Installing SP2.x under Linux: Difference between revisions
(Ass 'where do we go from here' links) |
(No longer need to download local metadata, files have download locations) |
||
| Line 15: | Line 15: | ||
In /etc/shibboleth: | In /etc/shibboleth: | ||
* replace the supplied shibboleth2.xml and attribute-map.xml with [[Shibbileth2.xml - internal use skeleton]] and [[Attribute-map.xml - internal use skeleton]] respectively (copies also installed as *-UCAMSKEL) | * replace the supplied shibboleth2.xml and attribute-map.xml with [[Shibbileth2.xml - internal use skeleton]] and [[Attribute-map.xml - internal use skeleton]] respectively (copies also installed as *-UCAMSKEL by the University RPMs) | ||
* find all occurrences of 'FIX-ME' in the new shibboleth2.xml and replace them as directed in the adjacent comments (see [[Editing XML]] and [[EntityIDs]] for useful background). | * find all occurrences of 'FIX-ME' in the new shibboleth2.xml and replace them as directed in the adjacent comments (see [[Editing XML]] and [[EntityIDs]] for useful background). | ||
Run (as root) | Run (as root) | ||
Revision as of 16:09, 10 March 2009
Currently assumes SLES 10 using UCS-supplied RPMs. See also NativeSPLinuxInstall in the Internet2 Shib Wiki.
Currently also assuming prefork apache installed (may or may not work with worker).
Acquire (**TODO: from where?) and install RPMs for
log4shib xerces-c xml-security-c xmltooling opensaml shibboleth
and any of their dependencies.
In /etc/shibboleth:
- replace the supplied shibboleth2.xml and attribute-map.xml with Shibbileth2.xml - internal use skeleton and Attribute-map.xml - internal use skeleton respectively (copies also installed as *-UCAMSKEL by the University RPMs)
- find all occurrences of 'FIX-ME' in the new shibboleth2.xml and replace them as directed in the adjacent comments (see Editing XML and EntityIDs for useful background).
Run (as root)
/usr/sbin/shibd -t
expect to see "overall configuration is loadable, check console for non-fatal problems". Fix mistakes. otherwise.
Start shibd (as root) with
/etc/init.d/shibd start
[Note: "Starting shibd listener failed to enter listen loop" means that you were not root]. See /var/log/shibboleth/shibd.log for startup messages. The Shibboleth RPM will have already set shibd to restart on boot.
(Re-)start Apache. In case of failure see /var/log/apache2/error_log
Access http://<hostname>/secure/. You should be redirected to Raven to authenticate, be asked to accept release of your information to your site, and then see a 404 error page from your server (because you have no content in the requested location). See /var/log/apache2/error_log, /var/log/shibboleth/shibd.log and /var/log/shibboleth/transaction.log for clues if something goes wrong.
You now have a web server running the Shibboleth SP software and protecting the content of http://<hostname>/secure/ by requiring an authenticated Raven login (by anyone). Where you go from here depends on what you want to do. Options include:
