Installing SP2.x under MacOS: Difference between revisions

From RavenWiki
Jump to navigationJump to search
No edit summary
No edit summary
Line 38: Line 38:
<tt>sysctl hw.optional.x86_64</tt>
<tt>sysctl hw.optional.x86_64</tt>


If the result is 1 then do the following steps, otherwise skip this section
If the result is 1 then do the following steps, otherwise skip to the 'Create the Shibboleth log file' section


<tt>sudo emacs /usr/sbin/apachectl</tt>
<tt>sudo emacs /usr/sbin/apachectl</tt>
change HTTPD variable from:
change HTTPD variable from:


Line 69: Line 70:
<tt>sudo touch /opt/local/var/log/httpd/native.log</tt>
<tt>sudo touch /opt/local/var/log/httpd/native.log</tt>
<tt>sudo chown _www /opt/local/var/log/httpd/native.log</tt>
<tt>sudo chown _www /opt/local/var/log/httpd/native.log</tt>
====Ensure SSL is enabled for the website====
#Using Server Admin:
Web | Sites pane, choose the website and enable SSL from the security tab
#Using serveradmin tool:
Don't bother it's far to complicated..
====Configuring Apache====
Add the following to the /etc/apapche2/httpd.conf file:
<pre>Include /opt/local/etc/shibboleth/apache22.config</pre>
If you are not using apache v2.2 then edit the above line according to the contents of the /opt/local/etc/shibboleth/ directory.
Ensure that the <pre>ServerName</pre> directive is set correctly and <pre>UseCanonicalName</pre> is set to <pre>On</pre>


====Download the Shibboleth configuration templates====
====Download the Shibboleth configuration templates====
Line 77: Line 99:
<tt>sudo curl https://shib.raven.cam.ac.uk/ucamfederation-idp-metadata.xml -o ucamfederation-idp-metadata.xml</tt>
<tt>sudo curl https://shib.raven.cam.ac.uk/ucamfederation-idp-metadata.xml -o ucamfederation-idp-metadata.xml</tt>


Edit the config files and look for the FIX-ME flags to
Edit the config files and look for the FIX-ME flags highlighting required edits to the files


Ensure SSL is enabled for the server (using default cert will work for testing)
Add the following to the /etc/apapche2/httpd.conf file:


Include /opt/local/etc/shibboleth/apache22.config


and check that ServerName is set & UseCanonicalName is set to On


Set shib to load at startup:
Set shib to load at startup:

Revision as of 15:49, 12 March 2009

This page is still _very_ much a work in progress.

Installing/Configuring Shibboleth for OS Server 10.5.6

  1. Install MacPortsfrom here: http://www.macports.org/install.php. v1.7.0 is the latest version.
  2. Update the Mac Ports repository: sudo /opt/local/bin/port selfupdate
  3. Install Shibboleth
    1. sudo port install curl +ssl (ssl enabled curl required)
    2. sudo port install shibboleth

The installation of Shibboleth and supporting software will take some time

  1. Get the Shibboleth profiles:
    1. cd /opt/local/
    2. sudo curl http://shibboleth.internet2.edu/downloads/shibboleth/cppsp/latest/mac/ports.tar | tar xv
  2. Edit /opt/local/etc/macports/sources.conf and add in:
file:///opt/local/ports	[nosync]

before the line:

rsync://rsync.macports.org/release/ports/ [default]

For first time installs only

cd /opt/local/etc/shibboleth ls -1 *.dist | sed -e 's/\.dist//' | xargs -I % sudo cp "%.dist" "%" sudo sh ./keygen.sh

As the default permissions for the cert files causes Shibboleth to fail they need changing:

sudo chmod 740 sp-key.pem sudo chmod 644 sp-cert.pem

Disable Intel 64 bit architecture for Apache

Shibboleth is currently not compatible with the 64 bit architecture available on some newer Macs. To check run the folling command in Terminal"

sysctl hw.optional.x86_64

If the result is 1 then do the following steps, otherwise skip to the 'Create the Shibboleth log file' section

sudo emacs /usr/sbin/apachectl

change HTTPD variable from:

HTTPD='/usr/sbin/httpd'

to:

HTTPD='arch -i386 /usr/sbin/httpd'

Add the following 2 lines to the <array> element in /System/Library/LaunchDaemons/org.apache.httpd.plist:

<string>arch</string>
<string>-i386</string>

The array element should look like this when done:

	<array>
                <string>arch</string>
                <string>-i386</string>
                <string>/usr/sbin/httpd</string>
                <string>-D</string>
                <string>FOREGROUND</string>
        </array>

Create the Shibboleth log file

sudo touch /opt/local/var/log/httpd/native.log sudo chown _www /opt/local/var/log/httpd/native.log

Ensure SSL is enabled for the website

  1. Using Server Admin:

Web | Sites pane, choose the website and enable SSL from the security tab

  1. Using serveradmin tool:

Don't bother it's far to complicated..


Configuring Apache

Add the following to the /etc/apapche2/httpd.conf file:

Include /opt/local/etc/shibboleth/apache22.config

If you are not using apache v2.2 then edit the above line according to the contents of the /opt/local/etc/shibboleth/ directory.

Ensure that the

ServerName

directive is set correctly and

UseCanonicalName

is set to

On

Download the Shibboleth configuration templates

cd /opt/local/etc/shibboleth/ sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/shibboleth2.xml-UCAMSKEL -o shibboleth2.xml sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/attribute-map.xml-UCAMSKEL -o attribute-map.xml sudo curl https://shib.raven.cam.ac.uk/ucamfederation-idp-metadata.xml -o ucamfederation-idp-metadata.xml

Edit the config files and look for the FIX-ME flags highlighting required edits to the files



Set shib to load at startup: sudo launchctl load -w /Library/LaunchDaemons/org.macports.shibd.plist

Start Apache

sudo serveradmin start web

Test your page! Any changes to the shib config will require BOTH shibd and apache to be reloaded...