1. Requirement for Shibboleth IdP (Version 2.3 or later)
Required packages to be installed:
- Apache HTTP Server 2.2 or later, with mod_ssl
- Apache Tomcat 6.0.17 or later (NOT 7.x.x which is not supported by current Shibboleth IdP)
- Java 6 or later
- Use Shibboleth IdP 2.4.0 or later in case you use Java 7
- Gnu Java included in CentOS does not seem to be work. Use Sun Java or OpenJDK instead.
2. Installation of Operating System
1. Configuration at OS installation
- Packages required to be installed at OS installation (CentOS 5 assumed):
- Apache Web Server (httpd)
- and others you need.
Java JDK and Tomcat will be installed in this document later.
SELinux is not supported with this document. Please confirm it is disabled with:
Determine a hostname for IdP: idp1.example.asia
Please configure IP address for interfaces, IP addresses of DNS servers
2. Register to DNS server in your domain
In local testing environment, registering to /etc/hosts may be enough.
3. Configuration on time synchronization
Use of NTP is recommended. Configure ntpd to refer nearby NTP servers.
(It may be configured already at installation to refer default NTP servers provided by pool.ntp.org project, though)
Shibboleth IdP and SP must work within 5min difference of clock.
3. Installation of jdk6 and tomcat6
1. confirm version of tomcat if installed
Uninstall tomcat if version of installed tomcat is tomcat5-5.5.25 or older.
2. Installation of jdk 6
Download jdk-6u??-linux-x64-rpm.bin from http://java.sun.com/javase/downloads/index.jsp and do as follows:
3. Installation of tomcat 6
Download apache-tomcat-6.?.??.tar.gz from http://tomcat.apache.org/download-60.cgi in /usr/java, and do as follows:
In addition, it is useful to use automatic start-up script.
Configure as follows to enable start-up script:
4. Configure system wide environment
Add following descriptions for environment variables in /etc/profile:
Apply the configured environment variables for current shell:
Finally, heck whether tomcat is working properly by accessing URL: http://idp1.example.asia:8080 (change hostname as you building)
It works if you see default screen of tomcat.
5. Configuration of httpd
Modify /etc/httpd/conf/httpd.conf on hostname
6. Modification of tomcat configuration
Edit /usr/java/tomcat/conf/server.xml as follows:
a. Comment out the following block if you do not have any plan to use the server other than IdP
b. Add the following description:
4. Installation of Shibboleth IdP
5. Basic operation of IdP
Proceed to next step for configuration of IdP