- Subject: [upki-fed:00876] Shibboleth IdP�$B$N@H
- Date: Fri, 05 Dec 2014 10:58:52 +0900
- From: �$B9qN)>pJs3X8&5f=j!!3XG';vL36I!!LnED�(B <xxxxxxxxxxxxxx@xxxxxxxxx>
�$B3F0L�(B
�$B!!9qN)>pJs3X8&5f=j!!3XG';vL36I$G$9!#�(B
�$BJ?AG$h$j3XG'$N1?1D$K$46(NO$r;r$j!$$"$j$,$H$&$4$6$$$^$9!#�(B
Shibboleth Project�$B$h$j�(BShibboleth IdP�$B$K4X$9$k@HpJs�(B([1])�$B$,H/I=$5$l$F�(B
�$B$$$^$9!#�(B
�$BK\@Hl�(B
�$B9g$KK\@Ho$N%"%C%W%G!<%Hl9g$Np$K$h$j$9$0$K%"%C%W%G!<%H$,:$Fq$J>l9g!$�(BShibboleth IdP 2.4.0�$B$*$h$S$=�(B
�$B$l0J9_$N%P!<%8%g%s$K$D$$$F$OBP1~$K$D$$$F@HpJs�(B([1])�$B$K@bL@$,$"$j$^$9�(B
�$B$N$G!$$=$A$i$r;29M$K$7$F$/$@$5$$!#�(B
------------------------------------------------------------
Shibboleth IdP�$B%"%C%W%G!<%Hl9g$O?7$7$$%P!<%8%g%s$K�(B
�$B%"%C%W%G!<%H$7$F$/$@$5$$!#�(B
OpenJDK�$B$G$O0J2<$K<($9%P!<%8%g%s$*$h$S$=$l0J9_$N%P!<%8%g%s$,BP:v$5�(B
�$B$l$?%P!<%8%g%s$G$9!#�(B([3][4][5][6])
OpenJDK 7�$B$N>l9g�(B:
CentOS 5�$B7O�(B: java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10
CentOS 6�$B7O�(B: java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4
OpenJDK 6�$B$N>l9g�(B:
CentOS 5�$B7O�(B: java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10
CentOS 6�$B7O�(B: java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4
Oracle�$B$N�(BJDK�$B$G$O0J2<$K<($9%P!<%8%g%s$*$h$S$=$l0J9_$N%P!<%8%g%s$,BP:v$5�(B
�$B$l$?%P!<%8%g%s$G$9!#�(B([7][8][9])
JDK 6�$B$N>l9g�(B: 6u65
JDK 7�$B$N>l9g�(B: 7u45
2. �$BDL>o$NH$/$@$5$$!#�(B
https://wiki.shibboleth.net/confluence/display/SHIB2/IdP2Upgrade
3. Xerces/Xalan�$B%i%$%V%i%j$r�(Bunendorse�$B$7$^$9!#�(B
endorsed�$B%G%#%l%/%H%jG[2<$N%i%$%V%i%j$,ITMW$K$J$j$^$9!#�(B
CATALINA_HOME(*1)�$BG[2<$N�(Bendorsed�$B%G%#%l%/%H%j$r:o=|$7$F$/$@$5$$!#�(B
(*1) CentOS�$BI8=`%Q%C%1!<%8$N�(Btomcat6�$B>l9g�(B: /usr/share/tomcat6
4. /opt/shibboleth-idp/conf/internal.xml�$B$r=$@5$7$^$9!#�(B
class="org.apache.xerces.util.SecurityManager
�$B$H$J$C$F$$$k2U=j$r�(B
class="com.sun.org.apache.xerces.internal.util.SecurityManager"
�$B$K=$@5$7$F$/$@$5$$!#�(B
5. /usr/java/tomcat/conf/server.xml�$B$r=$@5$7$^$9!#�(B
�$BA4$F$N�(BConnector�$BMWAG$K�(BmaxPostSize="100000"�$B$rDI2C$7$F$/$@$5$$!#�(B
�$B5;=Q%,%$%I$K=>$C$F@_Dj$7$F$$$k>l9g$O!V�(BConnector port="8443"�$B!W$H�(B
�$B!V�(BConnector port="8009"�$B!W$N�(B2�$B2U=j$,3:Ev$7$^$9!#$=$l$>$l0J2<$NDL$j=$@5�(B
�$B$7$F$/$@$5$$!#�(B
�$B"(�(B �$B!V�(B+�$B!W$O9T$NDI2C!$!V�(B-�$B!W$N9T$N:o=|$rI=$7$F$$$^$9!#�(B
[Connector port="8443"]
---
<Connector port="8443"
:
scheme="https"
+ maxPostSize="100000"
SSLEnabled="true"
keystorePass="xxxxx" />
---
[Connector port="8009"]
---
- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
+ <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
maxPostSize="100000"
---
6. tomcat�$B$r:F5/F0$7$^$9!#�(B
�$B0J>e�(B
------------------------------------------------------------
�$B;29M>pJs�(B:
�$B!&�(B[1] Shibboleth Identity Provider Security Advisory [3 November 2014]
http://shibboleth.net/community/advisories/secadv_20141103.txt
�$B!&�(B[2] �$B5;=Q%,%$%I�(B
https://meatwiki.nii.ac.jp/confluence/display/GakuNinShibInstall/IdP
�$B!&�(B[3] [CentOS-announce] CESA-2013:1505 Important CentOS 5
java-1.6.0-openjdk Update
http://lists.centos.org/pipermail/centos-announce/2013-November/020016.html
�$B!&�(B[4] [CentOS-announce] CESA-2013:1505 Important CentOS 6
java-1.6.0-openjdk Update
http://lists.centos.org/pipermail/centos-announce/2013-November/020019.html
�$B!&�(B[5] [CentOS-announce] CESA-2013:1447 Important CentOS 5
java-1.7.0-openjdk Update
http://lists.centos.org/pipermail/centos-announce/2013-October/019980.html
�$B!&�(B[6] [CentOS-announce] CESA-2013:1451 Critical CentOS 6
java-1.7.0-openjdk Update
http://lists.centos.org/pipermail/centos-announce/2013-October/019985.html
�$B!&�(B[7] Oracle Critical Patch Update Advisory - October 2013
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
�$B!&�(B[8] 7u65 Update Release Notes
http://www.oracle.com/technetwork/java/javase/7u65-relnotes-2229169.html
�$B!&�(B[9] Changes in 6u65
http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html
--
=========================================================
�$B!!9qN)>pJs3X8&5f=j�(B �$B3X=Q4pHW2]�(B �$B3XG';vL36I!!!JC4Ev!'LnED!K�(B
�$B!!�(BTEL�$B!'�(B03-4212-2218�$B!!�(xxxxxxxxxxxxxxx@xxxxxxxxx
�$B!!3XG'�(BWeb�$B%Z!<%8�(B https://www.gakunin.jp/
�$B!!?=@A%7%9%F%`�(B https://office.gakunin.nii.ac.jp/
=========================================================