Installing SP2.x under Linux: Difference between revisions

From RavenWiki
Jump to navigationJump to search
(Assorted development)
(Revise 'Where to go from here' links)
Line 28: Line 28:
Access http://<hostname>/secure/. You should be redirected to Raven to authenticate, be asked to accept release of your information to your site, and then see a 404 error page from your server (because you have no content in the requested location). See /var/log/apache2/error_log, /var/log/shibboleth/shibd.log and /var/log/shibboleth/transaction.log for clues if something goes wrong. Feel free to create some content in /srv/www/htdocs/secure for a better demonstration.  
Access http://<hostname>/secure/. You should be redirected to Raven to authenticate, be asked to accept release of your information to your site, and then see a 404 error page from your server (because you have no content in the requested location). See /var/log/apache2/error_log, /var/log/shibboleth/shibd.log and /var/log/shibboleth/transaction.log for clues if something goes wrong. Feel free to create some content in /srv/www/htdocs/secure for a better demonstration.  


You now have a web server running the Shibboleth SP software and protecting the content of http://<hostname>/secure/ by requiring an authenticated Raven login (by anyone). Where you go from here depends on what you want to do. Options include:
You now have a web server running the Shibboleth SP software and protecting the content of http://<hostname>/secure/ by requiring an authenticated Raven login (by anyone). Where you go from here depends on what you want to do. Topics to consider include:
* [[Anonymous SP|Continue to run an 'anonymous' SP]]
* [[SP registration]]
* [[Ucam federation registration|Register your server in the 'Ucam Federation']]
* [[Using SSL and certificates with Shibboleth|Using SSL and certificates]]
* [[UK federation registration|Register your server in the 'UK federation']]
* [[Configuring Shibboleth access control|Configuring access control]]
* [[Shibboleth access control - Native Apache|Configure access control using native Apache configuration files]] (https.conf, .htaccess, etc.)
* [[Virtual hosting issues with Shibboleth|Virtual hosting issues]]
* [[Shibboleth access control - shibboleth2.xml|Configure access control using shibboleth2.xml]]

Revision as of 17:44, 10 March 2009

Currently this is for SLES 10 using UCS-supplied RPMs - see NativeSPLinuxInstall in the Internet2 Shib Wiki for instructions on installing in other versions of Linux, and then adapt these instructions accordingly. Currently also assuming you are using the prefork version Apache - this may or may not all work with worker. We also assume that your web server serves a single site - virtual hosting considerations will be addressed later.

Download and install SLES 10 RPMs from | the Raven project site. Download and install the latest RPM for each of the following (you can ignore devel, debuginfo, or docs packages):

log4shib 
xerces-c 
xml-security-c
xmltooling
opensaml 
shibboleth 

and any of their dependencies.

In /etc/shibboleth:

Run (as root)

 /usr/sbin/shibd -t

expect to see "overall configuration is loadable, check console for non-fatal problems". Fix mistakes. otherwise.

Start shibd (as root) with

 /etc/init.d/shibd start

[Note: "Starting shibd listener failed to enter listen loop" means that you were not root]. See /var/log/shibboleth/shibd.log for startup messages. The Shibboleth RPM will have already set shibd to restart on boot.

(Re-)start Apache. In case of failure see /var/log/apache2/error_log

Access http://<hostname>/secure/. You should be redirected to Raven to authenticate, be asked to accept release of your information to your site, and then see a 404 error page from your server (because you have no content in the requested location). See /var/log/apache2/error_log, /var/log/shibboleth/shibd.log and /var/log/shibboleth/transaction.log for clues if something goes wrong. Feel free to create some content in /srv/www/htdocs/secure for a better demonstration.

You now have a web server running the Shibboleth SP software and protecting the content of http://<hostname>/secure/ by requiring an authenticated Raven login (by anyone). Where you go from here depends on what you want to do. Topics to consider include: