Installing SP2.x under Linux: Difference between revisions
(Assorted development) |
(Revise 'Where to go from here' links) |
||
| Line 28: | Line 28: | ||
Access http://<hostname>/secure/. You should be redirected to Raven to authenticate, be asked to accept release of your information to your site, and then see a 404 error page from your server (because you have no content in the requested location). See /var/log/apache2/error_log, /var/log/shibboleth/shibd.log and /var/log/shibboleth/transaction.log for clues if something goes wrong. Feel free to create some content in /srv/www/htdocs/secure for a better demonstration. | Access http://<hostname>/secure/. You should be redirected to Raven to authenticate, be asked to accept release of your information to your site, and then see a 404 error page from your server (because you have no content in the requested location). See /var/log/apache2/error_log, /var/log/shibboleth/shibd.log and /var/log/shibboleth/transaction.log for clues if something goes wrong. Feel free to create some content in /srv/www/htdocs/secure for a better demonstration. | ||
You now have a web server running the Shibboleth SP software and protecting the content of http://<hostname>/secure/ by requiring an authenticated Raven login (by anyone). Where you go from here depends on what you want to do. | You now have a web server running the Shibboleth SP software and protecting the content of http://<hostname>/secure/ by requiring an authenticated Raven login (by anyone). Where you go from here depends on what you want to do. Topics to consider include: | ||
* [[ | * [[SP registration]] | ||
* [[Using SSL and certificates with Shibboleth|Using SSL and certificates]] | |||
* [[ | * [[Configuring Shibboleth access control|Configuring access control]] | ||
* [[Shibboleth access control | * [[Virtual hosting issues with Shibboleth|Virtual hosting issues]] | ||
* [[Shibboleth | |||
Revision as of 17:44, 10 March 2009
Currently this is for SLES 10 using UCS-supplied RPMs - see NativeSPLinuxInstall in the Internet2 Shib Wiki for instructions on installing in other versions of Linux, and then adapt these instructions accordingly. Currently also assuming you are using the prefork version Apache - this may or may not all work with worker. We also assume that your web server serves a single site - virtual hosting considerations will be addressed later.
Download and install SLES 10 RPMs from | the Raven project site. Download and install the latest RPM for each of the following (you can ignore devel, debuginfo, or docs packages):
log4shib xerces-c xml-security-c xmltooling opensaml shibboleth
and any of their dependencies.
In /etc/shibboleth:
- replace the supplied shibboleth2.xml and attribute-map.xml with Shibbileth2.xml - internal use skeleton and Attribute-map.xml - internal use skeleton respectively (copies also installed bythe ROMs as *-UCAMSKEL)
- find all occurrences of 'FIX-ME' in the new shibboleth2.xml and replace them as directed in the adjacent comments (see Editing XML and EntityIDs for useful background).
Run (as root)
/usr/sbin/shibd -t
expect to see "overall configuration is loadable, check console for non-fatal problems". Fix mistakes. otherwise.
Start shibd (as root) with
/etc/init.d/shibd start
[Note: "Starting shibd listener failed to enter listen loop" means that you were not root]. See /var/log/shibboleth/shibd.log for startup messages. The Shibboleth RPM will have already set shibd to restart on boot.
(Re-)start Apache. In case of failure see /var/log/apache2/error_log
Access http://<hostname>/secure/. You should be redirected to Raven to authenticate, be asked to accept release of your information to your site, and then see a 404 error page from your server (because you have no content in the requested location). See /var/log/apache2/error_log, /var/log/shibboleth/shibd.log and /var/log/shibboleth/transaction.log for clues if something goes wrong. Feel free to create some content in /srv/www/htdocs/secure for a better demonstration.
You now have a web server running the Shibboleth SP software and protecting the content of http://<hostname>/secure/ by requiring an authenticated Raven login (by anyone). Where you go from here depends on what you want to do. Topics to consider include:
