public:services:lehrpool.nrw:dfn-aai

  • Shibboleth ServiceProvider3 installieren wie hier:
  • Apache shib.conf (wird vom Paket installiert):
  • ShibCompatValidUser Off
    
    #
    # Ensures handler will be accessible.
    #
    <Location /Shibboleth.sso>
      AuthType None
      Require all granted
    </Location>
    
    #
    # Used for example style sheet in error templates.
    #
    <IfModule mod_alias.c>
      <Location /shibboleth-sp>
        AuthType None
        Require all granted
      </Location>
      Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css
    </IfModule>
  • Apache default-ssl.conf:
  • <IfModule mod_ssl.c>
            <VirtualHost _default_:443>
    ...
                    <Location /webif/shib>
                            AuthType shibboleth
                            ShibRequestSetting requireSession true
                            Require valid-user
                    </Location>
                    <Location /webif/shib/api.php>
                         AuthType shibboleth
                         ShibRequestSetting requireSessionWith ECP
                         AuthName "Secret"
                         AuthUserFile passwd
                         Require valid-user
                    </Location>
    
                    <Location /shib>
                            AuthType shibboleth
                            ShibRequestSetting requireSession true
                            Require valid-user
                    </Location>
                    <Location /shib/api.php>
                         AuthType shibboleth
                         ShibRequestSetting requireSessionWith ECP
                         AuthName "Secret"
                         AuthUserFile passwd
                         Require valid-user
                   </Location>
                    SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
    
                    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
            </VirtualHost>
    </IfModule>
    
  • cd /opt/bwlp-webadmin
  • ln -s . webif
  • echo "ServerName master.lehrpool.hochschule-rhein-waal.de" > /etc/apache2/conf-available/fqdn.conf
  • a2enconf fqdn && systemctl reload apache2
  • config.php
  • define('CONFIG_DEBUG', true);
    define('CONFIG_PREFIX', '/');
    define('CONFIG_SESSION_TIMEOUT', 86400 * 7);
    define('CONFIG_FORCE_DOMAIN', 'master.lehrpool.hochschule-rhein-waal.de');
    define('CONFIG_ENTITLEMENT', ';noop;');
    define('CONFIG_SUITE', 'Lehrpool.nrw');
    define('CONFIG_HELPURL', 'elearning.hochschule-rhein-waal.de/dokuwiki/doku.php?id=hsrw:services:lehrpool.nrw:lehrpool.nrw');
    define('CONFIG_FOOTER_SUPPORT', 'https://elearning.hochschule-rhein-waal.de/dokuwiki/doku.php?id=hsrw:services:lehrpool.nrw:lehrpool.nrw');
    define('CONFIG_MASTERWEBIF', 'https://master.lehrpool.hochschule-rhein-waal.de/webif/');
    define('CONFIG_IDM', 'DFN-AAI');
    define('CONFIG_PROVIDER', 'Hochschule Rhein-Waal');
    define('CONFIG_ADMINS', serialize(array('a79164282c338f29895b5f8bae53b43c', '7af93bad27a6802b9aa66a0837c27963')));
    
    define('CONFIG_IDM_LINK_SN', 'https://doku.tid.dfn.de/de:common_attributes#a03');
    define('CONFIG_IDM_LINK_GIVENNAME', 'https://doku.tid.dfn.de/de:common_attributes#a04');
    define('CONFIG_IDM_LINK_MAIL', 'https://doku.tid.dfn.de/de:common_attributes#a05');
    define('CONFIG_IDM_LINK_PID', 'https://doku.tid.dfn.de/de:common_attributes#a11');
    define('CONFIG_IDM_LINK_EPSA', 'https://doku.tid.dfn.de/de:common_attributes#a09');
  • /etc/shibboleth/shibboleth2.xml (Ausgabe hier erzeugt mit tidy -quiet -asxml -xml -indent –wrap-attributes yes –indent-attributes yes –hide-comments 1 /etc/shibboleth/shibboleth2.xml)
  • <SPConfig xmlns="urn:mace:shibboleth:3.0:native:sp:config"
              xmlns:conf="urn:mace:shibboleth:3.0:native:sp:config"
              xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
              xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
              xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
              clockSkew="180">
      <ApplicationDefaults entityID="https://lehrpool.hochschule-rhein-waal.de/shibboleth"
                           REMOTE_USER="persistent-id">
        <Sessions lifetime="28800"
                  timeout="3600"
                  relayState="ss:mem"
                  checkAddress="false"
                  handlerSSL="true"
                  cookieProps="https">
          <SSO discoveryProtocol="SAMLDS"
               discoveryURL="https://wayf.aai.dfn.de/DFN-AAI/wayf/"
               ECP="true">SAML2</SSO>
          <Logout>SAML2 Local</Logout>
          <Handler type="MetadataGenerator"
                   Location="/Metadata"
                   signing="false" />
          <Handler type="Status"
                   Location="/Status" />
          <Handler type="Session"
                   Location="/Session"
                   showAttributeValues="true" />
          <Handler type="DiscoveryFeed"
                   Location="/DiscoFeed" />
          <SessionInitiator id="ECP"
                            type="SAML2"
                            Location="/ECP"
                            ECP="true"
                            entityID="https://sso.hochschule-rhein-waal.de/idp/shibboleth">
          </SessionInitiator>
        </Sessions>
        <Errors supportContact="lehrpool@hochschule-rhein-waal.de"
                helpLocation="http://www.hochschule-rhein-waal.de/de/hochschule/einrichtungen/it-dienste"
                styleSheet="/shibboleth-sp/main.css" />
        <MetadataProvider type="Chaining">
          <MetadataProvider type="XML"
                            url="https://www.aai.dfn.de/fileadmin/metadata/DFN-AAI-metadata.xml"
                            backingFilePath="DFN-AAI-metadata.xml"
                            reloadInterval="7200">
            <MetadataFilter type="RequireValidUntil"
                            maxValidityInterval="2419200" />
            <MetadataFilter type="Signature"
                            certificate="/etc/shibboleth/dfn-aai.pem" />
          </MetadataProvider>
        </MetadataProvider>
        <AttributeExtractor type="XML"
                            validate="true"
                            reloadChanges="false"
                            path="attribute-map.xml" />
        <AttributeResolver type="Query"
                           subjectMatch="true" />
        <AttributeFilter type="XML"
                         validate="true"
                         path="attribute-policy.xml" />
        <CredentialResolver type="File"
                            key="/etc/shibboleth/lpnrw.key"
                            certificate="/etc/shibboleth/lpnrw.crt" />
      </ApplicationDefaults>
      <SecurityPolicyProvider type="XML"
                              validate="true"
                              path="security-policy.xml" />
      <ProtocolProvider type="XML"
                        validate="true"
                        reloadChanges="false"
                        path="protocols.xml" />
    </SPConfig>
    
    
  • attribute-map.xml
  • <Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <Attribute name="urn:oasis:names:tc:SAML:attribute:subject-id"
                 id="subject-id">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder"
                          caseSensitive="false" />
      </Attribute>
      <Attribute name="urn:oasis:names:tc:SAML:attribute:pairwise-id"
                 id="pairwise-id">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder"
                          caseSensitive="false" />
      </Attribute>
      <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
                 id="eppn">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder"
                          caseSensitive="false" />
      </Attribute>
      <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName"
                 id="eppn">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder"
                          caseSensitive="false" />
      </Attribute>
      <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9"
                 id="affiliation">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder"
                          caseSensitive="false" />
      </Attribute>
      <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"
                 id="affiliation">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder"
                          caseSensitive="false" />
      </Attribute>
      <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
                 id="entitlement" />
      <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement"
                 id="entitlement" />
      <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
                 id="persistent-id">
        <AttributeDecoder xsi:type="NameIDAttributeDecoder"
                          formatter="$NameQualifier!$SPNameQualifier!$Name"
                          defaultQualifiers="true" />
      </Attribute>
      <Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                 id="persistent-id">
        <AttributeDecoder xsi:type="NameIDAttributeDecoder"
                          formatter="$NameQualifier!$SPNameQualifier!$Name"
                          defaultQualifiers="true" />
      </Attribute>
      <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11"
                 id="assurance" />
      <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1"
                 id="member" />
      <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.1"
                 id="eduCourseOffering" />
      <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.2"
                 id="eduCourseMember" />
      <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
                 id="unscoped-affiliation">
        <AttributeDecoder xsi:type="StringAttributeDecoder"
                          caseSensitive="false" />
      </Attribute>
      <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5"
                 id="primary-affiliation">
        <AttributeDecoder xsi:type="StringAttributeDecoder"
                          caseSensitive="false" />
      </Attribute>
      <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2"
                 id="nickname" />
      <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.8"
                 id="primary-orgunit-dn" />
      <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.4"
                 id="orgunit-dn" />
      <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3"
                 id="org-dn" />
      <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation"
                 id="unscoped-affiliation">
        <AttributeDecoder xsi:type="StringAttributeDecoder"
                          caseSensitive="false" />
      </Attribute>
      <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation"
                 id="primary-affiliation">
        <AttributeDecoder xsi:type="StringAttributeDecoder"
                          caseSensitive="false" />
      </Attribute>
      <Attribute name="urn:mace:dir:attribute-def:eduPersonNickname"
                 id="nickname" />
      <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN"
                 id="primary-orgunit-dn" />
      <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgUnitDN"
                 id="orgunit-dn" />
      <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgDN"
                 id="org-dn" />
      <Attribute name="urn:oid:2.5.4.3"
                 id="cn" />
      <Attribute name="urn:oid:2.5.4.4"
                 id="sn" />
      <Attribute name="urn:oid:2.5.4.42"
                 id="givenName" />
      <Attribute name="urn:oid:2.16.840.1.113730.3.1.241"
                 id="displayName" />
      <Attribute name="urn:oid:0.9.2342.19200300.100.1.1"
                 id="uid" />
      <Attribute name="urn:oid:0.9.2342.19200300.100.1.3"
                 id="mail" />
      <Attribute name="urn:oid:2.5.4.20"
                 id="telephoneNumber" />
      <Attribute name="urn:oid:2.5.4.12"
                 id="title" />
      <Attribute name="urn:oid:2.5.4.43"
                 id="initials" />
      <Attribute name="urn:oid:2.5.4.13"
                 id="description" />
      <Attribute name="urn:oid:2.16.840.1.113730.3.1.1"
                 id="carLicense" />
      <Attribute name="urn:oid:2.16.840.1.113730.3.1.2"
                 id="departmentNumber" />
      <Attribute name="urn:oid:2.16.840.1.113730.3.1.3"
                 id="employeeNumber" />
      <Attribute name="urn:oid:2.16.840.1.113730.3.1.4"
                 id="employeeType" />
      <Attribute name="urn:oid:2.16.840.1.113730.3.1.39"
                 id="preferredLanguage" />
      <Attribute name="urn:oid:0.9.2342.19200300.100.1.10"
                 id="manager" />
      <Attribute name="urn:oid:2.5.4.34"
                 id="seeAlso" />
      <Attribute name="urn:oid:2.5.4.23"
                 id="facsimileTelephoneNumber" />
      <Attribute name="urn:oid:2.5.4.9"
                 id="street" />
      <Attribute name="urn:oid:2.5.4.18"
                 id="postOfficeBox" />
      <Attribute name="urn:oid:2.5.4.17"
                 id="postalCode" />
      <Attribute name="urn:oid:2.5.4.8"
                 id="st" />
      <Attribute name="urn:oid:2.5.4.7"
                 id="l" />
      <Attribute name="urn:oid:2.5.4.10"
                 id="o" />
      <Attribute name="urn:oid:2.5.4.11"
                 id="ou" />
      <Attribute name="urn:oid:2.5.4.15"
                 id="businessCategory" />
      <Attribute name="urn:oid:2.5.4.19"
                 id="physicalDeliveryOfficeName" />
      <Attribute name="urn:mace:dir:attribute-def:cn"
                 id="cn" />
      <Attribute name="urn:mace:dir:attribute-def:sn"
                 id="sn" />
      <Attribute name="urn:mace:dir:attribute-def:givenName"
                 id="givenName" />
      <Attribute name="urn:mace:dir:attribute-def:displayName"
                 id="displayName" />
      <Attribute name="urn:mace:dir:attribute-def:uid"
                 id="uid" />
      <Attribute name="urn:mace:dir:attribute-def:mail"
                 id="mail" />
      <Attribute name="urn:mace:dir:attribute-def:telephoneNumber"
                 id="telephoneNumber" />
      <Attribute name="urn:mace:dir:attribute-def:title"
                 id="title" />
      <Attribute name="urn:mace:dir:attribute-def:initials"
                 id="initials" />
      <Attribute name="urn:mace:dir:attribute-def:description"
                 id="description" />
      <Attribute name="urn:mace:dir:attribute-def:carLicense"
                 id="carLicense" />
      <Attribute name="urn:mace:dir:attribute-def:departmentNumber"
                 id="departmentNumber" />
      <Attribute name="urn:mace:dir:attribute-def:employeeNumber"
                 id="employeeNumber" />
      <Attribute name="urn:mace:dir:attribute-def:employeeType"
                 id="employeeType" />
      <Attribute name="urn:mace:dir:attribute-def:preferredLanguage"
                 id="preferredLanguage" />
      <Attribute name="urn:mace:dir:attribute-def:manager"
                 id="manager" />
      <Attribute name="urn:mace:dir:attribute-def:seeAlso"
                 id="seeAlso" />
      <Attribute name="urn:mace:dir:attribute-def:facsimileTelephoneNumber"
                 id="facsimileTelephoneNumber" />
      <Attribute name="urn:mace:dir:attribute-def:street"
                 id="street" />
      <Attribute name="urn:mace:dir:attribute-def:postOfficeBox"
                 id="postOfficeBox" />
      <Attribute name="urn:mace:dir:attribute-def:postalCode"
                 id="postalCode" />
      <Attribute name="urn:mace:dir:attribute-def:st"
                 id="st" />
      <Attribute name="urn:mace:dir:attribute-def:l"
                 id="l" />
      <Attribute name="urn:mace:dir:attribute-def:o"
                 id="o" />
      <Attribute name="urn:mace:dir:attribute-def:ou"
                 id="ou" />
      <Attribute name="urn:mace:dir:attribute-def:businessCategory"
                 id="businessCategory" />
      <Attribute name="urn:mace:dir:attribute-def:physicalDeliveryOfficeName"
                 id="physicalDeliveryOfficeName" />
    </Attributes>
  • Shibboleth-SP Zertifikate erzeugen und ablegen (siehe oben)
  • SP in der DFN-Metadatenverwaltung erzeugen (https://www.aai.dfn.de/verwaltung/metadaten/)
  • <?xml version="1.0" encoding="UTF-8"?>
    <EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:saml1md="urn:mace:shibboleth:metadata:1.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" xmlns:php="http://php.net/xsl" xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:remd="http://refeds.org/metadata">
      <EntityDescriptor entityID="https://lehrpool.hochschule-rhein-waal.de/shibboleth">
        <Extensions>
          <mdrpi:RegistrationInfo registrationAuthority="https://www.aai.dfn.de" registrationInstant="2019-03-07T08:34:13Z">
            <mdrpi:RegistrationPolicy xml:lang="en">https://www.aai.dfn.de/en/join/</mdrpi:RegistrationPolicy>
            <mdrpi:RegistrationPolicy xml:lang="de">https://www.aai.dfn.de/teilnahme/</mdrpi:RegistrationPolicy>
          </mdrpi:RegistrationInfo>
        </Extensions>
        <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
          <Extensions>
            <idpdisc:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://master.lehrpool.hochschule-rhein-waal.de/Shibboleth.sso/Login" index="1"/>
            <mdui:UIInfo>
              <mdui:DisplayName xml:lang="de">Lehrpool.nrw an der HSRW</mdui:DisplayName>
              <mdui:DisplayName xml:lang="en">Lehrpool.nrw at the HSRW</mdui:DisplayName>
              <mdui:Description xml:lang="de">Lehrpool.nrw an der HSRW</mdui:Description>
              <mdui:Description xml:lang="en">Lehrpool.nrw at the HSRW</mdui:Description>
              <mdui:PrivacyStatementURL xml:lang="de">https://www.hochschule-rhein-waal.de/de/impressum-und-datenschutzerklaerung</mdui:PrivacyStatementURL>
            </mdui:UIInfo>
          </Extensions>
          <KeyDescriptor>
            <ds:KeyInfo>
              <ds:KeyName>lehrpool.hochschule-rhein-waal.de</ds:KeyName>
              <ds:X509Data>
                <ds:X509SubjectName>CN=lehrpool.hochschule-rhein-waal.de,O=Hochschule Rhein-Waal,L=Kleve,ST=Nordrhein-Westfalen,C=DE</ds:X509SubjectName>
                <ds:X509Certificate>MIIKdzCCCV+gAwIBAgIMIJ3+2gUYsR+WEgpdMA0GCSqGSIb3DQEBCwUAMIGNMQsw
    CQYDVQQGEwJERTFFMEMGA1UECgw8VmVyZWluIHp1ciBGb2VyZGVydW5nIGVpbmVz
    IERldXRzY2hlbiBGb3JzY2h1bmdzbmV0emVzIGUuIFYuMRAwDgYDVQQLDAdERk4t
    UEtJMSUwIwYDVQQDDBxERk4tVmVyZWluIEdsb2JhbCBJc3N1aW5nIENBMB4XDTE5
    MDMwNTE0MDIwMloXDTIxMDYwNjE0MDIwMlowgYcxCzAJBgNVBAYTAkRFMRwwGgYD
    VQQIDBNOb3JkcmhlaW4tV2VzdGZhbGVuMQ4wDAYDVQQHDAVLbGV2ZTEeMBwGA1UE
    CgwVSG9jaHNjaHVsZSBSaGVpbi1XYWFsMSowKAYDVQQDDCFsZWhycG9vbC5ob2No
    c2NodWxlLXJoZWluLXdhYWwuZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
    AoICAQC6tGN8QOtR/pLI1EIiS94zT6bhM8yBYQvflMpMGgxoxAQVrhBM8wA2Rq/F
    Mka+nlGDAqTLulMwY2vSSDmY+dlBP9lPcnOkVNS7dpwZCAuKnJAWFN+zAukvz8Ms
    eKzEAn1rbwg3zye0KEffrDoo+/MBDHfwPIQSbaUHcQly5aJ998PCrpv7vFisqQCl
    BTh0oGBli2taFwNAKpfdHMJD5ls/2BWbi7KcdltCp3Kk9ZA6zFulbA/ZFFfDq9h1
    DRWuyyx/8p4PkLxUMDMH1j+h9V5Q5P90wfrhkfVciIJsQfxWd2+0Ml8kJw6/qofX
    zbLDnSxDyH/6KdxsE7edRMVcyUv/13XveMi9ndJR0OWn7+YWieMqicI7ia6RjGI0
    HifYqyecfJ8zaDMF6d7Ueln4Kt9dZ7wp9+O5gSz4oaYTuJhcou+5TeSbeHU3gJ1N
    QiuX9RT/hsrf9bYHDYb8PztK04Davn8cTmaGjZ2nDMh/h2GsyO5ActqywSVUKqQe
    ltG3kKhm+QfWG0HkEXjN1tc2q9FQiGJw3F5czdaAqpxppvfcIqqhBtA7PRuIVD6b
    4SmyuS/bvzTJTGLWNFEY2VWVY4pumQ6AFSmywpeR4Xg9+mBjCD7L9sHzqspmXHIP
    tH5No9tcf4Wqpi7H8jLwwwMZal0M7uUIenTTcENGMLKlJp78/wIDAQABo4IF2TCC
    BdUwWQYDVR0gBFIwUDAIBgZngQwBAgIwDQYLKwYBBAGBrSGCLB4wDwYNKwYBBAGB
    rSGCLAEBBDARBg8rBgEEAYGtIYIsAQEEAwkwEQYPKwYBBAGBrSGCLAIBBAMJMAkG
    A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr
    BgEFBQcDATAdBgNVHQ4EFgQUfC1PHqm41ModvcvVa91LyqdQxrUwHwYDVR0jBBgw
    FoAUazqYi/nyU4na4K2yMh4JH+iqO3QwLAYDVR0RBCUwI4IhbGVocnBvb2wuaG9j
    aHNjaHVsZS1yaGVpbi13YWFsLmRlMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0dHA6
    Ly9jZHAxLnBjYS5kZm4uZGUvZGZuLWNhLWdsb2JhbC1nMi9wdWIvY3JsL2NhY3Js
    LmNybDA/oD2gO4Y5aHR0cDovL2NkcDIucGNhLmRmbi5kZS9kZm4tY2EtZ2xvYmFs
    LWcyL3B1Yi9jcmwvY2FjcmwuY3JsMIHbBggrBgEFBQcBAQSBzjCByzAzBggrBgEF
    BQcwAYYnaHR0cDovL29jc3AucGNhLmRmbi5kZS9PQ1NQLVNlcnZlci9PQ1NQMEkG
    CCsGAQUFBzAChj1odHRwOi8vY2RwMS5wY2EuZGZuLmRlL2Rmbi1jYS1nbG9iYWwt
    ZzIvcHViL2NhY2VydC9jYWNlcnQuY3J0MEkGCCsGAQUFBzAChj1odHRwOi8vY2Rw
    Mi5wY2EuZGZuLmRlL2Rmbi1jYS1nbG9iYWwtZzIvcHViL2NhY2VydC9jYWNlcnQu
    Y3J0MIIDYAYKKwYBBAHWeQIEAgSCA1AEggNMA0oAdwCq5wt/PLjVZshsLxaXnJ9E
    X2mrDrRTVYmy93oDAQTzzQAAAWlOKVyGAAAEAwBIMEYCIQD7QQLxSIUdo2JQyeyR
    i6IPmxs/gM+OZlXMhsaN2AHXnQIhALyIAjd/IYFAkbzmq81oTty2UYavwUv4PXhs
    RNdmCZk1AHYAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAFpTild
    UQAABAMARzBFAiB05GTMahHyrin19joQ+Q/e34whcGPB2iHd5z2dchtzrAIhAPk0
    e9UWkb69qhv2H93jbqRDXcopHIoBghG/WCXMvlcNAHYAVYHUwhaQNgFK6gubVzxT
    8MDkOHhwJQgXL6OqHQcT0wwAAAFpTileVAAABAMARzBFAiAfswWG3uYyQ+j3MQyp
    BncGlOfzQEVO4iTOm9/iir12BwIhAMjP0UjnNJKQ0q37dw7MfvnozAvuYXQW8bxL
    7IXlgEbmAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFpTild
    BgAABAMASDBGAiEAgda6iWoQWj9OgIJYm3NTE/hJiutJ0IOZfgjzpZpAkWoCIQDv
    TqC68ZQGqGAAMLjks2FLL1cUYx3xqhPzsdgtGkJ66AB2AESUZS6w7s6vxEAH2Kj+
    KMDa5oK+2MsxtT/TM5a1toGoAAABaU4pYPQAAAQDAEcwRQIgD4B1bCA7PDuYFYPf
    vdFyLB3yP1IvCdGReT0sReGgqX8CIQCW6w4o+Qj1xmKuCZCyf+t8TggWW8vCFbyD
    0Cymt7J7jwB1ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABaU4p
    XQgAAAQDAEYwRAIgP9oTS8FdlLMdwLVMw8a8zLn636vNRN/AjyRttY2dCTUCIGBc
    hldbpmEvxDQMkgdDSipZ6GmVgQMww5FI6RpsDCAMAHcApLkJkLQYWBSHuxOizGdw
    Cjw1mAT5G9+443fNDsgN3BAAAAFpTildEQAABAMASDBGAiEA53Hxrf1p5RYUS/du
    WHkHNokGYhpNVqhL+zEoaIlxsZUCIQDL5OiLlG9wNCJUfc0+0NDYpA7b/d98ywOP
    LdqIgvURkjANBgkqhkiG9w0BAQsFAAOCAQEAlyrG/yVZBMW3WsW2GjS/ftbqZh5S
    cDKSavWgVrhX+mcA4DxTUnaBZ7BMJ8lYJK0F894DDsqyF2vPCzsmouQ8NDwbKYFX
    k5InGCmOpvw5pg7Yto8vnVua7Tapt7WQZaB2ZuE62HwUZWwK67hx64kI3BtYaJBP
    1D0t7/KkDVGkrq8ZAPJdQzawYMbSekKhJ03lDzcskTdkOmzclwIQZitAGCH8e1xu
    LkYlp4BxpOYDA0sBBMb+sDwfzUPz61nMJGqKXIuUWw+CBG1TYntZFMI7SNWcWdkD
    f+b++QjNS7RDfQPyuPFRehr+Uec7ILdft7T+FLLJpyO1NCaCQQjqBYK9ww==
    </ds:X509Certificate>
              </ds:X509Data>
            </ds:KeyInfo>
          </KeyDescriptor>
          <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://master.lehrpool.hochschule-rhein-waal.de/Shibboleth.sso/Artifact/SOAP" index="1"/>
          <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://master.lehrpool.hochschule-rhein-waal.de/Shibboleth.sso/SLO/SOAP"/>
          <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://master.lehrpool.hochschule-rhein-waal.de/Shibboleth.sso/SLO/Redirect"/>
          <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://master.lehrpool.hochschule-rhein-waal.de/Shibboleth.sso/SLO/POST"/>
          <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://master.lehrpool.hochschule-rhein-waal.de/Shibboleth.sso/SLO/Artifact"/>
          <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
          <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://master.lehrpool.hochschule-rhein-waal.de/Shibboleth.sso/SAML2/POST" index="1"/>
          <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://master.lehrpool.hochschule-rhein-waal.de/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/>
          <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://master.lehrpool.hochschule-rhein-waal.de/Shibboleth.sso/SAML2/Artifact" index="3"/>
          <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://master.lehrpool.hochschule-rhein-waal.de/Shibboleth.sso/SAML2/ECP" index="4"/>
          <AttributeConsumingService index="1">
            <ServiceName xml:lang="de">Lehrpool.nrw an der HSRW</ServiceName>
            <ServiceName xml:lang="en">Lehrpool.nrw at the HSRW</ServiceName>
            <ServiceDescription xml:lang="de">Lehrpool.nrw an der HSRW</ServiceDescription>
            <ServiceDescription xml:lang="en">Lehrpool.nrw at the HSRW</ServiceDescription>
            <RequestedAttribute isRequired="true" FriendlyName="eduPersonEntitlement" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
            <RequestedAttribute isRequired="true" FriendlyName="eduPersonAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
            <RequestedAttribute isRequired="true" FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
            <RequestedAttribute isRequired="true" FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
            <RequestedAttribute isRequired="true" FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
            <RequestedAttribute isRequired="true" FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
            <RequestedAttribute isRequired="true" FriendlyName="eduPersonOrgDN" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
            <RequestedAttribute isRequired="true" FriendlyName="eduPersonScopedAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
          </AttributeConsumingService>
        </SPSSODescriptor>
        <Organization>
          <OrganizationName xml:lang="de">e365</OrganizationName>
          <OrganizationName xml:lang="en">e365</OrganizationName>
          <OrganizationDisplayName xml:lang="de">Hochschule Rhein-Waal</OrganizationDisplayName>
          <OrganizationDisplayName xml:lang="en">Rhine-Waal University of Applied Sciences</OrganizationDisplayName>
          <OrganizationURL xml:lang="de">http://www.hochschule-rhein-waal.de</OrganizationURL>
          <OrganizationURL xml:lang="en">http://www.hochschule-rhein-waal.de</OrganizationURL>
        </Organization>
        <ContactPerson contactType="technical">
          <GivenName>Lehrpool-Team</GivenName>
          <EmailAddress>mailto:lehrpool@hochschule-rhein-waal.de</EmailAddress>
        </ContactPerson>
        <ContactPerson contactType="support">
          <GivenName>Lehrpool-Team</GivenName>
          <EmailAddress>mailto:lehrpool@hochschule-rhein-waal.de</EmailAddress>
        </ContactPerson>
        <ContactPerson contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security">
          <GivenName>Lehrpool-Team</GivenName>
          <EmailAddress>mailto:lehrpool@hochschule-rhein-waal.de</EmailAddress>
        </ContactPerson>
      </EntityDescriptor>
    </EntitiesDescriptor>
    
  • systemctl restart shibd ; systemctl restart apache2
  • public/services/lehrpool.nrw/dfn-aai.txt
  • Zuletzt geändert: 2021/04/07 17:18
  • von dwsa