Pegasi Wiki

This wiki acts as a memo for our own work so why not share them? Feel free to browse and use out notes and leave a note while at it.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
clustered_shibboleth_idp_v3_federated_installation [2019/02/22 14:59]
Pekka Kuronen
clustered_shibboleth_idp_v3_federated_installation [2019/02/22 16:06] (current)
Pekka Kuronen
Line 38: Line 38:
  
 Check /etc/hosts contains necessary information such as address for localhost or hostname for HA environment. If you define IDP using ldaps connection to a host you must have a matching hostname which is good to define in hosts file. Check /etc/hosts contains necessary information such as address for localhost or hostname for HA environment. If you define IDP using ldaps connection to a host you must have a matching hostname which is good to define in hosts file.
 +
 +We need JAVA_HOME so lets do it in profile file /​etc/​profile.d/​shibboleth.sh:​
 +
 +<​code>​
 +#!/bin/sh
 +export JAVA_HOME=/​usr/​lib/​jvm/​jre-1.8.0-openjdk
 +</​code>​
  
 File /​etc/​resolv.conf must have DNS data : File /​etc/​resolv.conf must have DNS data :
Line 97: Line 104:
 </​code>​ </​code>​
  
-Download the latest ​Shibboleth IDP package+Download the Shibboleth IDP package. Please see the latest version from [[https://​shibboleth.net/​downloads/​identity-provider/​latest/​|Shibboleth IDP downloads]].
  
 <​code>​ <​code>​
Line 124: Line 131:
 ==== Tomcat 8.5 installation ==== ==== Tomcat 8.5 installation ====
  
-Unpack and set up SELinux contexts.+Unpack and set directory permissions.
  
-</code>+<​code>​
 cd /opt cd /opt
 tar -xvzf /​path/​to/​tomcat-8/​v8.5.38/​bin/​apache-tomcat-8.5.38.tar.gz tar -xvzf /​path/​to/​tomcat-8/​v8.5.38/​bin/​apache-tomcat-8.5.38.tar.gz
Line 158: Line 165:
 Environment=CATALINA_BASE=/​opt/​tomcat Environment=CATALINA_BASE=/​opt/​tomcat
 Environment='​CATALINA_OPTS=-Xms2048M -Xmx4096M -server -XX:​+UseG1GC'​ Environment='​CATALINA_OPTS=-Xms2048M -Xmx4096M -server -XX:​+UseG1GC'​
-Environment='​JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/​dev/​./​urandom'​+Environment='​JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/​dev/​./​urandom ​-Didp.home=/​opt/​shibboleth-idp'
 ExecStart=/​opt/​tomcat/​bin/​startup.sh ExecStart=/​opt/​tomcat/​bin/​startup.sh
 ExecStop=/​bin/​kill -15 $MAINPID ExecStop=/​bin/​kill -15 $MAINPID
Line 171: Line 178:
  
 <​code>​ <​code>​
-chcon system_u:​object_r:​bin_t:​s0 /​opt/​tomcat/​bin+cd /​opt/​tomcat 
 +chcon system_u:​object_r:​bin_t:​s0 ​chcon system_u:​object_r:​bin_t:​s0 /opt/apache-tomcat-8.5.38/bin
 chcon -R system_u:​object_r:​etc_t:​s0 conf chcon -R system_u:​object_r:​etc_t:​s0 conf
 chcon -R system_u:​object_r:​tomcat_exec_t:​s0 bin chcon -R system_u:​object_r:​tomcat_exec_t:​s0 bin
Line 184: Line 192:
  
 <​code>​ <​code>​
-vim less tomcat-startup.te+vim tomcat-startup.te
 </​code>​ </​code>​
  
Line 198: Line 206:
 } }
  
-#​============= tomcat_t ============== 
 allow tomcat_t tomcat_exec_t:​dir search; allow tomcat_t tomcat_exec_t:​dir search;
 </​code>​ </​code>​
Line 562: Line 569:
 </​code>​ </​code>​
  
 +Not sure about this one but in case there are problems with SQL connections copy the Apache Commons database class to edit-webapp directory
 +
 +<​code>​
 +cp /​path/​to/​shibboleth-identity-provider-3.4.3/​webapp/​WEB-INF/​lib/​commons-dbcp2-2.1.1.jar /​opt/​shibboleth-idp/​edit-webapp/​WEB-INF/​lib/​
 +</​code>​
 +
 +And remember to rebuild using the build.sh command below.
  
 ===== Shibboleth IDP ===== ===== Shibboleth IDP =====
Line 567: Line 581:
 ==== Software installation ==== ==== Software installation ====
  
-Download latest IDP software from [[https://​shibboleth.net/​downloads/​identity-provider/​latest/​|Shibboleth IDP downloads]].+Unpack ​identity provider ​tar package.
  
 <​code>​ <​code>​
-mkdir /opt/src +tar -zxf wget shibboleth-identity-provider-3.4.3.tar.gz
-cd /opt/src +
-wget https://​shibboleth.net/​downloads/​identity-provider/​latest/​shibboleth-identity-provider-3.3.1.tar.gz +
-tar -zxf shibboleth-identity-provider-3.3.1.tar.gz+
 </​code>​ </​code>​
  
Line 580: Line 591:
 <​code>​ <​code>​
 wget https://​www.switch.ch/​aai/​guides/​idp/​installation/​idp-install.sh wget https://​www.switch.ch/​aai/​guides/​idp/​installation/​idp-install.sh
-sh idp-install.sh shibboleth-identity-provider-3.3.1+sh idp-install.sh shibboleth-identity-provider-3.4.3
 </​code>​ </​code>​
  

  //check if we are running within the DokuWiki environment if (!defined("DOKU_INC")){ die(); } //place the needed HTML source codes BELOW this line