...
No Format |
---|
# /etc/init.d/tid-sync start # chkconfig --add tid-sync |
Entitlements MySQL database
Beginning in the fall of 2012, the IdP attribute resolver can generate an eduPersonEntitlement attribute dynamically for a provider, based on parameters retrieved from a local MySQL database. The following steps for initializing this database assumes that MySQL has already been initialized, and the local targeted ID database has already been set up (see above).
Initialize the entitlements database
No Format |
---|
# cd /usr/local/shibboleth-idp/conf/entitlements
# mysql --defaults-extra-file=/usr/local/targeted-id/etc/root.cnf < entitlements.sql
|
Load the stored procedure into the database
No Format |
---|
# cd /usr/local/shibboleth-idp/conf/entitlements
# mysql --defaults-extra-file=/usr/local/targeted-id/etc/root.cnf < select_SP_params.sql
|
Set up the grant tables
No Format |
---|
# cd /usr/local/shibboleth-idp/conf/entitlements
# mysql --defaults-extra-file=/usr/local/targeted-id/etc/root.cnf < grants.sql
|
Firewall
Make sure that the additional port used by the IdP are enabled in the firewall. Use the command "iptables --list -n --line-numbers" to determine the proper rule number; the following example assumes we are inserting rules beginning at number 36. Also replace 18.x.y.z with the appropriate IP address of the peer node in the cluster, not the local host.
...