Versions Compared

Old Version 40

changes.mady.by.user Robert A Basch

Saved on

compared with

New Version 41

changes.mady.by.user Robert A Basch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Install Shibboleth IdP

  • You can either install the idp application from the Internet2 binary distribution and install script, by adding our local extensions and customizations to the distribution, or simply by unpacking the binary tarball from the touchstone locker into /usr/local/shibboleth-idp.
    1. To install from Internet2's binary distribution (zip file), create a build directory, unzip the file, add our login handler jar file to the lib/ subdirectory, untar the mitlogin tarball at the top of the build tree, and run the install script. Enter /usr/local/shibboleth-idp as the install target. Take the default for the hostname prompt, and enter anything for the keystore password prompt; we will override both of these in our configuration. For example (replace 2.1.5 with the appropriate version number):
      No Format
      
# mkdir -p $HOME/build
# cd $HOME/build
# rm -rf shibboleth-identityprovider-2.1.5
# unzip /path/to/shibboleth-identityprovider-2.1.5-bin.zip
# cd shibboleth-identityprovider-2.1.5
# cp /path/to/shibboleth-idp-ext-MultiAuthnOptionLoginHandler-1.0-SNAPSHOT.jar lib/
# tar xzf /path/to/mitlogin.tgz
# ./install.sh
Buildfile: src/installer/resources/build.xml

install:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Be sure you have read the installation/upgrade instructions on the Shibboleth website before proceeding.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Where should the Shibboleth Identity Provider software be installed? [/opt/shibboleth-idp]
/usr/local/shibboleth-idp
What is the fully qualified hostname of the Shibboleth Identity Provider server? [idp.example.org]

A keystore is about to be generated for you. Please enter a password that will be used to protect it.
PASSWORD
...
      This will create and populate /usr/local/shibboleth-idp; the web application (war) file will be in /usr/local/shibboleth-idp/war/idp.war. This should be copied into tomcat's webapps directory.
      The idp application, running under Tomcat, needs full access to the install directory, so make sure it is owned by the tomcat user, e.g.:
      No Format
      
# chown -R tomcat:tomcat /usr/local/shibboleth-idp
    2. To install from a pre-installed tarball, extract our distribution tar file from the touchstone locker into the /usr/local/shibboleth-idp directory:
      No Format
      
# mkdir -p /usr/local/shibboleth-idp
# chown tomcat:tomcat /usr/local/shibboleth-idp
# cd /usr/local/shibboleth-idp
# tar xzf /path/to/usr_local_shibboleth-idp.tgz
      To ensure that we run the current version of the web application, download the latest idp.war file from the touchstone locker (/mit/touchstone/builds/NIST/idp2-mit/idp.war) and copy it into /usr/local/tomcat/webapps/:
      No Format
      
# cp /path/to/idp.war /usr/local/tomcat/webapps/
# chown tomcat:tomcat /usr/local/tomcat/webapps/idp.war
  • Copy the idp's endorsed jar files to tomcat's endorsed dir:
    No Format
    # mkdir -p /usr/local/tomcat/endorsed
# cp -p /usr/local/shibboleth-idp/lib/endorsed/*.jar /usr/local/tomcat/endorsed/
# chown -R tomcat:tomcat /usr/local/tomcat/endorsed

...