Installing SP2.x under MacOS

From RavenWiki
Revision as of 14:36, 12 March 2009 by jwrn3 (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

This page is still very much a work in progress.

Installing/Configuring Shibboleth for OS Server 10.5.6

1. Install MacPorts (v1.7.0) http://www.macports.org/install.php 2 sudo /opt/local/bin/port selfupdate 2. Get Shib profiles: 2.1 cd /opt/local/ 2.2 sudo curl http://shibboleth.internet2.edu/downloads/shibboleth/cppsp/latest/mac/ports.tar | tar xv

3. Edit /opt/local/etc/macports/sources.conf and add in: file:///opt/local/ports [nosync]

before the line:

rsync://rsync.macports.org/release/ports/ [default]

4. Install Shib 4.1 sudo port install curl +ssl (ssl enabled curl required) 4.2 sudo port install shibboleth

For first time installs only:

cd /opt/local/etc/shibboleth ls -1 *.dist | sed -e 's/\.dist//' | xargs -I % sudo cp "%.dist" "%" sudo sh ./keygen.sh chmod the key files here: chmod 740 sp-key.pem, chmod 644 sp-cert.pem (default permissions appear to be wrong)

Make Apache 32 bit only:

sudo emacs /usr/sbin/apachectl change HTTPD variable from:

HTTPD='/usr/sbin/httpd'

to:

HTTPD='arch -i386 /usr/sbin/httpd'

Add the following 2 lines to the <array> element in /System/Library/LaunchDaemons/org.apache.httpd.plist:

<string>arch</string> <string>-i386</string>

The array element should look like this when done:

<array>

               <string>arch</string>
               <string>-i386</string>
               <string>/usr/sbin/httpd</string>
               <string>-D</string>
               <string>FOREGROUND</string>
       </array>

Create the log file: sudo touch /opt/local/var/log/httpd/native.log sudo chown _www /opt/local/var/log/httpd/native.log

Grab the config files:

cd /opt/local/etc/shibboleth/ sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/shibboleth2.xml-UCAMSKEL -o shibboleth2.xml sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/attribute-map.xml-UCAMSKEL -o attribute-map.xml sudo curl https://shib.raven.cam.ac.uk/ucamfederation-idp-metadata.xml -o ucamfederation-idp-metadata.xml

Edit the config files and look for the FIX-ME flags to

Ensure SSL is enabled for the server (using default cert will work for testing) Add the following to the /etc/apapche2/httpd.conf file:

Include /opt/local/etc/shibboleth/apache22.config

and check that ServerName is set & UseCanonicalName is set to On

Set shib to load at startup: sudo launchctl load -w /Library/LaunchDaemons/org.macports.shibd.plist

Start Apache

sudo serveradmin start web

Test your page! Any changes to the shib config will require BOTH shibd and apache to be reloaded...