Installing SP2.x under OSX: Difference between revisions

From RavenWiki
Jump to navigationJump to search
No edit summary
Line 23: Line 23:
<tt>$ sudo chmod 644 sp-cert.pem</tt>
<tt>$ sudo chmod 644 sp-cert.pem</tt>


====Create the Shibboleth log file====
====Create the Shibboleth log file (not needed?====


<tt>$ sudo touch /opt/local/var/log/httpd/native.log</tt>
<tt>$ sudo touch /opt/local/var/log/httpd/native.log</tt>

Revision as of 09:01, 5 July 2012

This page is still a work in progress. Caveat emptor and all that...

Installing/Configuring Shibboleth for OS Server 10.6.8

Install MacPorts & Shibboleth

Download and install OS X Developer Tools from https://developer.apple.com (you may need to create an account first)

Download Mac Ports from http://www.macports.org/install.php and install the .pkg

Open Terminal and type:

sudo port selfupdate

sudo port install shibboleth

The installation of Shibboleth and supporting software will take some time.

As the default permissions for the cert files causes Shibboleth to fail they need changing:

$ sudo chmod 740 sp-key.pem

$ sudo chmod 644 sp-cert.pem

Create the Shibboleth log file (not needed?

$ sudo touch /opt/local/var/log/httpd/native.log

$ sudo chown _www /opt/local/var/log/httpd/native.log

Ensure SSL is enabled for the website

Using Server Admin select Web | Sites pane, choose the website and enable SSL from the security tab

Configuring Apache

Add the following to the /etc/apache2/httpd.conf file:

Include /opt/local/etc/shibboleth/apache22.config

If you are not using apache v2.2 then edit the above line appropriately according to the contents of the /opt/local/etc/shibboleth/ directory.

Ensure that the ServerName directive is set correctly and UseCanonicalName is set to On in /etc/apache2/httpd.conf

Download the Shibboleth configuration templates

$ cd /opt/local/etc/shibboleth/

$ sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/shibboleth2.xml-UCAMSKEL -o shibboleth2.xml

$ sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/attribute-map.xml-UCAMSKEL -o attribute-map.xml

Edit the config files and look for the FIX-ME flags highlighting required edits to the files. See https://wiki.csx.cam.ac.uk/raven/Shibboleth_documentation_and_HOWTOs#Deploying_Shibboleth_SPs_in_the_University for more info.

Once configured check the syntax with:

$ /opt/local/sbin/shibd -t

A correctly configured install will return 'overall configuration is loadable, check console for non-fatal problems'. If not, check syntax and try again.

Starting the service

Set shib to load at startup:

$ sudo launchctl load -w /opt/local/etc/LaunchDaemons/org.macports.shibd/org.macports.shibd.plist

Start Apache:

$ sudo serveradmin start web

Before you can proceed any further you will need to register you SP, at least with Raven. See SP registration for details

Test your page!

Reloading the service

Any changes to the shib config require shibd and apache to be reloaded:

sudo launchctl unload -w /opt/local/etc/LaunchDaemons/org.macports.shibd/org.macports.shibd.plist

sudo launchctl load -w /opt/local/etc/LaunchDaemons/org.macports.shibd/org.macports.shibd.plist

sudo apachectl restart

You may care to script this to save your sanity when making lots of changes/testing..

Logging

Check the following locations for logging info:

/opt/local/var/log/shibboleth/shibd.log

/opt/local/var/log/shibboleth/transaction.log

/opt/local/var/log/shibboleth/shibd_warn.log

/var/log/apache2/access.log

/var/log/apache2/error.log

More information

Most of this document was cribbed together from the following sources:

https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPMacInstall

https://wiki.csx.cam.ac.uk/raven/Shibboleth_documentation_and_HOWTOs#Deploying_Shibboleth_SPs_in_the_University