Note: This page documents a procedure for an old version of Shibboleth that is no longer supported. To set up an SP based on the current Shibboleth release, please see the page on provisioning a Shibboleth 2.x SP.
Note: The gen-shib.sh procedure described below currently works only on Linux and Solaris systems; it should be portable to other UNIX-based systems without too much effort.
...
Then run the gen-shib.sh script:
| No Format |
|---|
sh ./gen-shib.sh
|
and answer its prompts, which will hopefully be clear. Remember that the certificate it wants should be enabled for client as well as server use (newly created MIT server certificates should now be so enabled).
...
The Shibboleth Apache module logs by default to $prefix/var/log/httpd/native.log. This file must be writable by Apache, which may require that you set its directory's ownership and/or permissions to allow write access by the user Apache is configured to run under. You may also choose to change the location of the file, by modifying the log4j.appender.native_log.fileName setting in $prefix/etc/shibboleth/native.logger.
For information on configuring Shibboleth to protect content, see the Shibboleth wiki.
You will probably also want to customize the error pages and support contact information listed in the Errors element in $prefix/etc/shibboleth/shibboleth.xml (search for "You should customize these pages!"), e.g.:
| No Format |
|---|
<Errors session="/usr/local/shibboleth/etc/shibboleth/sessionError.html"
metadata="/usr/local/shibboleth/etc/shibboleth/metadataError.html"
rm="/usr/local/shibboleth/etc/shibboleth/rmError.html"
access="/usr/local/shibboleth/etc/shibboleth/accessError.html"
ssl="/usr/local/shibboleth/etc/shibboleth/sslError.html"
supportContact="root@localhost"
logoLocation="/shibboleth-sp/logo.jpg"
styleSheet="/shibboleth-sp/main.css"/>
|
...