...
- Download current Tomcat 6.0 binary distribution (tested with 6.0.20, available in
/mit/touchstone/downloads/apache-tomcat-6.0.20.tar.gz, and install under /usr/local:No Format # cd /usr/local # tar xzf /path/to/apache-tomcat-6.0.20.tar.gz # rm -f tomcat # ln -s apache-tomcat-6.0.20.tar.gz tomcat
- Create the tomcat user, and change the ownership of the tomcat tree:
No Format # groupadd -g 52 tomcat # useradd -u 52 -g tomcat -c "Tomcat User" -d /usr/local/tomcat tomcat # chown -R tomcat:tomcat /usr/local/apache-tomcat-6.0.20
Install Shibboleth IdP
- Extract our distribution tar file into the /usr/local/shibboleth-idp directory:
No Format # mkdir -p /usr/local/shibboleth-idp # chown tomcat:tomcat /usr/local/shibboleth-idp # cd /usr/local/shibboleth-idp # tar xzf /path/to/usr_local_shibboleth-idp.tgz
...
- Copy endorsed jars to tomcat endorsed dir
...
- :
No Format # mkdir -p /usr/local/tomcat/endorsed # cp /usr/local/shibboleth-idp/lib/endorsed/*.jar /usr/local/tomcat/endorsed/
- Copy in the idp config files for the server, to the conf subdirectory; these include:
- attribute-filter.xml
- attribute-resolver.xml.in
- handler.xml
- internal.xml
- logging.xml
- relying-party.xml
- service.xml
- tc-config.xml (for terracotta clustering)
You must replace %%LDAPUID%% and %%LDAPPASSWORD%% in attribute-resolver.xml.in with the principal uid (e.g. touchstone-core-service) and passord (principalCredential attribute) for accessing our LDAP server, and save the resulting file as attribute-resolver.xml. Make sure the file is not world-readable.