |
---|
title | Listing 12. Sample contents of httpheaderap.ldif |
---|
|
#
# HTTP Header Authentication Provider
#
dn: cn=httpheaderap.ubilogin.1,cn=Server,ou=System,cn=Ubilogin,dc=localhost
changetype: add
cn: httpheaderap.ubilogin.1
objectClass: top
objectClass: ubiloginAuthMethod
ubiloginAuthMethodType: SAML
ubiloginClassname: ubilogin.method.provider.saml2.AssertionConsumerMethod
ubiloginEnabled: FALSE
ubiloginTitle: httpheaderap.ubilogin.1 |
...
Use the context parameter from Listing 13 in the HTTP Header Authentication Provider web.xml file and redeploy HTTP Header Authentication Provider to use the test page.
Code Block |
---|
language | text | theme | RDark |
---|
title | Listing 13. Enable test page in httpheaderap/webapp/WEB-INF/web.xml |
---|
|
<context-param>
<param-name>com.ubisecure.saml2.uap.testpage</param-name>
<param-value>true</param-value>
</context-param> |
...