Table of contents
This guide describes the installation of a Shibboleth Service Provider (SP) 2.5 on the supported operating systems below. We did not test the SP on all OS versions, so please report any issue you encounter.
Select first the operating system that is used on the host where the Shibboleth Service Provider is installed:
Debian 7.x (wheezy)/8.x (jessie) (using SWITCH Package Repository)
Ubuntu 12.04 LTS/14.04 LTS/16.04 LTS (using SWITCH Package Repository)
CentOS Linux 5.x/6.x
CentOS Linux 7.x
RedHat Enterprise Linux 5.x/6.x
RedHat Enterprise Linux 7.x
OpenSUSE 13.2.x
SUSE Linux Enterprise Server 10.x/11.x/12.x
Mac OS X 10.10.x or later
Windows Server 2008 R2 with IIS, Windows Server 2012 with IIS
This guide covers only installation but not configuration of the Service Provider. The installation instructions are generic and not federation specific.
If the Service Provider is already installed, please continue to the federation-specific Service Provider 2.5 Configuration Guide.
For the following steps it is assumed that the reader is sufficiently experienced to use the command line environment on the operating system of choice.
Please examine the list below and ensure that the system where the Service Provider is going to be installed meets the given requirements.
The following software is optional but recommended to be installed for installation and operation for the Service Provider.
apt-get install sudo
yum install sudo
zypper install sudo
curl
but of course you can also use wget or another tool. Just replace the curl commands in the following instructions with the tool you prefer using. Curl can be installed with:
sudo apt-get install curlsudo yum install curl
The following software must be installed in order to operate the Shibboleth Service Provider.
Before continuing to the next section, please ensure that the requirements above are met on the system where the Shibboleth Service Provider will be installed.
The Shibboleth project operates its own repository that provides the official Shibboleth Service Provider binaries and its dependencies for RPM-based Linux distributions. This repository contains always up-to-date version of the Shibboleth Service Provider. Therefore, it is recommended to prefer this repository and its packages over packages that may be provided by the OS distribution.
The Shibboleth project only provides official binary packages for RPM-based Linux distributions. As a service to its community members, SWITCH operates a repository with packages for the current Debian release. To configure this repository as an additional source for APT, follow these steps:
The Shibboleth project only provides official binary packages for RPM-based Linux distributions. As a service to its community members, SWITCH operates a repository with packages for the current Ubuntu LTS release. To configure this repository as an additional source for APT, follow these steps:
The Shibboleth project maintains the official Shibboleth Service Provider Mac Port packages. Therefore, no specific repository has to be configured for Mac OS X provided Mac Ports is installed.
sudo curl -k -O http://pkg.switch.ch/switchaai/SWITCHaai-swdistrib.asc
gpg --with-fingerprint SWITCHaai-swdistrib.ascThen verify that the fingerprint of the repository signing key is 294E 37D1 5415 6E00 FB96 D7AA 26C3 C469 15B7 6742
sudo apt-key add SWITCHaai-swdistrib.asc
echo 'deb http://pkg.switch.ch/switchaai/debian squeeze main' | sudo tee /etc/apt/sources.list.d/SWITCHaai-swdistrib.list > /dev/nullFor Debian 7.x (wheezy) add:
echo 'deb http://pkg.switch.ch/switchaai/debian wheezy main' | sudo tee /etc/apt/sources.list.d/SWITCHaai-swdistrib.list > /dev/nullFor Debian 8.x (jessie) add:
echo 'deb http://pkg.switch.ch/switchaai/debian jessie main' | sudo tee /etc/apt/sources.list.d/SWITCHaai-swdistrib.list > /dev/null
echo 'deb http://pkg.switch.ch/switchaai/ubuntu precise main' | sudo tee /etc/apt/sources.list.d/SWITCHaai-swdistrib.list > /dev/nullFor Ubuntu 14.04 LTS (trusty) add:
echo 'deb http://pkg.switch.ch/switchaai/ubuntu trusty main' | sudo tee /etc/apt/sources.list.d/SWITCHaai-swdistrib.list > /dev/nullFor Ubuntu 16.04 LTS (xenial) add:
echo 'deb http://pkg.switch.ch/switchaai/ubuntu xenial main' | sudo tee /etc/apt/sources.list.d/SWITCHaai-swdistrib.list > /dev/null
sudo curl -o /etc/yum.repos.d/security:shibboleth.repo http://download.opensuse.org/repositories/security:/shibboleth/CentOS_5/security:shibboleth.repoFor Centos 6.x:
sudo curl -o /etc/yum.repos.d/security:shibboleth.repo http://download.opensuse.org/repositories/security:/shibboleth/CentOS_CentOS-6/security:shibboleth.repo
sudo curl -o /etc/yum.repos.d/security:shibboleth.repo http://download.opensuse.org/repositories/security:/shibboleth/CentOS_7/security:shibboleth.repo
sudo curl -o /etc/yum.repos.d/security:shibboleth.repo http://download.opensuse.org/repositories/security:/shibboleth/RHEL_5/security:shibboleth.repoFor RedHat Enterprise Linux 6.x:
sudo curl -o /etc/yum.repos.d/security:shibboleth.repo http://download.opensuse.org/repositories/security:/shibboleth/RHEL_6/security:shibboleth.repo
sudo curl -o /etc/yum.repos.d/security:shibboleth.repo http://download.opensuse.org/repositories/security:/shibboleth/CentOS_7/security:shibboleth.repo
sudo curl -o /etc/yum.repos.d/security:shibboleth.repo http://download.opensuse.org/repositories/security:/shibboleth/openSUSE_13.2/security:shibboleth.repo
sudo zypper ar -f http://download.opensuse.org/repositories/security:/shibboleth/SLE_10/security:shibboleth.repoFor SUSE Linux 11.x:
sudo zypper ar -f http://download.opensuse.org/repositories/security:/shibboleth/SLE_11/security:shibboleth.repoFor SUSE Linux 11.x SP 1:
sudo zypper ar -f http://download.opensuse.org/repositories/security:/shibboleth/SLE_11_SP1/security:shibboleth.repoFor SUSE Linux 11.x SP 2:
sudo zypper ar -f http://download.opensuse.org/repositories/security:/shibboleth/SLE_11_SP2/security:shibboleth.repoFor SUSE Linux 11.x SP 3:
sudo zypper ar -f http://download.opensuse.org/repositories/security:/shibboleth/SLE_11_SP3/security:shibboleth.repoFor SUSE Linux 12.x:
sudo zypper ar -f http://download.opensuse.org/repositories/security:/shibboleth/SLE_12/security:shibboleth.repo
sudo apt-get update
sudo zypper ref -s
sudo port sync
Install the Service Provider by:
sudo apt-get install shibboleth
sudo yum install shibbolethFor 64-bit OS:
sudo yum install shibboleth.x86_64
sudo port install curl +ssl sudo port install shibbolethIf asked to confirm whether you really want to install Shibboleth and all dependencies, answer with 'Y' for yes.
If a previous version of the Service Provider from the official repository was installed on this system, this old version might be replaced by the newer version from the SWITCH repository. It is therefore ok to agree that old versions (like libapache2-mod-shib2 libshibsp4 opensaml2-schemas shibboleth-sp2-schemas) are removed.
After installation of the package, you need to start the shibd daemon:
sudo service shibd start
After installation of the package, you need to start and enable the shibd daemon:
sudo systemctl start shibd.service
sudo systemctl enable shibd.service
Shibboleth does not support the SP in conjunction with SELinux. To disable SELinux, configure SELINUX=disabled in /etc/selinux/config and reboot the system.
If there was an older version of a Service Provider already installed on the system, you might be asked whether to keep the existing configuration files or overwrite them with the package default files. The old configuration files should be kept. You can continue to use the old files in most cases. Generally, it is however recommended to perform a clean configuration as is described in the configuration guide mentioned below.sudo launchctl load -Fw /Library/LaunchDaemons/org.macports.shibd.plist
sudo ln -s /opt/local/etc/shibboleth /etc/shibboleth sudo ln -s /opt/local/var/log/shibboleth /var/log/shibboleth sudo ln -s /opt/local/etc/shibboleth/apache22.config /etc/apache2/other/shibboleth.conf
export http_proxy=proxy.example.org:8080
... <key>RunAtLoad</key> <false/> <key>OnDemand</key> <true/> <key>StandardErrorPath</key> <string>/dev/null</string> <key>UserName</key> <string>root</string> <key>Umask</key> <string>0022</string> <key>EnvironmentVariables</key> <dict> <key>http_proxy</key> <string>proxy.example.org:8080</string> </dict> </dict> </plist>
The Service Provider should now be installed on the system. Of particular interests are the directories:
After the installation a quick test shows whether the Service Provider was installed properly.
sudo shibd -t
sudo LD_LIBRARY_PATH=/opt/shibboleth/lib64 shibd -t
C:\opt\shibboleth-sp\sbin\shibd.exe -checkImportant is that the last line of the output is:
overall configuration is loadable, check console for non-fatal problems
sudo apache2ctl configtestor
sudo apachectl configtestThe output of this command should be:
Syntax OK
A valid session was not found.This message shows that the Shibboleth module is loaded by the webserver and is communicating with the shibd process.
After the above tests were successful, continue to the Shibboleth configuration. Note that the configuration and migration guides are only for Service Providers that are configured for the SWITCHaai federation. In all other cases refer to the configuration guides of the Shibboleth Consortium.
Copyright: SWITCH Author: aai@switch.ch URL: index.html