Versions Compared

Old Version 59

changes.mady.by.user Robert A Basch

Saved on

compared with

New Version 60

changes.mady.by.user Robert A Basch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Install the tomcat init script in /etc/init.d/, and make sure tomcat is started at boot time:
    No Format
    # chkconfig --add tomcat

Install Shibboleth IdP

  • You can either install Install the idp application from the Internet2 customized binary distribution, available in /mit/touchstone/builds/NIST/ and install script, by adding our local extensions and customizations to the distribution, or simply by unpacking the binary tarball from the touchstone locker into /usr/local/shibboleth-idp.
    1. To install from Internet2's binary distribution (zip file), you must add two local extension/customization packages to the distribution:
      • MultiAuthnOptionLoginHandler
        This our custom login handler extension, which supports multiple authentication options (certificate, username/password, etc.). The current jar file for the extension is available in the locker, in /mit/touchstone/builds/NIST/shibboleth-idp-ext-MultiAuthnOptionLoginHandler-1.0.jar.
      • mitlogin
        This provides the custom login page for MIT users, web deployment descriptor, etc. It is available as a tarball which will be unpacked into the idp build directory, from /mit/touchstone/builds/NIST/mitlogin.tgz.
        To create a build directory, unzip the file, add our login handler jar file to the lib/ subdirectory, untar the mitlogin tarball at the top of the build tree, and run the install script. Enter /usr/local/shibboleth-idp as the install target. Take the default for the hostname prompt, and enter anything for the keystore password prompt; we will override both of these in our configuration. For example (replace 2.1.5 with the appropriate version number):
        No Format
        # mkdir -p $HOME/build
# cd $HOME/build
# rm -rf shibboleth-identityprovider-2.1.5
# unzip /path/to/shibboleth-identityprovider-2.1.5-bin.zip
# cd shibboleth-identityprovider-2.1.5
# cp /path/to/shibboleth-idp-ext-MultiAuthnOptionLoginHandler-1.0.jar lib/
# tar xzf /path/to/mitlogin.tgz
# ./install.sh
Buildfile: src/installer/resources/build.xml

install:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Be sure you have read the installation/upgrade instructions on the Shibboleth website before proceeding.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Where should the Shibboleth Identity Provider software be installed? [/opt/shibboleth-idp]
/usr/local/shibboleth-idp]

What is the fully qualified hostname of the Shibboleth Identity Provider server? [idp.examplemit.orgedu]

A keystore is about to be generated for you. Please enter a password that will be used to protect it.
PASSWORD
...
        This will create and populate /usr/local/shibboleth-idp; the web application (war) file will be in /usr/local/shibboleth-idp/war/idp.war. This should be copied into tomcat's webapps directory.
        The idp application, running under Tomcat, needs full access to the install directory, so make sure it is owned by the tomcat user, e.g.:
        No Format
        # chown -R tomcat:tomcat /usr/local/shibboleth-idp
        This procedure will also work when updating the software, i.e. when there is already an existing installation in /usr/local/shibboleth-idp. For example:
        No Format
        
Buildfile: src/installer/resources/build.xml

install:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Be sure you have read the installation/upgrade instructions on the Shibboleth website before proceeding.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Where should the Shibboleth Identity Provider software be installed? [/usr/local/shibboleth-idp]

The directory '/usr/local/shibboleth-idp' already exists.  Would you like to overwrite this Shibboleth configuration? (yes, [no])
  
Updating property file: /root/build/shibboleth-identityprovider-2.1.5/src/installer/resources/install.properties
Copying 50 files to /usr/local/shibboleth-idp/lib
Copying 5 files to /usr/local/shibboleth-idp/lib/endorsed
Copying 1 file to /root/build/shibboleth-identityprovider-2.1.5/src/installer
Building war: /root/build/shibboleth-identityprovider-2.1.5/src/installer/idp.war
Copying 1 file to /usr/local/shibboleth-idp/war
Deleting: /root/build/shibboleth-identityprovider-2.1.5/src/installer/web.xml
Deleting: /root/build/shibboleth-identityprovider-2.1.5/src/installer/idp.war

BUILD SUCCESSFUL
Total time: 38 seconds
    1. To install from a pre-installed tarball, extract our distribution tar file from the touchstone locker into the /usr/local/shibboleth-idp directory:
      No Format
      # mkdir -p /usr/local/shibboleth-idp
# chown tomcat:tomcat /usr/local/shibboleth-idp
# cd /usr/local/shibboleth-idp
# tar xzf /path/to/usr_local_shibboleth-idp.tgz
      To ensure that we run the current version of the web application, download the latest idp.war file from the touchstone locker (/mit/touchstone/builds/NIST/idp2-mit/idp.war) and copy it into /usr/local/tomcat/webapps/:
      No Format
      # cp /path/to/idp.war /usr/local/tomcat/webapps/
# chown tomcat:tomcat /usr/local/tomcat/webapps/idp.war

...