Installing SP2.x under MacOS

From RavenWiki
Revision as of 15:11, 12 March 2009 by jwrn3 (talk | contribs)
Jump to navigationJump to search

This page is still _very_ much a work in progress.

Installing/Configuring Shibboleth for OS Server 10.5.6

  1. Install MacPortsfrom here: http://www.macports.org/install.php. v1.7.0 is the latest version.
  2. Update the Mac Ports repository: sudo /opt/local/bin/port selfupdate
  3. Install Shib
    1. sudo port install curl +ssl (ssl enabled curl required)
    2. sudo port install shibboleth

The installation of Shibboleth and supporting software will take some time.

  1. Get the Shibboleth profiles:
    1. cd /opt/local/
    2. sudo curl http://shibboleth.internet2.edu/downloads/shibboleth/cppsp/latest/mac/ports.tar | tar xv
  2. Edit /opt/local/etc/macports/sources.conf and add in:

file:///opt/local/ports [nosync]

before the line:

rsync://rsync.macports.org/release/ports/ [default]


For first time installs only:

cd /opt/local/etc/shibboleth ls -1 *.dist | sed -e 's/\.dist//' | xargs -I % sudo cp "%.dist" "%" sudo sh ./keygen.sh chmod the key files here: chmod 740 sp-key.pem, chmod 644 sp-cert.pem (default permissions appear to be wrong)

Make Apache 32 bit only:

sudo emacs /usr/sbin/apachectl change HTTPD variable from:

HTTPD='/usr/sbin/httpd'

to:

HTTPD='arch -i386 /usr/sbin/httpd'

Add the following 2 lines to the <array> element in /System/Library/LaunchDaemons/org.apache.httpd.plist:

<string>arch</string> <string>-i386</string>

The array element should look like this when done:

<array> 

               <string>arch</string>
               <string>-i386</string>
               <string>/usr/sbin/httpd</string>
               <string>-D</string>
               <string>FOREGROUND</string>
       </array>

Create the log file: sudo touch /opt/local/var/log/httpd/native.log sudo chown _www /opt/local/var/log/httpd/native.log

Grab the config files:

cd /opt/local/etc/shibboleth/ sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/shibboleth2.xml-UCAMSKEL -o shibboleth2.xml sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/attribute-map.xml-UCAMSKEL -o attribute-map.xml sudo curl https://shib.raven.cam.ac.uk/ucamfederation-idp-metadata.xml -o ucamfederation-idp-metadata.xml

Edit the config files and look for the FIX-ME flags to

Ensure SSL is enabled for the server (using default cert will work for testing) Add the following to the /etc/apapche2/httpd.conf file:

Include /opt/local/etc/shibboleth/apache22.config

and check that ServerName is set & UseCanonicalName is set to On

Set shib to load at startup: sudo launchctl load -w /Library/LaunchDaemons/org.macports.shibd.plist

Start Apache

sudo serveradmin start web

Test your page! Any changes to the shib config will require BOTH shibd and apache to be reloaded...

Retrieved from "https://wiki.cam.ac.uk/wiki/raven/index.php?title=Installing_SP2.x_under_MacOS&oldid=2064"