...
Make sure that you set a firewall rule which allows the peer IdP node to connect to the daemon (on TCP port 3306).
Create the shib and (optionally) shibadmin database users, e.g.:
| No Format |
|---|
# mysql -u root -p
Enter password: [Supply the root password created above]
mysql> CREATE USER 'shib'@'localhost' IDENTIFIED BY 'PASSWORD';
Query OK, 0 rows affected (0.00 sec)
mysql> CREATE USER 'shib'@'idp-1.mit.edu' IDENTIFIED BY 'PASSWORD';
Query OK, 0 rows affected (0.00 sec)
mysql> CREATE USER 'shib'@'idp-2.mit.edu' IDENTIFIED BY 'PASSWORD';
Query OK, 0 rows affected (0.00 sec)
mysql> CREATE USER 'shibadmin'@'localhost' IDENTIFIED BY 'ADMINPASSWORD';
Query OK, 0 rows affected (0.00 sec)
mysql> CREATE USER 'shibadmin'@'idp-1.mit.edu' IDENTIFIED BY 'ADMINPASSWORD';
Query OK, 0 rows affected (0.00 sec)
mysql> CREATE USER 'shibadmin'@'idp-2.mit.edu' IDENTIFIED BY 'ADMINPASSWORD';
Query OK, 0 rows affected (0.00 sec)
|
Replace PASSWORD and ADMINPASSWORD with the passwords for the shib and shibadmin users, respectively. The shib user will be used by the targeted ID software to access the database. The shibadmin user can be used as an alternative to root to initialize or update the database.
Firewall
Make sure that the additional port used by the IdP are enabled in the firewall. Use the command "iptables --list -n --line-numbers" to determine the proper rule number; the following example assumes we are inserting rules beginning at number 36. Also replace 18.x.y.z with the appropriate IP address of the peer node in the cluster, not the local host.
...