Installing SP2.x under Linux: Difference between revisions

From RavenWiki
Jump to navigationJump to search
No edit summary
(General tweaks and tidying)
Line 1: Line 1:
Currently this is for SLES 10 using UCS-supplied RPMs - see [https://spaces.internet2.edu/display/SHIB2/NativeSPLinuxInstall NativeSPLinuxInstall] in the Internet2 Shib Wiki for instructions on installing in other versions of Linux, and then adapt these instructions accordingly. Currently also assuming you are using the prefork version Apache - this may or may not all work with worker. We also assume that your web server serves a single site - virtual hosting considerations will be addressed later.
Currently this applies to installs on SLES 10 using UCS-supplied RPMs - see [https://spaces.internet2.edu/display/SHIB2/NativeSPLinuxInstall NativeSPLinuxInstall] in the Internet2 Wiki for instructions on installing in other versions of Linux, and then adapt these instructions accordingly. Currently this also assumes you are using the ''prefork'' version Apache - this may or may not all work with ''worker''. We also assume that your web server serves a single site - [[Virtual hosting issues with Shibboleth | virtual hosting issues]] are addressed later.


Download and install SLES 10 RPMs from [http://raven.cam.ac.uk/project/shibboleth/files/RPMS/SLES10/ | the Raven project site]. Download and install the latest RPM for each of the following (you can ignore devel, debuginfo, or docs packages):  
Download and install SLES 10 RPMs from [http://raven.cam.ac.uk/project/shibboleth/files/RPMS/SLES10/ the Raven project site]. Download and install the latest RPM for each of the following (you can ignore devel, debuginfo, or docs packages):  


  log4shib  
  log4shib  
Line 13: Line 13:


In /etc/shibboleth:
In /etc/shibboleth:
* replace the supplied shibboleth2.xml and attribute-map.xml with [[Shibbileth2.xml - internal use skeleton]] and [[Attribute-map.xml - internal use skeleton]] respectively (copies also installed bythe ROMs as *-UCAMSKEL)
* replace the supplied shibboleth2.xml and attribute-map.xml with [[Shibbileth2.xml - internal use skeleton]] and [[Attribute-map.xml - internal use skeleton]] respectively (copies also installed by the RPMs in files with names ending UCAMSKEL)
* find all occurrences of 'FIX-ME' in the new shibboleth2.xml and replace them as directed in the adjacent comments (see [[Editing XML]] and [[EntityIDs]] for useful background).
* find all occurrences of 'FIX-ME' in the new shibboleth2.xml and replace them as directed in the adjacent comments (see [[Editing XML]] and [[EntityIDs]] for useful background).


Run (as root)
Run (as root)
   /usr/sbin/shibd -t
   /usr/sbin/shibd -t
expect to see "overall configuration is loadable, check console for non-fatal problems". Fix mistakes. otherwise.
and expect to see "overall configuration is loadable, check console for non-fatal problems". Fix any reported mistakes.


Start shibd (as root) with
Start shibd (as root) with
Line 26: Line 26:
(Re-)start Apache. In case of failure see /var/log/apache2/error_log
(Re-)start Apache. In case of failure see /var/log/apache2/error_log


Access http://<hostname>/secure/. You should be redirected to Raven to authenticate, be asked to accept release of your information to your site, and then see a 404 error page from your server (because you have no content in the requested location). See /var/log/apache2/error_log, /var/log/shibboleth/shibd.log and /var/log/shibboleth/transaction.log for clues if something goes wrong. Feel free to create some content in /srv/www/htdocs/secure for a better demonstration.  
Access <nowiki>http://<hostname>/secure/</nowiki>. You should be redirected to Raven to authenticate, be asked to accept release of your information, and then see a 404 error page from your server (because you have no content in the requested location). See /var/log/apache2/error_log, /var/log/shibboleth/shibd.log and /var/log/shibboleth/transaction.log for clues if something goes wrong. Feel free to create some content in /srv/www/htdocs/secure/ for a better demonstration.  


You now have a web server running the Shibboleth SP software and protecting the content of http://<hostname>/secure/ by requiring an authenticated Raven login (by anyone). Where you go from here depends on what you want to do. Topics to consider include:
You now have a web server running the Shibboleth SP software and protecting the content of <nowiki>http://<hostname>/secure/</nowiki> by requiring an authenticated Raven login (by anyone). Where you go from here depends on what you want to do. Topics to consider include:
* [[SP registration]]
* [[SP registration]]
* [[SSL, certificates and security with Shibboleth|Using SSL and certificates]]
* [[SSL, certificates and security with Shibboleth|Using SSL and certificates]]
* [[Configuring Shibboleth access control|Configuring access control]]
* [[Configuring Shibboleth access control|Configuring access control]]
* [[Virtual hosting issues with Shibboleth|Virtual hosting issues]]
* [[Virtual hosting issues with Shibboleth|Virtual hosting issues]]

Revision as of 16:07, 18 March 2009

Currently this applies to installs on SLES 10 using UCS-supplied RPMs - see NativeSPLinuxInstall in the Internet2 Wiki for instructions on installing in other versions of Linux, and then adapt these instructions accordingly. Currently this also assumes you are using the prefork version Apache - this may or may not all work with worker. We also assume that your web server serves a single site - virtual hosting issues are addressed later.

Download and install SLES 10 RPMs from the Raven project site. Download and install the latest RPM for each of the following (you can ignore devel, debuginfo, or docs packages): 

log4shib 
xerces-c 
xml-security-c
xmltooling
opensaml 
shibboleth

and any of their dependencies.

In /etc/shibboleth:

Run (as root) 

 /usr/sbin/shibd -t

and expect to see "overall configuration is loadable, check console for non-fatal problems". Fix any reported mistakes.

Start shibd (as root) with 

 /etc/init.d/shibd start

[Note: "Starting shibd listener failed to enter listen loop" means that you were not root]. See /var/log/shibboleth/shibd.log for startup messages. The Shibboleth RPM will have already set shibd to restart on boot.

(Re-)start Apache. In case of failure see /var/log/apache2/error_log

Access http://<hostname>/secure/. You should be redirected to Raven to authenticate, be asked to accept release of your information, and then see a 404 error page from your server (because you have no content in the requested location). See /var/log/apache2/error_log, /var/log/shibboleth/shibd.log and /var/log/shibboleth/transaction.log for clues if something goes wrong. Feel free to create some content in /srv/www/htdocs/secure/ for a better demonstration.

You now have a web server running the Shibboleth SP software and protecting the content of http://<hostname>/secure/ by requiring an authenticated Raven login (by anyone). Where you go from here depends on what you want to do. Topics to consider include:

Retrieved from "https://wiki.cam.ac.uk/wiki/raven/index.php?title=Installing_SP2.x_under_Linux&oldid=2134"