Installing SP2.x under Linux: Difference between revisions
(link to Editing XML and EntityIDs) |
(Ass 'where do we go from here' links) |
||
Line 28: | Line 28: | ||
[Note: "Starting shibd listener failed to enter listen loop" means that you were not root]. See /var/log/shibboleth/shibd.log for startup messages. The Shibboleth RPM will have already set shibd to restart on boot. | [Note: "Starting shibd listener failed to enter listen loop" means that you were not root]. See /var/log/shibboleth/shibd.log for startup messages. The Shibboleth RPM will have already set shibd to restart on boot. | ||
( | (Re-)start Apache. In case of failure see /var/log/apache2/error_log | ||
Access http://<hostname>/secure/. You should be redirected to Raven to authenticate, be asked to accept release of your information to your site, and then see a 404 error page from your server (because you have no content in the requested location). See /var/log/apache2/error_log, /var/log/shibboleth/shibd.log and /var/log/shibboleth/transaction.log for clues if something goes wrong. | Access http://<hostname>/secure/. You should be redirected to Raven to authenticate, be asked to accept release of your information to your site, and then see a 404 error page from your server (because you have no content in the requested location). See /var/log/apache2/error_log, /var/log/shibboleth/shibd.log and /var/log/shibboleth/transaction.log for clues if something goes wrong. | ||
You now have a web server running the Shibboleth SP software and protecting the content of http://<hostname>/secure/ by requiring an authenticated Raven login (by anyone). Where you go from here depends on what you want to do. Options include: | |||
* [[Anonymous SP|Continue to run an 'anonymous' SP]] | |||
* [[Ucam federation registration|Register your server in the 'Ucam Federation']] | |||
* [[UK federation registration|Register your server in the 'UK federation']] | |||
* [[Shibboleth access control - Native Apache|Configure access control using native Apache configuration files]] (https.conf, .htaccess, etc.) | |||
* [[Shibboleth access control - shibboleth2.xml|Configure access control using shibboleth2.xml]] |
Revision as of 17:07, 9 March 2009
Currently assumes SLES 10 using UCS-supplied RPMs. See also NativeSPLinuxInstall in the Internet2 Shib Wiki.
Currently also assuming prefork apache installed (may or may not work with worker).
Acquire (**TODO: from where?) and install RPMs for
log4shib xerces-c xml-security-c xmltooling opensaml shibboleth
and any of their dependencies.
In /etc/shibboleth:
- replace the supplied shibboleth2.xml and attribute-map.xml with Shibbileth2.xml - internal use skeleton and Attribute-map.xml - internal use skeleton respectively (copies also installed as *-UCAMSKEL)
- find all occurrences of 'FIX-ME' in the new shibboleth2.xml and replace them as directed in the adjacent comments (see Editing XML and EntityIDs for useful background).
- Create a copy of 'Ucam Federation' IdP metadata
- TODO: need download locations for these
Run (as root)
/usr/sbin/shibd -t
expect to see "overall configuration is loadable, check console for non-fatal problems". Fix mistakes. otherwise.
Start shibd (as root) with
/etc/init.d/shibd start
[Note: "Starting shibd listener failed to enter listen loop" means that you were not root]. See /var/log/shibboleth/shibd.log for startup messages. The Shibboleth RPM will have already set shibd to restart on boot.
(Re-)start Apache. In case of failure see /var/log/apache2/error_log
Access http://<hostname>/secure/. You should be redirected to Raven to authenticate, be asked to accept release of your information to your site, and then see a 404 error page from your server (because you have no content in the requested location). See /var/log/apache2/error_log, /var/log/shibboleth/shibd.log and /var/log/shibboleth/transaction.log for clues if something goes wrong.
You now have a web server running the Shibboleth SP software and protecting the content of http://<hostname>/secure/ by requiring an authenticated Raven login (by anyone). Where you go from here depends on what you want to do. Options include: