Installing SP2.x under MacOS: Difference between revisions
No edit summary |
No edit summary |
||
| Line 5: | Line 5: | ||
#Install MacPortsfrom here: http://www.macports.org/install.php. v1.7.0 is the latest version. | #Install MacPortsfrom here: http://www.macports.org/install.php. v1.7.0 is the latest version. | ||
#Update the Mac Ports repository: <tt>sudo /opt/local/bin/port selfupdate</tt> | #Update the Mac Ports repository: <tt>sudo /opt/local/bin/port selfupdate</tt> | ||
#Install | #Install Shibboleth | ||
##<tt>sudo port install curl +ssl (ssl enabled curl required) | ##<tt>sudo port install curl +ssl </tt>(ssl enabled curl required) | ||
##<tt>sudo port install shibboleth</tt> | ##<tt>sudo port install shibboleth</tt> | ||
The installation of Shibboleth and supporting software will take some time | ====The installation of Shibboleth and supporting software will take some time==== | ||
#Get the Shibboleth profiles: | #Get the Shibboleth profiles: | ||
| Line 15: | Line 15: | ||
##<tt>sudo curl http://shibboleth.internet2.edu/downloads/shibboleth/cppsp/latest/mac/ports.tar | tar xv</tt> | ##<tt>sudo curl http://shibboleth.internet2.edu/downloads/shibboleth/cppsp/latest/mac/ports.tar | tar xv</tt> | ||
#Edit /opt/local/etc/macports/sources.conf and add in: | #Edit /opt/local/etc/macports/sources.conf and add in: | ||
file:///opt/local/ports [nosync] | <pre>file:///opt/local/ports [nosync]</pre> | ||
before the line: | before the line: | ||
rsync://rsync.macports.org/release/ports/ [default] | <pre>rsync://rsync.macports.org/release/ports/ [default]</pre> | ||
====For first time installs only==== | |||
<tt>cd /opt/local/etc/shibboleth</tt> | |||
<tt>ls -1 *.dist | sed -e 's/\.dist//' | xargs -I % sudo cp "%.dist" "%"</tt> | |||
<tt>sudo sh ./keygen.sh</tt> | |||
As the default permissions for the cert files causes Shibboleth to fail they need changing: | |||
<tt>sudo chmod 740 sp-key.pem</tt> | |||
<tt>sudo chmod 644 sp-cert.pem</tt> | |||
sudo | |||
====Disable Intel 64 bit architecture for Apache==== | |||
sudo emacs /usr/sbin/apachectl | Shibboleth is currently not compatible with the 64 bit architecture available on some newer Macs. To check run the folling command in Terminal" | ||
<tt>sysctl hw.optional.x86_64</tt> | |||
If the result is 1 then do the following steps, otherwise skip this section | |||
<tt>sudo emacs /usr/sbin/apachectl</tt> | |||
change HTTPD variable from: | change HTTPD variable from: | ||
HTTPD='/usr/sbin/httpd' | <pre>HTTPD='/usr/sbin/httpd'</pre> | ||
to: | to: | ||
HTTPD='arch -i386 /usr/sbin/httpd' | <pre>HTTPD='arch -i386 /usr/sbin/httpd'</pre> | ||
Add the following 2 lines to the <array> element in /System/Library/LaunchDaemons/org.apache.httpd.plist: | Add the following 2 lines to the <array> element in /System/Library/LaunchDaemons/org.apache.httpd.plist: | ||
<pre> | |||
<string>arch</string> | <string>arch</string> | ||
<string>-i386</string> | <string>-i386</string> | ||
</pre> | |||
The array element should look like this when done: | The array element should look like this when done: | ||
<pre> | |||
<array> | <array> | ||
<string>arch</string> | <string>arch</string> | ||
| Line 55: | Line 63: | ||
<string>FOREGROUND</string> | <string>FOREGROUND</string> | ||
</array> | </array> | ||
</pre> | |||
====Create the Shibboleth log file==== | |||
<tt>sudo touch /opt/local/var/log/httpd/native.log</tt> | |||
sudo touch /opt/local/var/log/httpd/native.log | <tt>sudo chown _www /opt/local/var/log/httpd/native.log</tt> | ||
sudo chown _www /opt/local/var/log/httpd/native.log | |||
====Download the Shibboleth configuration templates==== | |||
cd /opt/local/etc/shibboleth/ | <tt>cd /opt/local/etc/shibboleth/</tt> | ||
sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/shibboleth2.xml-UCAMSKEL -o shibboleth2.xml | <tt>sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/shibboleth2.xml-UCAMSKEL -o shibboleth2.xml</tt> | ||
sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/attribute-map.xml-UCAMSKEL -o attribute-map.xml | <tt>sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/attribute-map.xml-UCAMSKEL -o attribute-map.xml</tt> | ||
sudo curl https://shib.raven.cam.ac.uk/ucamfederation-idp-metadata.xml -o ucamfederation-idp-metadata.xml | <tt>sudo curl https://shib.raven.cam.ac.uk/ucamfederation-idp-metadata.xml -o ucamfederation-idp-metadata.xml</tt> | ||
Edit the config files and look for the FIX-ME flags to | Edit the config files and look for the FIX-ME flags to | ||
Revision as of 15:30, 12 March 2009
This page is still _very_ much a work in progress.
Installing/Configuring Shibboleth for OS Server 10.5.6
- Install MacPortsfrom here: http://www.macports.org/install.php. v1.7.0 is the latest version.
- Update the Mac Ports repository: sudo /opt/local/bin/port selfupdate
- Install Shibboleth
- sudo port install curl +ssl (ssl enabled curl required)
- sudo port install shibboleth
The installation of Shibboleth and supporting software will take some time
- Get the Shibboleth profiles:
- cd /opt/local/
- sudo curl http://shibboleth.internet2.edu/downloads/shibboleth/cppsp/latest/mac/ports.tar | tar xv
- Edit /opt/local/etc/macports/sources.conf and add in:
file:///opt/local/ports [nosync]
before the line:
rsync://rsync.macports.org/release/ports/ [default]
For first time installs only
cd /opt/local/etc/shibboleth ls -1 *.dist | sed -e 's/\.dist//' | xargs -I % sudo cp "%.dist" "%" sudo sh ./keygen.sh
As the default permissions for the cert files causes Shibboleth to fail they need changing:
sudo chmod 740 sp-key.pem sudo chmod 644 sp-cert.pem
Disable Intel 64 bit architecture for Apache
Shibboleth is currently not compatible with the 64 bit architecture available on some newer Macs. To check run the folling command in Terminal"
sysctl hw.optional.x86_64
If the result is 1 then do the following steps, otherwise skip this section
sudo emacs /usr/sbin/apachectl change HTTPD variable from:
HTTPD='/usr/sbin/httpd'
to:
HTTPD='arch -i386 /usr/sbin/httpd'
Add the following 2 lines to the <array> element in /System/Library/LaunchDaemons/org.apache.httpd.plist:
<string>arch</string> <string>-i386</string>
The array element should look like this when done:
<array>
<string>arch</string>
<string>-i386</string>
<string>/usr/sbin/httpd</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
Create the Shibboleth log file
sudo touch /opt/local/var/log/httpd/native.log sudo chown _www /opt/local/var/log/httpd/native.log
Download the Shibboleth configuration templates
cd /opt/local/etc/shibboleth/ sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/shibboleth2.xml-UCAMSKEL -o shibboleth2.xml sudo curl http://raven.cam.ac.uk/project/shibboleth/files/config/attribute-map.xml-UCAMSKEL -o attribute-map.xml sudo curl https://shib.raven.cam.ac.uk/ucamfederation-idp-metadata.xml -o ucamfederation-idp-metadata.xml
Edit the config files and look for the FIX-ME flags to
Ensure SSL is enabled for the server (using default cert will work for testing) Add the following to the /etc/apapche2/httpd.conf file:
Include /opt/local/etc/shibboleth/apache22.config
and check that ServerName is set & UseCanonicalName is set to On
Set shib to load at startup: sudo launchctl load -w /Library/LaunchDaemons/org.macports.shibd.plist
Start Apache
sudo serveradmin start web
Test your page! Any changes to the shib config will require BOTH shibd and apache to be reloaded...
