Pegasi Wiki

This wiki acts as a memo for our own work so why not share them? Feel free to browse and use out notes and leave a note while at it.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
clustered_shibboleth_idp_v3_federated_installation [2019/02/22 15:06]
Pekka Kuronen
clustered_shibboleth_idp_v3_federated_installation [2019/02/22 16:06] (current)
Pekka Kuronen
Line 38: Line 38:
  
 Check /etc/hosts contains necessary information such as address for localhost or hostname for HA environment. If you define IDP using ldaps connection to a host you must have a matching hostname which is good to define in hosts file. Check /etc/hosts contains necessary information such as address for localhost or hostname for HA environment. If you define IDP using ldaps connection to a host you must have a matching hostname which is good to define in hosts file.
 +
 +We need JAVA_HOME so lets do it in profile file /​etc/​profile.d/​shibboleth.sh:​
 +
 +<​code>​
 +#!/bin/sh
 +export JAVA_HOME=/​usr/​lib/​jvm/​jre-1.8.0-openjdk
 +</​code>​
  
 File /​etc/​resolv.conf must have DNS data : File /​etc/​resolv.conf must have DNS data :
Line 97: Line 104:
 </​code>​ </​code>​
  
-Download the latest ​Shibboleth IDP package+Download the Shibboleth IDP package. Please see the latest version from [[https://​shibboleth.net/​downloads/​identity-provider/​latest/​|Shibboleth IDP downloads]].
  
 <​code>​ <​code>​
Line 124: Line 131:
 ==== Tomcat 8.5 installation ==== ==== Tomcat 8.5 installation ====
  
-Unpack and set up SELinux contexts.+Unpack and set directory permissions.
  
 <​code>​ <​code>​
Line 158: Line 165:
 Environment=CATALINA_BASE=/​opt/​tomcat Environment=CATALINA_BASE=/​opt/​tomcat
 Environment='​CATALINA_OPTS=-Xms2048M -Xmx4096M -server -XX:​+UseG1GC'​ Environment='​CATALINA_OPTS=-Xms2048M -Xmx4096M -server -XX:​+UseG1GC'​
-Environment='​JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/​dev/​./​urandom'​+Environment='​JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/​dev/​./​urandom ​-Didp.home=/​opt/​shibboleth-idp'
 ExecStart=/​opt/​tomcat/​bin/​startup.sh ExecStart=/​opt/​tomcat/​bin/​startup.sh
 ExecStop=/​bin/​kill -15 $MAINPID ExecStop=/​bin/​kill -15 $MAINPID
Line 171: Line 178:
  
 <​code>​ <​code>​
-chcon system_u:​object_r:​bin_t:​s0 /​opt/​tomcat/​bin+cd /​opt/​tomcat 
 +chcon system_u:​object_r:​bin_t:​s0 ​chcon system_u:​object_r:​bin_t:​s0 /opt/apache-tomcat-8.5.38/bin
 chcon -R system_u:​object_r:​etc_t:​s0 conf chcon -R system_u:​object_r:​etc_t:​s0 conf
 chcon -R system_u:​object_r:​tomcat_exec_t:​s0 bin chcon -R system_u:​object_r:​tomcat_exec_t:​s0 bin
Line 184: Line 192:
  
 <​code>​ <​code>​
-vim less tomcat-startup.te+vim tomcat-startup.te
 </​code>​ </​code>​
  
Line 198: Line 206:
 } }
  
-#​============= tomcat_t ============== 
 allow tomcat_t tomcat_exec_t:​dir search; allow tomcat_t tomcat_exec_t:​dir search;
 </​code>​ </​code>​
Line 562: Line 569:
 </​code>​ </​code>​
  
 +Not sure about this one but in case there are problems with SQL connections copy the Apache Commons database class to edit-webapp directory
 +
 +<​code>​
 +cp /​path/​to/​shibboleth-identity-provider-3.4.3/​webapp/​WEB-INF/​lib/​commons-dbcp2-2.1.1.jar /​opt/​shibboleth-idp/​edit-webapp/​WEB-INF/​lib/​
 +</​code>​
 +
 +And remember to rebuild using the build.sh command below.
  
 ===== Shibboleth IDP ===== ===== Shibboleth IDP =====
Line 567: Line 581:
 ==== Software installation ==== ==== Software installation ====
  
-Download latest IDP software from [[https://​shibboleth.net/​downloads/​identity-provider/​latest/​|Shibboleth IDP downloads]].+Unpack ​identity provider ​tar package.
  
 <​code>​ <​code>​
-mkdir /opt/src +tar -zxf wget shibboleth-identity-provider-3.4.3.tar.gz
-cd /opt/src +
-wget https://​shibboleth.net/​downloads/​identity-provider/​latest/​shibboleth-identity-provider-3.3.1.tar.gz +
-tar -zxf shibboleth-identity-provider-3.3.1.tar.gz+
 </​code>​ </​code>​
  
Line 580: Line 591:
 <​code>​ <​code>​
 wget https://​www.switch.ch/​aai/​guides/​idp/​installation/​idp-install.sh wget https://​www.switch.ch/​aai/​guides/​idp/​installation/​idp-install.sh
-sh idp-install.sh shibboleth-identity-provider-3.3.1+sh idp-install.sh shibboleth-identity-provider-3.4.3
 </​code>​ </​code>​
  

  //check if we are running within the DokuWiki environment if (!defined("DOKU_INC")){ die(); } //place the needed HTML source codes BELOW this line