-
Notifications
You must be signed in to change notification settings - Fork 0
/
INSTALL
76 lines (34 loc) · 3.33 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
Installing LDAP-backed Shibboleth Identity Provider and Discovery Service for Testing Shibboleth Discovery Services
-------------------------------------------------------------------------------------------------------------------
1. Copy default_settings.sh to settings.sh.
2. Modify the settings file as appropriate. In theory, assuming you edit the /etc/hosts file of your service provider machine to point the IP address of for the machine you run these installers on, something like:
192.168.0.2 shib-idp.example.org shib-ds.example.org
then you do not need to change any of the settings for the installers to work.
3. Install the LDAP server with the following command (you may get prompted for a sudo password);
./install-slapd.sh
4. Add some test users using ldapaddperson. (You will need to run this command as root or using sudo). E.g.
sudo ldapaddperson joebloggs Joe Bloggs joe.bloggs@example.org
You can use the commands ldapsetpersonpasswd, ldapmodifyperson and ldapdeleteperson to respectively change the password, modify and delete the user specified. E.g.
sudo ldapsetpersonpasswd joebloggs
sudo ldapmodifyperson joebloggs
sudo ldapdeleteperson joebloggs
5. Install the Shibboleth Identity Provider with the following command:
./install-shib-idp.sh
6. Install the Shibboleth Discovery Service with the following command:
./install-shib-ds.sh
7. Edit /opt/shibboleth-idp/conf/relying-party.xml and uncomment the MetadataProvider for the Discovery Service.
8. Assuming you have already installed shibd or something similar on the machine that has your Shibboleth Service Provider, request the Service Provider's metadata from the URL:
https://<SHIBBOLETH_SERVICE_PROVIDER>/Shibboleth.sso/Metadata
9. Edit the XML file, first if it is present remove the XML header (e.g. <?xml version="1.0" encoding="UTF-8" ?>). Second, if the EntityDescriptor tag near the start of the file is prepended with md: or some other namespace prefix, then this and the closing tag need this prefix removed (e.g. <md:EntityDescriptor -> <EntityDescriptor).
10. Copy the XML from step 9 into the file /opt/shibboleth-ds/metadata/sites.xml on the machine you installed the Shibboleth Discovery Service on in step 6. You will need sudo to do this.
11. Restart Tomcat and Apache on the machine you installed the Shibboleth Discovery Service on in step 6. You will need to do this as sudo. You may also want to leave 15-30 seconds beetween restarting Tomcat and Apache to give Tomcat time to initialise properly.
sudo service tomcat6 restart
sudo service apache2 restart
12. Assuming you installed shibd on the Shibboleth Service Provider machine go to /etc/shibboleth/ and request the Discovery Service metadata file, using the following command (you will need to do this as sudo):
sudo wget http://shib-ds.example.org/sites.xml -O sites-metadata.xml
13. Give write privileges to all for /etc/shibboleth/sites-metadata.xml so that updated versions of the metadata file can be downloaded in future, (you will need to do this as sudo):
sudo chmod a+w /etc/shibboleth/sites-metadata.xml
14. Restart shibd and Apache, (you will need to do this as sudo):
sudo service shibd restart
sudo service apache2 restart
15. You should now have a working Shibboleth Service Provider. Try logging in to the application you set up to use Shibboleth as a Service Provider.