Installing SP2.x under Linux: Difference between revisions

From RavenWiki
Jump to navigationJump to search
(link to Editing XML and EntityIDs)
(Ass 'where do we go from here' links)
Line 28: Line 28:
[Note: "Starting shibd listener failed to enter listen loop" means that you were not root]. See /var/log/shibboleth/shibd.log for startup messages. The Shibboleth RPM will have already set shibd to restart on boot.
[Note: "Starting shibd listener failed to enter listen loop" means that you were not root]. See /var/log/shibboleth/shibd.log for startup messages. The Shibboleth RPM will have already set shibd to restart on boot.


(re-)start Apache. In case of failure see /var/log/apache2/error_log
(Re-)start Apache. In case of failure see /var/log/apache2/error_log


Access http://<hostname>/secure/. You should be redirected to Raven to authenticate, be asked to accept release of your information to your site, and then see a 404 error page from your server (because you have no content in the requested location). See /var/log/apache2/error_log, /var/log/shibboleth/shibd.log and /var/log/shibboleth/transaction.log for clues if something goes wrong.
Access http://<hostname>/secure/. You should be redirected to Raven to authenticate, be asked to accept release of your information to your site, and then see a 404 error page from your server (because you have no content in the requested location). See /var/log/apache2/error_log, /var/log/shibboleth/shibd.log and /var/log/shibboleth/transaction.log for clues if something goes wrong.
You now have a web server running the Shibboleth SP software and protecting the content of http://<hostname>/secure/ by requiring an authenticated Raven login (by anyone). Where you go from here depends on what you want to do. Options include:
* [[Anonymous SP|Continue to run an 'anonymous' SP]]
* [[Ucam federation registration|Register your server in the 'Ucam Federation']]
* [[UK federation registration|Register your server in the 'UK federation']]
* [[Shibboleth access control - Native Apache|Configure access control using native Apache configuration files]] (https.conf, .htaccess, etc.)
* [[Shibboleth access control - shibboleth2.xml|Configure access control using shibboleth2.xml]]

Revision as of 17:07, 9 March 2009

Currently assumes SLES 10 using UCS-supplied RPMs. See also NativeSPLinuxInstall in the Internet2 Shib Wiki.

Currently also assuming prefork apache installed (may or may not work with worker).

Acquire (**TODO: from where?) and install RPMs for

log4shib 
xerces-c 
xml-security-c
xmltooling
opensaml 
shibboleth 

and any of their dependencies.

In /etc/shibboleth:

Run (as root)

 /usr/sbin/shibd -t

expect to see "overall configuration is loadable, check console for non-fatal problems". Fix mistakes. otherwise.

Start shibd (as root) with

 /etc/init.d/shibd start

[Note: "Starting shibd listener failed to enter listen loop" means that you were not root]. See /var/log/shibboleth/shibd.log for startup messages. The Shibboleth RPM will have already set shibd to restart on boot.

(Re-)start Apache. In case of failure see /var/log/apache2/error_log

Access http://<hostname>/secure/. You should be redirected to Raven to authenticate, be asked to accept release of your information to your site, and then see a 404 error page from your server (because you have no content in the requested location). See /var/log/apache2/error_log, /var/log/shibboleth/shibd.log and /var/log/shibboleth/transaction.log for clues if something goes wrong.

You now have a web server running the Shibboleth SP software and protecting the content of http://<hostname>/secure/ by requiring an authenticated Raven login (by anyone). Where you go from here depends on what you want to do. Options include: