...
- Copy in the idp config files for the server, to the conf subdirectory; these include:
- attribute-filter.xml
- attribute-resolver.xml.in
- handler.xml
- internal.xml
- logging.xml
- relying-party.xml
- service.xml
- tc-config.xml (for terracotta clustering)
You must replace %%LDAPUID%% and %%LDAPPASSWORD%% in attribute-resolver.xml.in with the principal uid (e.g. touchstone-core-service) and passord (principalCredential attribute) for accessing our LDAP server, and save the resulting file as attribute-resolver.xml. Make sure the file is not world-readable.
Terracotta
(See https://spaces.internet2.edu/display/SHIB2/IdPCluster
)
The terracotta software is used to cluster the IdP nodes. Each node must run the terracotta server, as well as the instrumented client (tomcat, in our case). The terracotta server operates in either the active or passive role; only one server should be in the "active/coordinator" state at a time.
...
| No Format |
|---|
# cd /usr/local
# tar xzf /path/to/terracotta-3.1.1.tar.gz
# mkdir -p terracotta-3.1.1/logs
# chown -R tomcat:tomcat
# rm -f terracotta
# ln -s terracotta-3.1.1 terracotta
|
The IdP requires the installation of a couple of Terracotta Integration Modules, and the generation of a boot jar file for Tomcat, which is specific to the Java version:
| No Format |
|---|
# setenv TC_HOME /usr/local/terracotta-3.1.1 # setenv TC_INSTALL_DIR $TC_HOME # setenv JAVA_HOME /usr/java/default # $TC_HOME/bin/tim-get.sh install tim-vector 2.5.1 org.terracotta.modules # $TC_HOME/bin/tim-get.sh install tim-tomcat-6.0 2.0.1 # $TC_HOME/bin/make-boot-jar.sh -f /usr/local/shibboleth-idp/conf/tc-config.xml |
Be sure to regenerate this jar after installing a new JDK.
Install the init script from /mit/touchstone/maint/shibboleth-idp/terracotta/terracotta.init in /etc/init.d, and make sure it is configured to start at boot time. Note that terracotta must be started before tomcat.
...