Installing SP2.x under OSX: Difference between revisions
No edit summary |
|||
(14 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==Installing/Configuring Shibboleth for OS Server 10.6.8== | |||
== | Legacy info here: [[Installing SP2.x under MacOS]] | ||
===Install MacPorts & Shibboleth=== | |||
==== | ====Method 1==== | ||
Download and install OS X Developer Tools from https://developer.apple.com (you may need to create an account first) | Download and install OS X Developer Tools from https://developer.apple.com (you may need to create an account first) | ||
Line 12: | Line 14: | ||
<tt>sudo port selfupdate</tt> | <tt>sudo port selfupdate</tt> | ||
<tt>sudo port install shibboleth</tt> | <tt>sudo port install shibboleth</tt> | ||
'''The installation of Shibboleth and supporting software will take some time.''' | '''The installation of Shibboleth and supporting software will take some time.''' | ||
==== | ====Method 2==== | ||
Install the package from ftp://ftp.csx.cam.ac.uk/cam_only/Mac/OSX/Misc/shibboleth-2.4.3.dmg. This software is built for 32/64 bit intel and should work on 10.5 and later. | |||
Once installed you need to create the OpenSSL certificates: | |||
<tt> | <tt>sudo /opt/local/etc/shibboleth/keygen.sh</tt> | ||
===Enable SSL=== | |||
=== | |||
Using Server Admin select Web | Sites pane, choose the website and enable SSL from the security tab | Using Server Admin select Web | Sites pane, choose the website and enable SSL from the security tab | ||
=== | ===Configure Apache=== | ||
Add the following to the /etc/apache2/httpd.conf file: | Add the following to the /etc/apache2/httpd.conf file: | ||
Line 50: | Line 39: | ||
If you are not using apache v2.2 then edit the above line appropriately according to the contents of the /opt/local/etc/shibboleth/ directory. | If you are not using apache v2.2 then edit the above line appropriately according to the contents of the /opt/local/etc/shibboleth/ directory. | ||
Ensure that the ''ServerName'' directive is set correctly and ''UseCanonicalName'' is set to ''On'' | Ensure that the ''ServerName'' directive is set correctly and ''UseCanonicalName'' is set to ''On'' in /etc/apache2/httpd.conf | ||
=== | ===Configure Shibboleth=== | ||
<tt>$ cd /opt/local/etc/shibboleth/</tt> | <tt>$ cd /opt/local/etc/shibboleth/</tt> | ||
Line 68: | Line 57: | ||
A correctly configured install will return 'overall configuration is loadable, check console for non-fatal problems'. If not, check syntax and try again. | A correctly configured install will return 'overall configuration is loadable, check console for non-fatal problems'. If not, check syntax and try again. | ||
===Starting the service=== | |||
Set shib to load at startup: | Set shib to load at startup: | ||
Line 80: | Line 69: | ||
Before you can proceed any further you will need to register you SP, at least with Raven. See [[SP registration]] for details | Before you can proceed any further you will need to register you SP, at least with Raven. See [[SP registration]] for details | ||
Test your page | Test your page by going to https://your.server.cam.ac.uk/secure | ||
===Reloading the service=== | |||
Any changes to the shib config require shibd and apache to be reloaded: | Any changes to the shib config require shibd and apache to be reloaded: | ||
<tt> | <tt>sudo launchctl unload -w /opt/local/etc/LaunchDaemons/org.macports.shibd/org.macports.shibd.plist</tt> | ||
<tt> | <tt>sudo launchctl load -w /opt/local/etc/LaunchDaemons/org.macports.shibd/org.macports.shibd.plist</tt> | ||
<tt> | <tt> sudo apachectl restart</tt> | ||
You may care to script this to save your sanity when making lots of changes/testing.. | You may care to script this to save your sanity when making lots of changes/testing.. | ||
===Logging=== | |||
Check the following locations for logging info: | Check the following locations for logging info: | ||
Line 101: | Line 90: | ||
/opt/local/var/log/shibboleth/transaction.log | /opt/local/var/log/shibboleth/transaction.log | ||
/opt/local/var/log/shibboleth/shibd_warn.log | |||
/var/log/apache2/access.log | /var/log/apache2/access.log | ||
Line 106: | Line 97: | ||
/var/log/apache2/error.log | /var/log/apache2/error.log | ||
===More information=== | |||
Most of this document was cribbed together from the following sources: | Most of this document was cribbed together from the following sources: |
Latest revision as of 08:19, 9 July 2012
Installing/Configuring Shibboleth for OS Server 10.6.8
Legacy info here: Installing SP2.x under MacOS
Install MacPorts & Shibboleth
Method 1
Download and install OS X Developer Tools from https://developer.apple.com (you may need to create an account first)
Download Mac Ports from http://www.macports.org/install.php and install the .pkg
Open Terminal and type:
sudo port selfupdate
sudo port install shibboleth
The installation of Shibboleth and supporting software will take some time.
Method 2
Install the package from ftp://ftp.csx.cam.ac.uk/cam_only/Mac/OSX/Misc/shibboleth-2.4.3.dmg. This software is built for 32/64 bit intel and should work on 10.5 and later.
Once installed you need to create the OpenSSL certificates:
sudo /opt/local/etc/shibboleth/keygen.sh
Enable SSL
Using Server Admin select Web | Sites pane, choose the website and enable SSL from the security tab
Configure Apache
Add the following to the /etc/apache2/httpd.conf file:
Include /opt/local/etc/shibboleth/apache22.config
If you are not using apache v2.2 then edit the above line appropriately according to the contents of the /opt/local/etc/shibboleth/ directory.
Ensure that the ServerName directive is set correctly and UseCanonicalName is set to On in /etc/apache2/httpd.conf
Configure Shibboleth
$ cd /opt/local/etc/shibboleth/
$ sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/shibboleth2.xml-UCAMSKEL -o shibboleth2.xml
$ sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/attribute-map.xml-UCAMSKEL -o attribute-map.xml
Edit the config files and look for the FIX-ME flags highlighting required edits to the files. See https://wiki.csx.cam.ac.uk/raven/Shibboleth_documentation_and_HOWTOs#Deploying_Shibboleth_SPs_in_the_University for more info.
Once configured check the syntax with:
$ /opt/local/sbin/shibd -t
A correctly configured install will return 'overall configuration is loadable, check console for non-fatal problems'. If not, check syntax and try again.
Starting the service
Set shib to load at startup:
$ sudo launchctl load -w /opt/local/etc/LaunchDaemons/org.macports.shibd/org.macports.shibd.plist
Start Apache:
$ sudo serveradmin start web
Before you can proceed any further you will need to register you SP, at least with Raven. See SP registration for details
Test your page by going to https://your.server.cam.ac.uk/secure
Reloading the service
Any changes to the shib config require shibd and apache to be reloaded:
sudo launchctl unload -w /opt/local/etc/LaunchDaemons/org.macports.shibd/org.macports.shibd.plist
sudo launchctl load -w /opt/local/etc/LaunchDaemons/org.macports.shibd/org.macports.shibd.plist
sudo apachectl restart
You may care to script this to save your sanity when making lots of changes/testing..
Logging
Check the following locations for logging info:
/opt/local/var/log/shibboleth/shibd.log
/opt/local/var/log/shibboleth/transaction.log
/opt/local/var/log/shibboleth/shibd_warn.log
/var/log/apache2/access.log
/var/log/apache2/error.log
More information
Most of this document was cribbed together from the following sources:
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPMacInstall