Installing the Shibboleth Native Service Provider 2.5.3 in Red Hat 6.6.0.2.el6.x86_64
Install the following software using the yum repository to build the native shibboleth sp:
yum install gcc gcc-c++ openssl-devel boost-devel libcurl-devel httpd-devel unixODBC
http://shibboleth.net/downloads/log4shib/latest/log4shib-1.0.8.tar.gz
tar xzvf log4shib-1.0.8.tar.gz
cd log4shib-1.0.8
./configure --disable-static --disable-doxygen --prefix=/apps/shibboleth-sp
make
make install
Pre-Requisite Software:
Install the following software using the yum repository to build the native shibboleth sp:
yum install gcc gcc-c++ openssl-devel boost-devel libcurl-devel httpd-devel unixODBC
Software Required:
The following software needs to be installed in the sequence order to build the Native Shibboleth Service Provider. You can install shibboleth default location /opt/shiiboleth-sp installation or you can choose custom path. I have chosen my path is /apps/shibboleth-sp1. log4shib:
1.1 Download:
http://shibboleth.net/downloads/log4shib/latest/log4shib-1.0.8.tar.gz
1.2 Extract:
tar xzvf log4shib-1.0.8.tar.gz
cd log4shib-1.0.8
1.3 Configure , Build, and Install
./configure --disable-static --disable-doxygen --prefix=/apps/shibboleth-sp
make
make install
2. xerces-c 3.1.1:
2.1 Download:
wget http://www.gtlib.gatech.edu/pub/apache//xerces/c/3/sources/xerces-c-3.1.1.tar.gz
2.2 Extract:
tar xzvf xerces-c-3.1.1.tar.gz
cd xerces-c-3.1.1
2.3 Configure , Build, and Install
./configure --prefix=/apps/shibboleth-sp --disable-netaccessor-libcurl
make
make install
3. xml-security-c-1.7.2:
3.1 Download:
http://mirrors.ibiblio.org/apache/santuario/c-library/xml-security-c-1.7.2.tar.gz
3.2 Extract:
tar xzvf xml-security-c-1.7.2.tar.gz
cd xml-security-c-1.7.2
After extracting the xml-security-c-1.7.2.tar.gz file and set CPPFLAGS and LDFLAGS to configure and build the xml-security-c
3.3 Configure , Build, and Install
export CPPFLAGS='-I/apps/shibboleth-sp/include'
export LDFLAGS='-L/apps/shibboleth-sp/lib'
export LDFLAGS='-L/apps/shibboleth-sp/lib'
./configure --without-xalan --disable-static --prefix=/apps/shibboleth-sp
make
make
make install
4. XML Tooling:
4.1 Download:
wget http://shibboleth.net/downloads/c++-opensaml/latest/xmltooling-1.5.3.tar.gz
4.2 Extract:
tar xzvf xmltooling-1.5.3.tar.gz
cd xmltooling-1.5.3
4.3 Configure , Build, and Install
./configure --with-log4shib=/apps/shibboleth-sp --prefix=/apps/shibboleth-sp -C
make
make install
5. Open SAML:
5.1 Download:
wget http://shibboleth.net/downloads/c++-opensaml/latest/opensaml-2.5.3.tar.gz
5.2 Extract:
tar xzvf opensaml-2.5.3.tar.gz
cd opensaml-2.5.3
5.3 Configure , Build, and Install
./configure --with-log4shib=/apps/shibboleth-sp --prefix=/apps/shibboleth-sp -C
make
make install
6. httpd mod_ssl
Install the apache 2.2 http server and mod ssl for configuring the Shibboleth SP as follows:
yum install httpd mod_ssl
7. Shibboleth-Sp:
7.1 Download:
http://shibboleth.net/downloads/service-provider/latest/shibboleth-sp-2.5.3.tar.gz
7.2 Extract:
tar xzvf shibboleth-sp-2.5.3.tar.gz
cd shibboleth-sp-2.5.3
7.3 Configure , Build, and Install
Before building the shibboleth enable the apache version option. In my build i have installed the apache web server 2.2. In your case if you want to enable the different apache version you can enable acording to version. The apache options are enable-apache-22 and apx file option is with-apxs22
./configure --with-log4shib=/apps/shibboleth-sp --enable-apache-22 --with-apxs22=/usr/sbin/apxs --prefix=/apps/shibboleth-sp
make
make install
Configuring the Http Server
We need to configure the http server with shibboleth sp. For that reason copy the /apps/shibboleth-sp/etc/shibboleth/apache22.config to /etc/httpd/conf.d/apache22.conf. By default apache 2.2 load the conf automatically based on the .conf extension.
I have used the default SSL configuration certs to enable the ssl.
Restart the Apache Httpd Server:
/etc/init.d/httpd restart
After restarting the http server and it will load the shibboleth2. conf file.
Starting the Shibboleth SP
Go to /apps/shiiboleth-sp/sbin and execute the following command and it will start the shibboleth sp:
./shibd
Stopping the Shibboleth SP
ps -ef | grep shibd
kill -9 <shibd process id>
rm -f /apps/shibboleth-sp/var/run/shibboleth/shibd.sock
Shibboleth Start and Stop Start up Script:
After starting and stopping the shibboleth sp successfully, we need to build the init script as follows:
Go to the /etc/init.d/ and create the shibd file and add the following content:
ATH=/sbin:/bin:/usr/sbin:/usr/bin
DESC="Shibboleth 2 daemon"
NAME=shibd
SHIB_HOME=/apps/shibboleth-sp
SHIBSP_CONFIG=$SHIB_HOME/etc/shibboleth/shibboleth2.xml
LD_LIBRARY_PATH=$SHIB_HOME/lib
DAEMON=$SHIB_HOME/sbin/$NAME
SCRIPTNAME=/etc/init.d/$NAME
PIDFILE=$SHIB_HOME/var/run/$NAME.pid
LOCKFILE=$SHIB_HOME/var/run/shibboleth/shibd.sock
DAEMON_OPTS=""
RETVAL=0
# Force removal of socket
DAEMON_OPTS="$DAEMON_OPTS -f"
# Use defined configuration file
DAEMON_OPTS="$DAEMON_OPTS -c $SHIBSP_CONFIG"
# Specify pid file to use
DAEMON_OPTS="$DAEMON_OPTS -p $PIDFILE"
# Specify wait time to use
DAEMON_OPTS="$DAEMON_OPTS -w 30"
# Source Functions
. /etc/rc.d/init.d/functions
if [ -f /etc/sysconfig/shibd ]; then
. /etc/sysconfig/shibd
fi
# Exit if the package is not installed.
[ -x "$DAEMON" ] || exit 0
case "$1" in
start)
# Don't start shibd if NO_START is set.
if [ "$NO_START" = 1 ] ; then
echo "Not starting $DESC (see /etc/default/$NAME)"
exit 0
fi
echo "Starting $DESC: "
echo "$NAME."
daemon --pidfile=${PIDFILE} $DAEMON $DAEMON_OPTS
;;
stop)
echo "Stopping $DESC: "
echo "PID File $PIDFILE"
killproc -p ${PIDFILE} -t 30
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${PIDFILE} ${LOCKFILE}
echo "$NAME."
;;
restart|force-reload)
echo "Stopping $DESC: "
killproc -p ${PIDFILE} -t 30
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${PIDFILE} ${LOCKFILE}
sleep 1
echo "Starting $DESC: "
daemon --pidfile=${PIDFILE} $DAEMON $DAEMON_OPTS
echo "$NAME."
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0
DESC="Shibboleth 2 daemon"
NAME=shibd
SHIB_HOME=/apps/shibboleth-sp
SHIBSP_CONFIG=$SHIB_HOME/etc/shibboleth/shibboleth2.xml
LD_LIBRARY_PATH=$SHIB_HOME/lib
DAEMON=$SHIB_HOME/sbin/$NAME
SCRIPTNAME=/etc/init.d/$NAME
PIDFILE=$SHIB_HOME/var/run/$NAME.pid
LOCKFILE=$SHIB_HOME/var/run/shibboleth/shibd.sock
DAEMON_OPTS=""
RETVAL=0
# Force removal of socket
DAEMON_OPTS="$DAEMON_OPTS -f"
# Use defined configuration file
DAEMON_OPTS="$DAEMON_OPTS -c $SHIBSP_CONFIG"
# Specify pid file to use
DAEMON_OPTS="$DAEMON_OPTS -p $PIDFILE"
# Specify wait time to use
DAEMON_OPTS="$DAEMON_OPTS -w 30"
# Source Functions
. /etc/rc.d/init.d/functions
if [ -f /etc/sysconfig/shibd ]; then
. /etc/sysconfig/shibd
fi
# Exit if the package is not installed.
[ -x "$DAEMON" ] || exit 0
case "$1" in
start)
# Don't start shibd if NO_START is set.
if [ "$NO_START" = 1 ] ; then
echo "Not starting $DESC (see /etc/default/$NAME)"
exit 0
fi
echo "Starting $DESC: "
echo "$NAME."
daemon --pidfile=${PIDFILE} $DAEMON $DAEMON_OPTS
;;
stop)
echo "Stopping $DESC: "
echo "PID File $PIDFILE"
killproc -p ${PIDFILE} -t 30
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${PIDFILE} ${LOCKFILE}
echo "$NAME."
;;
restart|force-reload)
echo "Stopping $DESC: "
killproc -p ${PIDFILE} -t 30
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${PIDFILE} ${LOCKFILE}
sleep 1
echo "Starting $DESC: "
daemon --pidfile=${PIDFILE} $DAEMON $DAEMON_OPTS
echo "$NAME."
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0
In the above script modify the SHIB_HOME according to your environment.
References:
1. https://dev.e-taxonomy.eu/trac/wiki/ShibbolethSP2InstallDebianLenny
2. https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLinuxSourceBuild
Hi
ReplyDeletewhen i execute
./configure --prefix=/u01/shibboleth-sp --disable-netaccessor-libcurl
from second step i am getting below warning
configure: WARNING: unrecognized options: --disable-netaccessor-libcurl
Is this ignorable.
Thanks,
goutham
Hi Goutham,
ReplyDeletePlease try the following command to verify the -disable-netaccessor-libcurl is available:
./configure --help
If not available, please remove the option and try. Let me know if you need any help.
Hi
ReplyDeleteI installed using yum successfully, could you please provide sample shibboleth2.xml file
Thanks,
goutham
Hi
ReplyDeleteI have uploaded the sample config xml file in google drive:
https://drive.google.com/file/d/0B7T1I90y1U1bb2ZhbTMyaHZqbHc/view?usp=sharing