Installing SP2.x under MacOS: Difference between revisions
No edit summary |
No edit summary |
||
Line 38: | Line 38: | ||
<tt>sysctl hw.optional.x86_64</tt> | <tt>sysctl hw.optional.x86_64</tt> | ||
If the result is 1 then do the following steps, otherwise skip | If the result is 1 then do the following steps, otherwise skip to the 'Create the Shibboleth log file' section | ||
<tt>sudo emacs /usr/sbin/apachectl</tt> | <tt>sudo emacs /usr/sbin/apachectl</tt> | ||
change HTTPD variable from: | change HTTPD variable from: | ||
Line 69: | Line 70: | ||
<tt>sudo touch /opt/local/var/log/httpd/native.log</tt> | <tt>sudo touch /opt/local/var/log/httpd/native.log</tt> | ||
<tt>sudo chown _www /opt/local/var/log/httpd/native.log</tt> | <tt>sudo chown _www /opt/local/var/log/httpd/native.log</tt> | ||
====Ensure SSL is enabled for the website==== | |||
#Using Server Admin: | |||
Web | Sites pane, choose the website and enable SSL from the security tab | |||
#Using serveradmin tool: | |||
Don't bother it's far to complicated.. | |||
====Configuring Apache==== | |||
Add the following to the /etc/apapche2/httpd.conf file: | |||
<pre>Include /opt/local/etc/shibboleth/apache22.config</pre> | |||
If you are not using apache v2.2 then edit the above line according to the contents of the /opt/local/etc/shibboleth/ directory. | |||
Ensure that the <pre>ServerName</pre> directive is set correctly and <pre>UseCanonicalName</pre> is set to <pre>On</pre> | |||
====Download the Shibboleth configuration templates==== | ====Download the Shibboleth configuration templates==== | ||
Line 77: | Line 99: | ||
<tt>sudo curl https://shib.raven.cam.ac.uk/ucamfederation-idp-metadata.xml -o ucamfederation-idp-metadata.xml</tt> | <tt>sudo curl https://shib.raven.cam.ac.uk/ucamfederation-idp-metadata.xml -o ucamfederation-idp-metadata.xml</tt> | ||
Edit the config files and look for the FIX-ME flags to | Edit the config files and look for the FIX-ME flags highlighting required edits to the files | ||
Set shib to load at startup: | Set shib to load at startup: |
Revision as of 15:49, 12 March 2009
This page is still _very_ much a work in progress.
Installing/Configuring Shibboleth for OS Server 10.5.6
- Install MacPortsfrom here: http://www.macports.org/install.php. v1.7.0 is the latest version.
- Update the Mac Ports repository: sudo /opt/local/bin/port selfupdate
- Install Shibboleth
- sudo port install curl +ssl (ssl enabled curl required)
- sudo port install shibboleth
The installation of Shibboleth and supporting software will take some time
- Get the Shibboleth profiles:
- cd /opt/local/
- sudo curl http://shibboleth.internet2.edu/downloads/shibboleth/cppsp/latest/mac/ports.tar | tar xv
- Edit /opt/local/etc/macports/sources.conf and add in:
file:///opt/local/ports [nosync]
before the line:
rsync://rsync.macports.org/release/ports/ [default]
For first time installs only
cd /opt/local/etc/shibboleth ls -1 *.dist | sed -e 's/\.dist//' | xargs -I % sudo cp "%.dist" "%" sudo sh ./keygen.sh
As the default permissions for the cert files causes Shibboleth to fail they need changing:
sudo chmod 740 sp-key.pem sudo chmod 644 sp-cert.pem
Disable Intel 64 bit architecture for Apache
Shibboleth is currently not compatible with the 64 bit architecture available on some newer Macs. To check run the folling command in Terminal"
sysctl hw.optional.x86_64
If the result is 1 then do the following steps, otherwise skip to the 'Create the Shibboleth log file' section
sudo emacs /usr/sbin/apachectl
change HTTPD variable from:
HTTPD='/usr/sbin/httpd'
to:
HTTPD='arch -i386 /usr/sbin/httpd'
Add the following 2 lines to the <array> element in /System/Library/LaunchDaemons/org.apache.httpd.plist:
<string>arch</string> <string>-i386</string>
The array element should look like this when done:
<array> <string>arch</string> <string>-i386</string> <string>/usr/sbin/httpd</string> <string>-D</string> <string>FOREGROUND</string> </array>
Create the Shibboleth log file
sudo touch /opt/local/var/log/httpd/native.log sudo chown _www /opt/local/var/log/httpd/native.log
Ensure SSL is enabled for the website
- Using Server Admin:
Web | Sites pane, choose the website and enable SSL from the security tab
- Using serveradmin tool:
Don't bother it's far to complicated..
Configuring Apache
Add the following to the /etc/apapche2/httpd.conf file:
Include /opt/local/etc/shibboleth/apache22.config
If you are not using apache v2.2 then edit the above line according to the contents of the /opt/local/etc/shibboleth/ directory.
Ensure that the
ServerName
directive is set correctly and
UseCanonicalName
is set to
On
Download the Shibboleth configuration templates
cd /opt/local/etc/shibboleth/ sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/shibboleth2.xml-UCAMSKEL -o shibboleth2.xml sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/attribute-map.xml-UCAMSKEL -o attribute-map.xml sudo curl https://shib.raven.cam.ac.uk/ucamfederation-idp-metadata.xml -o ucamfederation-idp-metadata.xml
Edit the config files and look for the FIX-ME flags highlighting required edits to the files
Set shib to load at startup:
sudo launchctl load -w /Library/LaunchDaemons/org.macports.shibd.plist
Start Apache
sudo serveradmin start web
Test your page! Any changes to the shib config will require BOTH shibd and apache to be reloaded...