Child pages
  • IdP Installation
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

1. Requirement for Shibboleth IdP (Version 2.3 or later)

Required packages to be installed:

  • Apache HTTP Server 2.2 or later, with mod_ssl
  • Apache Tomcat 6.0.17 or later (NOT 7.x.x which is not supported by current Shibboleth IdP)
  • Java 6 or later
    • Use Shibboleth IdP 2.4.0 or later in case you use Java 7
    • Gnu Java included in CentOS does not seem to be work. Use Sun Java or OpenJDK instead.

Please check latest information on the site of original Shibboleth:
Installation, Jetty 7, Apache Tomcat, JBoss Tomcat

2. Installation of Operating System

1. Configuration at OS installation

  • Packages required to be installed at OS installation (CentOS 5 assumed):
    • Apache Web Server (httpd)
    • OpenLDAP
    • and others you need.

    Java JDK and Tomcat will be installed in this document later.
    SELinux is not supported with this document. Please confirm it is disabled with:

    $ /usr/sbin/getenforce

  • hostname
    Determine a hostname for IdP:

  • Networking
    Please configure IP address for interfaces, IP addresses of DNS servers

2. Register to DNS server in your domain

In local testing environment, registering to /etc/hosts may be enough.

3. Configuration on time synchronization

Use of NTP is recommended. Configure ntpd to refer nearby NTP servers.

(It may be configured already at installation to refer default NTP servers provided by project, though)

Shibboleth IdP and SP must work within 5min difference of clock.

3. Installation of jdk6 and tomcat6

1. confirm version of tomcat if installed

Uninstall tomcat if version of installed tomcat is tomcat5-5.5.25 or older.

2. Installation of jdk 6

Download jdk-6u??-linux-x64-rpm.bin from and do as follows:

# chmod a+x jdk-6u??-linux-x64-rpm.bin
# ./jdk-6u??-linux-x64-rmp.bin

3. Installation of tomcat 6

Download apache-tomcat-6.?.??.tar.gz from in /usr/java, and do as follows:

# tar zxv -C /usr/java f apachetomcat-6.?.??.tar.gz
# ln -s /usr/java/apache-tomcat-6.?.?? /usr/java/tomcat

In addition, it is useful to use automatic start-up script.

# unzip
# chmod a+x tomcat6
# cp tomcat6 /etc/rc.d/init.d/

Configure as follows to enable start-up script:

# chkconfig --add tomcat6
# chkconfig --level 345 tomcat6 on

# service tomcat6 start

4. Configure system wide environment

Add following descriptions for environment variables in /etc/profile:

# /etc/profile


# System wide environment and startup programs, for login setup

Apply the configured environment variables for current shell:

source /etc/profile

Finally, heck whether tomcat is working properly by accessing URL: (change hostname as you building)

It works if you see default screen of tomcat.

5. Configuration of httpd

Modify /etc/httpd/conf/httpd.conf on hostname


ServerName (your hostname)


Modify /etc/httpd/conf.d/ssl.conf


<VirtualHost _default_:443>


ServerName (your hostname)
ProxyPass /idp/ ajp://localhost:8009/idp/ (new)



6. Modification of tomcat configuration

Edit /usr/java/tomcat/conf/server.xml as follows:

a. Comment out the following block if you do not have any plan to use the server other than IdP

    <Connector port="8080" protocol="HTTP/1.1"
               redirectPort="8443" />

b. Add the following description:

<Connector port="8009"
    protocol="AJP/1.3"  redirectPort="8443"  enableLookups="false"
 tomcatAuthentication="false" address=""


4. Installation of Shibboleth IdP

5. Basic operation of IdP

Proceed to next step for configuration of IdP


  • No labels