URL: http://www.switch.ch/aai/docs/shibboleth/SWITCH/1.3/idp/idp-1.3-debian-configurationfiles.html
Author: Patrik Schnellmann - SWITCH
$Date: 2007/01/26 13:37:57 $
$Revision: 1.1 $
Shibboleth 1.3 IdP on Debian, Configuration Files Overview
This page lists the commonly used configuration files of a Shibboleth IdP installation in the SWITCHaai federation.
Table of Contents
Environment Variables
Symbolic Links
Configuration Files
Log Files
Scripts
Cron Jobs
X.509 Certificates
Tomcat Web Applications
Environment Variables
The following environment variables are used on an installation described
in our IdP deployment guides.
- JAVA_HOME
- Installation directory of Java (default
/opt/java/
)
- CATALINA_HOME
- Installation directory of Apache Tomcat (default
/opt/tomcat/
)
- IDP_HOME
- Installation directory of the Shibboleth IdP (default
/opt/shibboleth-idp/
)
Symbolic Links
The following symbolic links are set during the installation described
in our IdP deployment guides.
Tomcat
- /etc/tomcat
- points to $CATALINA_HOME/conf (
/opt/tomcat/conf
)
- /var/log/tomcat
- points to $CATALINA_HOME/logs (
/opt/tomcat/logs
)
Shibboleth
- /etc/shibboleth
- points to $IDP_HOME/etc (
/opt/shibboleth-idp/etc
)
- /var/log/shibboleth
- points to $IDP_HOME/logs(
/opt/shibboleth-idp/logs
)
Configuration Files
Apache Tomcat
- $CATALINA_HOME/conf/server.xml
-
Apache Tomcat configuration file, configure connectors for ports where Tomcat
listens and keystore(s)
- $CATALINA_HOME/conf/www.example.ch.jks
-
Java keystore with the certificate and private key of "www.example.ch"
- $CATALINA_HOME/conf/truststore.jks
- (needed for Tomcat only installations) Java keystore with the CA certificates
accepted within the SWITCHaai federation, see also:
http://www.switch.ch/aai/support/ca-acceptance.html
Shibboleth
- /etc/shibboleth/resolver.xml
-
Configuration of the attribute resolver for connection to attribute store
(i.e. user directory in LDAP or SQL database), see example
resolver.xml
- $IDP_HOME/etc/idp.xml
- IdP configuration, configure providerId, certificate and key used for the IdP, Protocol Handler (URLs), see example
idp.xml
- $IDP_HOME/etc/metadata.switchaai.xml
- SWITCHaai federation metadata file
- $IDP_HOME/etc/arps/arp.site.xml
- IdP Attribute Release Policy (to be updated regularly with the
ARP update script)
- /opt/updateArp/config.txt
- Configuration script for updateArp.pl,
configure download and (optional) post processing of the
arp.site.xml file
Log Files
Shibboleth
- $IDP_HOME/logs/shib-access.log
- Access log of IdP
- $IDP_HOME/logs/shib-error.log
- Error log of IdP
Tomcat
- $CATALINA_HOME/logs/catalina.out
- Tomcat output / error log
CAS
- esupcasgeneric.log
- (only if esupcas is installed) SSO authentication log file
Scripts
Tomcat
- /etc/init.d/tomcat
- Debian specific Tomcat init script (see example
tomcat
file)
- $CATALINA_HOME/bin/catalina.sh
- Tomcat start / stop script
Shibboleth
- /opt/ArpUpdate/updateArp.pl
- Perl script for ARP update
- /opt/shibboleth-idp/bin/metadataupdate.sh
- Shell script for federation metadata update
Cron Jobs
Two cron jobs have to be installed:
- one to call metadataupdate.sh
for the automatic refresh of the federation metadata
(metadata.switchaai.xml)
- one to call updateArp.pl
for the automatic refresh of the Attribute Release Policy
(arp.site.xml)
file
X.509 Certificates
- $IDP_HOME/etc/www.example.ch.crt
- X.509 certificate used for the IdP
- $IDP_HOME/etc/www.example.ch.key
- Private key matching the certificate used for the IdP
- www.example.ch.jks
- See Configuration Files / Apache Tomcat
- truststore.jks
- See Configuration Files / Apache Tomcat
Tomcat Web Applications
- shibboleth-idp
- Shibboleth IdP web application
- cas
- CAS web application (Single Sign-On)
- arpviewer
- (optional) Attribute Release viewer (see:
AAI tools page
)
--
$Id: idp-1.3-debian-configurationfiles.html,v 1.1 2007/01/26 13:37:57 schnell Exp $