Installing SP2.x under MacOS: Difference between revisions
No edit summary |
No edit summary |
||
| Line 3: | Line 3: | ||
==Installing/Configuring Shibboleth for OS Server 10.5.6== | ==Installing/Configuring Shibboleth for OS Server 10.5.6== | ||
#Install MacPortsfrom here: http://www.macports.org/install.php. v1.7.0 is the latest version. | |||
#Update the Mac Ports repository: <tt>sudo /opt/local/bin/port selfupdate</tt> | |||
#Install Shib | |||
##<tt>sudo port install curl +ssl (ssl enabled curl required)</tt> | |||
##<tt>sudo port install shibboleth</tt> | |||
The installation of Shibboleth and supporting software will take some time. | |||
#Get the Shibboleth profiles: | |||
##<tt>cd /opt/local/</tt> | |||
##<tt>sudo curl http://shibboleth.internet2.edu/downloads/shibboleth/cppsp/latest/mac/ports.tar | tar xv</tt> | |||
#Edit /opt/local/etc/macports/sources.conf and add in: | |||
file:///opt/local/ports [nosync] | file:///opt/local/ports [nosync] | ||
| Line 16: | Line 21: | ||
rsync://rsync.macports.org/release/ports/ [default] | rsync://rsync.macports.org/release/ports/ [default] | ||
For first time installs only: | For first time installs only: | ||
Revision as of 15:11, 12 March 2009
This page is still _very_ much a work in progress.
Installing/Configuring Shibboleth for OS Server 10.5.6
- Install MacPortsfrom here: http://www.macports.org/install.php. v1.7.0 is the latest version.
- Update the Mac Ports repository: sudo /opt/local/bin/port selfupdate
- Install Shib
- sudo port install curl +ssl (ssl enabled curl required)
- sudo port install shibboleth
The installation of Shibboleth and supporting software will take some time.
- Get the Shibboleth profiles:
- cd /opt/local/
- sudo curl http://shibboleth.internet2.edu/downloads/shibboleth/cppsp/latest/mac/ports.tar | tar xv
- Edit /opt/local/etc/macports/sources.conf and add in:
file:///opt/local/ports [nosync]
before the line:
rsync://rsync.macports.org/release/ports/ [default]
For first time installs only:
cd /opt/local/etc/shibboleth ls -1 *.dist | sed -e 's/\.dist//' | xargs -I % sudo cp "%.dist" "%" sudo sh ./keygen.sh chmod the key files here: chmod 740 sp-key.pem, chmod 644 sp-cert.pem (default permissions appear to be wrong)
Make Apache 32 bit only:
sudo emacs /usr/sbin/apachectl change HTTPD variable from:
HTTPD='/usr/sbin/httpd'
to:
HTTPD='arch -i386 /usr/sbin/httpd'
Add the following 2 lines to the <array> element in /System/Library/LaunchDaemons/org.apache.httpd.plist:
<string>arch</string> <string>-i386</string>
The array element should look like this when done:
<array>
<string>arch</string>
<string>-i386</string>
<string>/usr/sbin/httpd</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
Create the log file: sudo touch /opt/local/var/log/httpd/native.log sudo chown _www /opt/local/var/log/httpd/native.log
Grab the config files:
cd /opt/local/etc/shibboleth/ sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/shibboleth2.xml-UCAMSKEL -o shibboleth2.xml sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/attribute-map.xml-UCAMSKEL -o attribute-map.xml sudo curl https://shib.raven.cam.ac.uk/ucamfederation-idp-metadata.xml -o ucamfederation-idp-metadata.xml
Edit the config files and look for the FIX-ME flags to
Ensure SSL is enabled for the server (using default cert will work for testing) Add the following to the /etc/apapche2/httpd.conf file:
Include /opt/local/etc/shibboleth/apache22.config
and check that ServerName is set & UseCanonicalName is set to On
Set shib to load at startup: sudo launchctl load -w /Library/LaunchDaemons/org.macports.shibd.plist
Start Apache
sudo serveradmin start web
Test your page! Any changes to the shib config will require BOTH shibd and apache to be reloaded...
