1. Requirement for Shibboleth IdP (Version 2.3 or later)
Required packages to be installed:
- Apache HTTP Server 2.2 or later, with mod_ssl
- Apache Tomcat 6.0.17 or later (NOT 7.x.x which is not supported by current Shibboleth IdP)
- Java 6 or later
- Use Shibboleth IdP 2.4.0 or later in case you use Java 7
- Gnu Java included in CentOS does not seem to be work. Use Sun Java or OpenJDK instead.
2. Installation of Operating System
1. Configuration at OS installation
- Packages required to be installed at OS installation (CentOS 5 assumed):
- Apache Web Server (httpd)
- and others you need.
Java JDK and Tomcat will be installed in this document later.
SELinux is not supported with this document. Please confirm it is disabled with:
Determine a hostname for IdP: idp1.example.asia
Please configure IP address for interfaces, IP addresses of DNS servers
2. Register to DNS server in your domain
In local testing environment, registering to /etc/hosts may be enough.
3. Configuration on time synchronization
Use of NTP is recommended. Configure ntpd to refer nearby NTP servers.
(It may be configured already at installation to refer default NTP servers provided by pool.ntp.org project, though)
Shibboleth IdP and SP must work within 5min difference of clock.
3. Installation of jdk6 and tomcat6
1. confirm version of tomcat if installed
Uninstall tomcat if version of installed tomcat is tomcat5-5.5.25 or older.
2. Installation of jdk 6
Download jdk-6u??-linux-x64-rpm.bin from http://java.sun.com/javase/downloads/index.jsp and do as follows:
3. Installation of tomcat 6
Download apache-tomcat-6.?.??.tar.gz from http://tomcat.apache.org/download-60.cgi in /usr/java, and do as follows:
In addition, it is useful to use automatic start-up script.
Configure as follows to enable start-up script:
4. Configure system wide environment
Add following descriptions for environment variables in /etc/profile:
Apply the configured environment variables for current shell:
Finally, heck whether tomcat is working properly by accessing URL: http://idp1.example.asia:8080 (change hostname as you building)
It works if you see default screen of tomcat.
5. Configuration of httpd
Modify /etc/httpd/conf/httpd.conf on hostname
6. Modification of tomcat configuration
Edit /usr/java/tomcat/conf/server.xml as follows:
a. Comment out the following block if you do not have any plan to use the server other than IdP
b. Add the following description:
4. Installation of Shibboleth IdP
File names and locations in the following description is based on IdP Version 2.3.6.
1. Download of Shibboleth IdP
Download latest IdP shibboleth-identityprovider-2.?.?-bin.zip from http://www.shibboleth.net/downloads/identity-provider/latest/
Do as follows:
Supply parameters during execution of the install.sh as follows:
3. Configuration of Java
a. IdP Version 2.3.3 or older
Extract shibboleth-jce-1.1.0.jar from shibboleth-identityprovider-2.?.?-bin.zip (the jar file can be found in shibboleth-identityprovider-2.?.?/lib/) and copy it to $JAVA_HOME/jre/lib/ext
b. IdP Version 2.3.4 or later
After copying, add following descriptions in $JAVA_HOME/jre/lib/security/java.security.
The number 9 should be a one incremental of number in the previous line.
4. Configuration of Tomcat
Create $CATALINA_HOME/endorsed and copy all (five) jar files in /opt/shibboleth-idp/lib/endorsed/ into the $CATALINA_HOME/endorsed.
Following files are included in IdP 2.4.0
Enable these jar files in start-up script of tomcat. In case you are using start-up script provided in this document (/etc/rc.d/init.d/tomcat6), verify the following line described in the script:
If you run tomcat with an user "tomcat", change ownership of directories as follows:
5. Deployment of idp.war
5. Basic operation of IdP
1. Start up
Proceed to next step for configuration of IdP