...
- Install the tomcat init script in /etc/init.d/, and make sure tomcat is started at boot time:
No Format # chkconfig --add tomcat
Install Shibboleth IdP
Install the application
You can install the idp application from the Internet2 binary distribution and install script, by adding our local extensions and customizations to the distribution, or simply by unpacking the binary tarball from the touchstone locker into /usr/local/shibboleth-idp.
...
- To install from a pre-installed tarball, extract our distribution tar file from the touchstone locker into the /usr/local/shibboleth-idp directory:
To ensure that we run the current version of the web application, download the latest idp.war file from the touchstone locker (/mit/touchstone/builds/NIST/idp2-mit/idp.war) and copy it into /usr/local/tomcat/webapps/:No Format # mkdir -p /usr/local/shibboleth-idp # chown tomcat:tomcat /usr/local/shibboleth-idp # cd /usr/local/shibboleth-idp # tar xzf /path/to/usr_local_shibboleth-idp.tgz
No Format # cp /path/to/idp.war /usr/local/tomcat/webapps/ # chown tomcat:tomcat /usr/local/tomcat/webapps/idp.war
Endorse jars in Tomcat
Copy endorsed jars the idp's endorsed jar files to tomcat's endorsed dir:No Format # mkdir -p /usr/local/tomcat/endorsed # cp -p /usr/local/shibboleth-idp/lib/endorsed/*.jar /usr/local/tomcat/endorsed/ # chown -R tomcat:tomcat /usr/local/tomcat/endorsed
Configure
- Copy in the idp config files for the server, to the conf subdirectory; these include:
- attribute-filter.xml
- attribute-resolver.xml.in
- handler.xml
- internal.xml
- logging.xml
- relying-party.xml
- service.xml
- tc-config.xml (for terracotta clustering)
You must replace %%LDAPUID%% and %%LDAPPASSWORD%% in attribute-resolver.xml.in with the principal uid (e.g. touchstone-core-service) and passord (principalCredential attribute) for accessing our LDAP server, and save the resulting file as attribute-resolver.xml. Make sure the file is not world-readable.
...