Installing SP2.x under Linux
Currently assumes SLES 10 using UCS-supplied RPMs. See also NativeSPLinuxInstall in the Internet2 Shib Wiki.
Currently also assuming prefork apache installed (may or may not work with worker).
Acquire (**TODO: from where?) and install RPMs for
log4shib xerces-c xml-security-c xmltooling opensaml shibboleth
and any of their dependencies.
In /etc/shibboleth:
- replace the supplied shibboleth2.xml and attribute-map.xml with Shibbileth2.xml - internal use skeleton and Attribute-map.xml - internal use skeleton respectively (copies also installed as *-UCAMSKEL by the University RPMs)
- find all occurrences of 'FIX-ME' in the new shibboleth2.xml and replace them as directed in the adjacent comments (see Editing XML and EntityIDs for useful background).
Run (as root)
/usr/sbin/shibd -t
expect to see "overall configuration is loadable, check console for non-fatal problems". Fix mistakes. otherwise.
Start shibd (as root) with
/etc/init.d/shibd start
[Note: "Starting shibd listener failed to enter listen loop" means that you were not root]. See /var/log/shibboleth/shibd.log for startup messages. The Shibboleth RPM will have already set shibd to restart on boot.
(Re-)start Apache. In case of failure see /var/log/apache2/error_log
Access http://<hostname>/secure/. You should be redirected to Raven to authenticate, be asked to accept release of your information to your site, and then see a 404 error page from your server (because you have no content in the requested location). See /var/log/apache2/error_log, /var/log/shibboleth/shibd.log and /var/log/shibboleth/transaction.log for clues if something goes wrong.
You now have a web server running the Shibboleth SP software and protecting the content of http://<hostname>/secure/ by requiring an authenticated Raven login (by anyone). Where you go from here depends on what you want to do. Options include:
