Servicio de Informática

Windows 8 Install

1.- Go to network connections configuration, for instance by searching, as showed in the next figure:

2.-Select or configure a network connection, as shown in the following image :

3.In the resulting window, select "Manually connect to a wireless network":

 4.-Indicate the characteristics of the network as described in the following image :

5.- Once specified, click on the "Change connection settings": 

6.-In the resulting window, go to the "Security" tab and choose the authentication method EAP-TTLS, as specified in the following image:

7.-After selection, click on the "Settings" button. A window like the following image. Fill anonymous identity data, servers and certificates as shown in her :

8.- After accepting the previous window, click on the "Advanced Settings" and select the settings shown in the following image:

9.-After pressing the "Save credentials" An image like this appears . Enter it your user credentials in the UCO. • Tell the Esta dirección de correo electrónico está siendo protegida contra los robots de spam. Necesita tener JavaScript habilitado para poder verlo., so that your configuration works properly when connecting from another university or research center .

10.-Completed these steps, you can start your network connection, provided it is within the network scope thereof. The process is shown in the following two screens:

Installing PAPI as an SSO for a Shibboleth IdP
==============================================

Following these instructions, you can configure
the SSO service of Shibboleth IdP as a PoA of
PAPI. It makes available to the IdP the
identity of the principal, as long as the PAPI
assertion contains its value in the 'uid' field. 

Any other field in the assertion is not passed.

These instructions assume the following:

- You have installed at least a PAPI AS and a GPoA following the
  instructions of
  http://papi.rediris.es/rep/PerlQuickInstall.txt

- You hace downloaded the PAPIFilter jar file from: 
  ftp://ftp.rediris.es/rediris/papi/java/papifilter.jar

  and the PAPI-Shib wrapper filter from:
  ftp://ftp.rediris.es/rediris/papi/java/PAPIShibWrapperFilter.jar

- You have installed a Shibboleth IdP in this host under 
  http://.../shibboleth-idp


$ mkdir /usr/local/PAPI/PAPIFilter
$ ps -ef | md5sum | cut -c1-32 > /usr/local/PAPI/PAPIFilter/lkey
$ cat /var/log/messages | md5sum | cut -c1-32 > /usr/local/PAPIFilter/hkey
$ touch /usr/local/PAPI/PAPIFilter/cookies.txt
$ chown -R tomcat5 /usr/local/PAPI/PAPIFilter

$ cp papifilter.jar $CATALINA_HOME/shared/lib
$ cp PAPIShibWrapperFilter.jar $CATALINA_HOME/shared/lib
$ cd $CATALINA_HOME/common/lib
$ wget http://www.bouncycastle.org/download/bcprov-jdk15-132.jar

* Copy the AS public key to /usr/local/PAPI/PAPIFilter/MyAS_pubkey.pem
* Copy the GPoA public key to /usr/local/PAPI/PAPIFilter/_GPoA_pubkey.pem

In that directory, create the file PoAconf.xml copying the
following and changing poahost, ashost, etc:

<<<<<<<<<<<<<<<<<<<<<< CUT HERE >>>>>>>>>>>>>>>>>>>>>>
<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- 	Configuration file for PAPI filter in Tomcat
	Version: 0.2	06/07/2006
	Author: Ajay Daryanani Arjandas
-->
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">

<properties>
	<!-- Recognized AS's. For each AS, define: description, file path, public & private key files and URL, with the format: ASname.parameter  -->
<!--
	<entry key="MyAS.desc">Test AuthServer</entry>
	<entry key="MyAS.pubkeyName">/usr/local/PAPI/PAPIFilter/MyAS_pubkey.pem</entry>
	<entry key="MyAS.URL">http://ashost/cgi-bin/AuthServer</entry>
-->

	<!-- Cookie encrypting/decrypting AES key files -->
	<entry key="PoAkeys.lkeyName">/usr/local/PAPI/PAPIFilter/lkey</entry>
	<entry key="PoAkeys.hkeyName">/usr/local/PAPI/PAPIFilter/hkey</entry>

	<!-- PoA configuration values -->
	<entry key="PoAconf.serviceID">id_papifilter</entry>
	<entry key="PoAconf.location">/shibboleth-idp/SSO</entry>
	<entry key="PoAconf.path">/usr/local/PAPI/PAPIFilter/</entry>
	<entry key="PoAconf.cookieFile">cookies.txt</entry>
	<entry key="PoAconf.cookieMaxAge">604800</entry>
	<entry key="PoAconf.Cookie_Reject">any => accept</entry>
	<entry key="PoAconf.Lcook_Timeout">300000</entry>
	<entry key="PoAconf.acceptURL">$CATALINA_HOME/conf/PAPI/blueball.gif</entry>
	<entry key="PoAconf.rejectURL">$CATALINA_HOME/conf/PAPI/redball.gif</entry>
	<entry key="PoAconf.rejectMessage">You don't have the right cookies</entry>
	<entry key="PoAconf.POST_Method">manual</entry>
	<entry key="PoAconf.URL_Timeout">50000</entry>
	<entry key="PoAconf.PAPI_Filter">any => accept</entry> 
	<entry key="PoAconf.attSeparator">,</entry>
	<entry key="PoAconf.valSeparator">-</entry>
	<entry key="PoAconf.attValSeparator">=</entry>

	<!-- Parent GPoA values -->
	<entry key="ParentGPoA.URL">http://poahost/gpoa/PAPI/cookie_handler.cgi</entry> 
	<entry key="ParentGPoA.pubkeyName">/usr/local/PAPI/PAPIFilter/_GPoA_pubkey.pem</entry>
</properties>
<<<<<<<<<<<<<<<<<<<<<< CUT HERE >>>>>>>>>>>>>>>>>>>>>>


* Add the following lines to 
  $CATALINA_HOME/webapps/shibboleth-idp/WEB-INF/web.xml
  just before the last '</web-app>'


<<<<<<<<<<<<<<<<<<<<<< CUT HERE >>>>>>>>>>>>>>>>>>>>>>

  <filter>
    <filter-name>PAPI Filter</filter-name>
    <filter-class>es.rediris.papi.filter.PAPIFilter</filter-class>
    <init-param>
      <param-name>PAPI.configFile</param-name>
      <param-value>/usr/local/PAPI/PAPIFilter/PoAconf.xml</param-value>
    </init-param>
  </filter>

  <filter-mapping>
    <filter-name>PAPI Filter</filter-name>
    <url-pattern>/SSO</url-pattern>
  </filter-mapping>

  <filter>
    <filter-name>PAPI Shib Wrapper Filter</filter-name>
    <filter-class>es.rediris.papi.filter.PAPIShibWrapperFilter</filter-class>
  </filter>

  <filter-mapping>
    <filter-name>PAPI Shib Wrapper Filter</filter-name>
    <url-pattern>/SSO</url-pattern>
  </filter-mapping>

<<<<<<<<<<<<<<<<<<<<<< CUT HERE >>>>>>>>>>>>>>>>>>>>>>