Digitalisasi Sistem Informasi Manajemen Dalam Penanganan IDP (Individual Development Plan) Di Pt Garudafood Putra Putri Jaya Bu.E2 Rancaekek Fahmi Abdul Aziz (2017) | Tugas Akhir | - RingkasanIndividual Development Plan (IDP) merupakan rencana pengembangan kinerja karyawan sesuai dengan kebutuhan organisasi. Sistem informasi manajemen (SIM) sangat berpengaruh dalam penyebaran informasi tentang Individual development plan (IDP) supaya informasi dapat tersampaikan langsung kepada orang yang bersangkutan. Dalam penerapanya Sistem informasi manajemen (SIM) dalam penanganan Individual development plan (IDP) harus di dukung oleh teknologi berbasis computer. Hal ini dapat memberikan kemudahan dan ketepatan dalam mengatur informasi. Bila masih menggunakan cara manual akan menghambat dalam segi waktu dan keamanan file. Penanganan IDP di PT Garudafood Putra Putri Jaya masih menggunakan cara manual. Penggunaan komputer hanya digunakan sebatas untuk pengetikan pada form IDP saja. Hal ini membuat penanganan IDP ini memakan waktu yang sangat lama. Selain itu, keamanan file juga bergantung pada hard copy yang sangat rentan rusak ataupun hilang, untuk itu dibuat sebuah aplikasi IDP. Aplikasi berperan penting untuk memberikan kemudahan pemakain. Penanganan Sistem informasi manajemen (SIM) dalam Individual development plan (IDP) menjadikan pengerjaan lebih cepat dan keamanan dari data lebih terjamin. Dari itu aplikasi ini dibuat supaya memberikan kemudahan dalam penggunaan dan meminimalisasi kekurangan yang terdapat pada sistem yang telah digunakan di perusahaan Kata kunci : Sistem Informasi Manajemen, IDP, Individual Development Plan, aplikasi, proyek Ringkasan AlternatifIndividual development plan (IDP) is an employee performance development plans according to the needs of the organization. Management information systems (MIS) are very influential in the dissemination of information about the Individual Development Plan (IDP) so that information can be delivered directly to the person concerned. Applicability in the management information system (MIS) in the handling of Individual development plan (IDP) must be supported by computer-based technology. It can provide convenience and accuracy in managing information. When still use manual way would hamper in terms of time and file security. Handling IDP PT Garudafood Putra Putri Jaya still use manual . The use of computers is used only limited to typing on IDP form only. This makes the handling of IDPs this takes a very long time . In addition, the security file also depend on a particularly vulnerable hard copy is damaged or lost , for it made an IDP application Application plays an important role to provide ease of usage. Handling Management information systems (MIS) in the Individual Development Plan (IDP) makes the work faster and more assured security of the data. From the application is made in order to provide ease of use and minimize the shortcomings inherent in the system that has been used in the company Kaywords: Management Information System IDP, Individual Development Plan, Application, project SumberEnter a new URL to shortenThe bookmarkletAdd this to your bookmarks or drag it to your bookmarks bar to quickly access shortening functions. Shorten This bookmarklet takes the page URL and title and opens a new tab, where you can fill out a CAPTCHA. If you have selected text before using the bookmarklet, that will be used as the keyword. Support for bookmarklets on mobile varies. For example, they work on Chrome for Android but you have to add and sync them from your desktop. Daftar Isi
Kelebihan SSO :
Tantangan SSO :
Komponen - komponen SSO : Identity Provider (IdP), bertanggung jawab untuk otentikasi user dan menyediakan informasi user ke SP. Service Provider (SP), bertanggung jawab untuk melindungi sumber daya online dan mengonsumsi informasi dari IdP. Discovery Service (DS), membantu SP untuk menemukan IdP user. Basic Interaction
Pengantar Federasi Identity Federation merupakan kumpulan organisasi yang setuju untuk beroperasi di bawah satu kebijakan tertentu. Installasi Jagger
Requirements Installation
# wget https://github.com/bcit-ci/CodeIgniter/archive/3.1.5.zip
# unzip 3.1.5.zip
# mv CodeIgniter-3.1.5/ codeigniter
# git clone https://github.com/Edugate/Jagger /opt/rr3
# cd /opt/rr3/application/
# nano /opt/rr3/application/composer.json "doctrine/common": "2.4.*",
define('ENVIRONMENT', isset($_SERVER['CI_ENV']) ? $_SERVER['CI_ENV'] : 'development'); Sebelum baris tersebut, tambahkan script di bawah ini : $_SERVER['CI_ENV'] = 'production'; Cari baris di bawah ini : Lalu ubah menjadi seperti di bawah ini : $system_path = '/opt/codeigniter/system';
DocumentRoot /opt/rr3 <Directory /opt/rr3> Require all granted RewriteEngine On RewriteBase / RewriteCond $1 !^(Shibboleth\.sso|index\.php|logos|signedmetadata|flags|images|app|schemas|fonts|styles|images|js|robots\.txt|pub|includes) RewriteRule ^(.*)$ /index.php?/$1 [L] AllowOverride All </Directory> <Directory /opt/rr3/application> Require all denied </Directory>
$config['base_url'] = 'https://sp-<domain-anda>.uii.id'; Tambahkan juga konfigurasi di bawah ini : $config['csrf_regenerate'] = FALSE; $config['csrf_exclude_uris'] = array();
feduserapplyform digunakan untuk mengaktifkan tombol Apply for an account saat ada user baru login menggunakan tombol Federated Access $config['rr_setup_allowed'] = TRUE; $config['syncpass'] = '<password_yang_tergenerate>'; $config['Shib_username'] = 'uid'; $config['feduserapplyform'] = true; Hapus bagian di bawah karena sudah deprecated $config['nameids'] = array( 'urn:mace:shibboleth:1.0:nameIdentifier' => ………………… 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', ); Lalu edit metadata_validuntil_days (memperpanjang expired date metadata) seperti berikut : $config['metadata_validuntil_days'] = '30';
$db['default']['hostname'] = '127.0.0.1'; $db['default']['username'] = 'rr3user'; $db['default']['password'] = 'rr3pass'; $db['default']['database'] = 'rr3'; $db['default']['dsn']= 'mysql:host=127.0.0.1;port=3306;dbname=rr3';
# nano /opt/rr3/application/config/config_rr.php $config['rr_setup_allowed'] = FALSE;
Disable WORK_DIR dan ubah path seperti di bawah ini : #WORK_DIR="/lib/foo" DAEMON="/usr/bin/python" ARGS="/opt/rr3-addons/gearman-workers/gearman-worker-metasigner.py" PIDFILE="/run/gearman/gworkers.pid"
os.environ["JAVA_HOME"] = "/usr/lib/jvm/java-1.8.0-openjdk-amd64"; xmlsecommand = "/opt/xmlsectool-2.0.0/xmlsectool.sh" cert="/opt/md-signer/metadata-signer.crt" certkey="/opt/md-signer/metadata-signer.key" cerpass="" destination="/opt/rr3/signedmetadata"
$config['signdigest'] = 'SHA-256'; $config['mq'] = 'gearman'; $config['gearman'] = TRUE;
# systemctl restart gearman-job-server
# php -m | grep gearman
# ps aux | grep gearman gearman 47762 0.0 0.3 499456 6788 ? Ssl 07:40 0:00 /usr/sbin/gearmand --pid-file=/run/gearman/gearmand.pid --listen=localhost --daemon --log-file=/var/log/gearman-job-server/gearmand.log root 48288 0.6 0.7 52596 13952 pts/0 S 07:47 0:00 python /opt/rr3-addons/gearman-workers/gearman-worker-metasigner.py Instalasi Identity Provider (IdP)
System Requirements
Install Requirements
# apt update && apt upgrade
# apt install openjdk-11-jre ca-certificates openssl tomcat9 apache2 ntp expat libmysql-java libcommons-dbcp-java libcommons-pool-java --no-install-recommends unzip
# java -version
# update-java-alternatives -l
# systemctl status tomcat9
# systemctl status apache2
# nano /etc/environment JAVA_HOME=/usr/lib/jvm/java-1.11.0-openjdk-amd64 IDP_SRC=/usr/local/src/shibboleth-identity-provider-4.0.1
# source /etc/environment
# nano /etc/default/tomcat9 JAVA_HOME=/usr/lib/jvm/java-1.11.0-openjdk-amd64 JAVA_OPTS="-Djava.awt.headless=true -XX:+DisableExplicitGC -XX:+UseParallelOldGC -Xms256m -Xmx2g -Djava.security.egd=file:/dev/./urandom"
# add-apt-repository ppa:certbot/certbot
# nano /etc/apache2/sites-available/default-ssl.conf <IfModule mod_ssl.c> SSLStaplingCache shmcb:/var/run/ocsp(128000) <VirtualHost _default_:443> ServerName idp.uii.ac.id:443 ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH" SSLCompression Off SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off Header always set Strict-Transport-Security "max-age=63072000;includeSubDomains;preload" SSLCertificateFile /root/cert/uii.crt SSLCertificateKeyFile /root/cert/uii.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> </VirtualHost> </IfModule>
# nano /etc/apache2/sites-available/000-default.conf <VirtualHost *:80> ServerName "idp.uii.ac.id" RedirectMatch ^/$ https://idp.uii.ac.id/idp/shibboleth ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
# tar -xzvf shibboleth-identity-provider-4.0.1.tar.gz
# ln -s /usr/share/java/mysql-connector-java.jar shibboleth-identity-provider-4.0.1/webapp/WEB-INF/lib
# ./shibboleth-identity-provider-4.0.1/bin/install.sh
Source (Distribution) Directory (press <enter> to accept default):[/usr/local/src/shibboleth-identity-provider-4.0.1] ? (Enter) Installation Directory: [/opt/shibboleth-idp] ? (Enter) Host Name: [<ip address>] ? idp-<domainanda>.uii.id Backchannel PKCS12 Password: Password_anda Re-enter password: Password_anda Cookie Encryption Key Password: Password_anda Re-enter password: Password_anda SAML EntityID: [https://idp-<domain_anda>/idp/shibboleth] ? (Enter) Attribute Scope: [idp-<domain_anda>] ? (Enter)
# cd /opt/shibboleth-idp/
# chown tomcat: credentials/ logs/ -R # chmod 777 logs/ # chown tomcat:root conf/ metadata/ system/ war/ -R
# cd /opt/shibboleth-idp/edit-webapp/WEB-INF/lib/
# wget http://www.java2s.com/Code/JarDownload/tomcat-jdbc/tomcat-jdbc.jar.zip
# chown -R tomcat jstl-1.2.jar tomcat-jdbc.jar
# nano /lib/systemd/system/tomcat9.service ReadWritePaths=/opt/shibboleth-idp/ # systemctl daemon-reload
# /opt/shibboleth-idp/bin/build.sh
Installation Directory: [/opt/shibboleth-idp] ? (Enter)
# nano /etc/tomcat9/server.xml <!-- <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443" /> -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" address="127.0.0.1" enableLookups="false" tomcatAuthentication="false"/>
# nano /etc/tomcat9/Catalina/localhost/idp.xml <Context docBase="/opt/shibboleth-idp/war/idp.war" privileged="true" antiResourceLocking="false" swallowOutput="true"/>
# nano /etc/apache2/sites-available/idp.conf <IfModule mod_proxy.c> ProxyPreserveHost On RequestHeader set X-Forwarded-Proto "https" <Proxy ajp://localhost:8009> Require all granted </Proxy> ProxyPass /idp ajp://localhost:8009/idp retry=5 ProxyPassReverse /idp ajp://localhost:8009/idp retry=5 </IfModule>
# a2enmod proxy_ajp
# nano /etc/tomcat9/context.xml
# systemctl restart tomcat9
# /opt/shibboleth-idp/bin/status.sh
Jika menggunakan LDAP maka LDAP.authenticator menggunakan bindSearchAuthenticator, Jika menggunakan AD sebagai Data Source maka LDAP.authenticator dapat diubah dengan adAuthenticator. Notes: Jika anda menggunakan LDAP sebagai datasource # nano /opt/shibboleth-idp/conf/ldap.properties idp.authn.LDAP.authenticator = bindSearchAuthenticator idp.authn.LDAP.ldapURL = ldap://idp-<domain-anda>.uii.id:389 idp.authn.LDAP.useStartTLS = false idp.authn.LDAP.baseDN = dc=idp-<domain-anda>,dc=uii,dc=id idp.authn.LDAP.userFilter = (uid={user}) idp.authn.LDAP.bindDN = cn=admin,dc=idp-<domain-anda>,dc=uii,dc=id idp.authn.LDAP.dnFormat = %s@idp-<domain-anda>.uii.id Notes: Jika anda menggunakan Active Directory (AD) sebagai datasource # nano /opt/shibboleth-idp/conf/ldap.properties idp.authn.LDAP.authenticator = adAuthenticator idp.authn.LDAP.ldapURL = ldap://ad.bsi.io:389 idp.authn.LDAP.useStartTLS = false idp.authn.LDAP.trustCertificates = %{idp.home}/credentials/ldap-server.crt idp.authn.LDAP.trustStore = %{idp.home}/credentials/ldap-server.truststore idp.authn.LDAP.returnAttributes = passwordExpirationTime,loginGraceRemaining idp.authn.LDAP.baseDN = DC=uii,DC=ac,DC=id idp.authn.LDAP.subtreeSearch = false idp.authn.LDAP.userFilter = (sAMAccountName={user}) idp.authn.LDAP.bindDN = CN=sso,OU=Sistem,OU=Accounts,DC=uii,DC=ac,DC=id idp.authn.LDAP.dnFormat = % idp.attribute.resolver.LDAP.ldapURL = %{idp.authn.LDAP.ldapURL} idp.attribute.resolver.LDAP.connectTimeout = %{idp.authn.LDAP.connectTimeout:PT3S} idp.attribute.resolver.LDAP.responseTimeout = %{idp.authn.LDAP.responseTimeout:PT3S} idp.attribute.resolver.LDAP.baseDN = %{idp.authn.LDAP.baseDN:undefined} idp.attribute.resolver.LDAP.bindDN = %{idp.authn.LDAP.bindDN:undefined} idp.attribute.resolver.LDAP.useStartTLS = %{idp.authn.LDAP.useStartTLS:true} idp.attribute.resolver.LDAP.trustCertificates = %{idp.authn.LDAP.trustCertificates:undefined} idp.attribute.resolver.LDAP.searchFilter = (sAMAccountName=$resolutionContext.principal)
# nano /opt/shibboleth-idp/credentials/secrets.properties idp.authn.LDAP.bindDNCredential = Federasi2021!
Standar oid number SAML versi 2 dapat dilihat di sini http://software.internet2.edu/eduperson/internet2-mace-dir-eduperson-201602.html atauhttps://commons.lbl.gov/display/IDMgmt/Attribute+Definitions # nano /opt/shibboleth-idp/conf/attribute-resolver.xml <!-- Attribute Definition --> <AttributeDefinition xsi:type="Simple" id="givenName"> <InputDataConnector ref="myLDAP" attributeNames="givenName"/> <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:givenName" encodeType="false" /> <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" encodeType="false" /> </AttributeDefinition> <AttributeDefinition id="uid" xsi:type="Simple"> <InputDataConnector ref="myLDAP" attributeNames="uid"/> <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" /> <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" /> </AttributeDefinition> <AttributeDefinition xsi:type="Simple" id="mail"> <InputDataConnector ref="myLDAP" attributeNames="mail"/> <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" /> <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" /> </AttributeDefinition> <!-- Data Connectors --> <DataConnector id="myLDAP" xsi:type="LDAPDirectory" ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}" baseDN="%{idp.attribute.resolver.LDAP.baseDN}" principal="%{idp.attribute.resolver.LDAP.bindDN}" principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"> <FilterTemplate> <![CDATA[ %{idp.attribute.resolver.LDAP.searchFilter} ]]> </FilterTemplate> </DataConnector>
# nano /opt/shibboleth-idp/metadata/idp-metadata.xml <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:req-attr="urn:oasis:names:tc:SAML:protocol:ext:req-attr" validUntil="2022-05-27T01:35:31.706Z" entityID="https://idp.uii.id/idp/shibboleth*">
# systemctl restart tomcat9
# /opt/shibboleth-idp/bin/status.sh
https://domain-anda/idp/shibboleth Instalasi Service Provider (SP)
Install Requirements
# apt update && apt upgrade
# curl --fail --remote-name https://pkg.switch.ch/switchaai/ubuntu/dists/bionic/main/binary-all/misc/switchaai-apt-source_1.0.0ubuntu1_all.deb
# apt install ./switchaai-apt-source_1.0.0ubuntu1_all.deb
# apt update
# apt install --install-recommends shibboleth -y
# shib-keygen -h sp-<DOMAINANDA>.uii.id
# nano /etc/shibboleth/shibboleth2.xml <ApplicationDefaults entityID="https://sp-<DOMAIN-ANDA>.uii.id/shibboleth" REMOTE_USER="eppn subject-id pairwise-id persistent-id" cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1"> …………………… <Handler type="MetadataGenerator" Location="/Metadata" signing="true"/> ………………... <CredentialResolver type="File" use="signing" key="sp-key.pem" certificate="sp-cert.pem"/> <CredentialResolver type="File" use="encryption" key="sp-key.pem" certificate="sp-cert.pem"/>
# systemctl restart shibd
# shibd -t
# nano /etc/apache2/sites-available/000-default-le-ssl.conf <Location /auth/fedauth> Options -Indexes +FollowSymLinks +MultiViews AuthType shibboleth ShibRequireSession On require valid-user </Location> <Location /index.php/auth/fedauth> Options -Indexes +FollowSymLinks +MultiViews AuthType shibboleth ShibRequireSession On require valid-user </Location>
# systemctl restart apache2
Attribute Definitions
Pada menu ini user Administrator dapat menghapus dan menambahkan attribute dengan mendefinisikan nama attribute, oid number SAML2 dan oid number SAML1.
Hal ini dilakukan karena attribute mail yang sering digunakan bukan attribute Email.
SAML2 : urn:oid:0.9.2342.19200300.100.1.3 SAML1 : urn:mace:dir:attribute-def:mail Standar oid number SAML versi 2 dapat dilihat di sini http://software.internet2.edu/eduperson/internet2-mace-dir-eduperson-201602.html atauhttps://commons.lbl.gov/display/IDMgmt/Attribute+Definitions
Konfigurasi IdP
metadataURL didapatkan dari URL metadata dari Jagger pada bagian tab Federations → klik Federasi Anda → klik tab Metadata → copy URL Federation metadata public link (signed), certificateFile didapatkan dari certificate Jagger pada file /opt/md-signer/metadata-signer.crt. Edit file /opt/shibboleth-idp/conf/metadata-providers.xml # nano /opt/shibboleth-idp/conf/metadata-providers.xml <MetadataProvider id="Workshop" xsi:type="FileBackedHTTPMetadataProvider" backingFile="%{idp.home}/metadata/metadata-workshop-federation-signed.xml" metadataURL="https://jagger.federasi.id/signedmetadata/federation/Workshop-Federation/metadata.xml"> <MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/metaroot.pem" /> <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P30D"/> <MetadataFilter xsi:type="EntityRoleWhiteList"> <RetainedRole>md:SPSSODescriptor</RetainedRole> </MetadataFilter> </MetadataProvider>
Registrasi Identity Provider (IdP)
Attribute Release Policy (ARP)
Pada IdP v4.0.1, attribute filter dapat menggunakan ARP dari Jagger dengan mendefinisikan pada file /opt/shibboleth-idp/conf/services.xml.
Konfigurasi Identity Provider (IdP)
# nano /opt/shibboleth-idp/conf/services.xml Disable bagian di bawah ini : <value>%{idp.home}/conf/attributes/default-rules.xml</value> Kemudian tambahkan script ref bean seperti di bawah ini : <util:list id ="shibboleth.AttributeFilterResources"> <value>%{idp.home}/conf/attribute-filter.xml</value> <ref bean="WorkshopFederasiAttributeFilterResource"/> </util:list> Tambahkan script di bawah ini sebelum </beans> <bean id="MyHTTPClient" parent="shibboleth.HttpClientFactory" p:connectionTimeout="PT30S" p:connectionRequestTimeout="PT30S" p:socketTimeout="PT30S" /> <bean id="WorkshopFederasiAttributeFilterResource" class="net.shibboleth.ext.spring.resource.FileBackedHTTPResource" c:client-ref="MyHTTPClient" c:url="https://domain_anda/arp/format3exp/aHR0cHM6Ly9pZHAudWlpLmFjLmlkL2lkcC9zaGliYm9sZXRo/arp.xml" c:backingFile="%{idp.home}/conf/attribute-filter-jagger-federasi.xml"/>
# systemctl restart tomcat9
# tail -f /opt/shibboleth-idp/logs/idp-process.log
# /opt/shibboleth-idp/bin/status.sh
Registrasi Service Provider (SP)
Konfigurasi Service Provider (SP)
SSO entityID adalah entityID IdP yang akan digunakan. URLyang digunakan pada MetadataProvider diambil dari URL metadata dari Jagger pada bagian tab Federations→ klik Federasi Anda → klik tab Metadata → copy URL Federation metadata public link (signed), backingFilePath diarahkan ke folder /var/cache/shibboleth, certificate pada MetadataFilter didapatkan dari certificate Jagger pada file /opt/md-signer/metadata-signer.crt. Sesuaikan maxValidityInterval dengan konfigurasi yang ada di VM Jagger pada file /opt/rr3/application/config/config_rr.php di bawah ini kami berikan contoh maxValidityInterval="2592000" ini dalam satuan second ini sama artinya dengan 30 hari pada konfigurasi jagger. Jangan sampai terbalik!! # nano /etc/shibboleth/shibboleth2.xml <SSO entityID="https://idp-<DOMAINANDA>.uii.id/idp/shibboleth" discoveryProtocol="SAMLDS" discoveryURL="https://ds.example.org/DS/WAYF"> SAML2 </SSO> ………………………………… <MetadataProvider type="XML" validate="true" url="https://sp-<DOMAINANDA>.uii.id/signedmetadata/federation/Workshop-Federation/metadata.xml" backingFilePath="federation-metadata.xml" maxRefreshDelay="7200"> <MetadataFilter type="RequireValidUntil" maxValidityInterval="2592000"/> <MetadataFilter type="Signature" certificate="fedsigner.pem" verifyBackup="false"/> <DiscoveryFilter type="Exclude" matcher="EntityAttributes" trimTags="true" attributeName="http://macedir.org/entity-category" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" attributeValue="http://refeds.org/cat
# nano /etc/shibboleth/attribute-map.xml <Attribute name="urn:oid:2.5.4.42" id="givenName"/> <Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/> <Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/> <Attribute name="urn:mace:dir:attribute-def:givenName" id="givenName"/> <Attribute name="urn:mace:dir:attribute-def:uid" id="uid"/> <Attribute name="urn:mace:dir:attribute-def:mail" id="mail"/>
# systemctl restart shibd
# shibd -t overall configuration is loadable, check console or log for non-fatal problems
Pengujian pada Federated Access Jagger
Hal ini muncul karena username yang digunakan untuk login belum terdaftar pada Jagger.
max_execution_time=600 post_max_size = 16M upload_max_filesize = 16M
Video tutorial 1 Video tutorial 2 |