Date: Fri, 29 Mar 2024 10:06:17 +0000 (UTC) Message-ID: <1809511299.15.1711706777083@1dadf4e77608> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_14_587185576.1711706777082" ------=_Part_14_587185576.1711706777082 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
The following procedure will install the SP and all its dependen=
cies. Completion of the instructions will result in a functional and loaded=
but unconfigured SP installed under the /opt/local
=
file system tree maintained by the MacPorts system.
Apple has deprecated the Apache server included with macOS and no longer=
provides the necessary apxs script to allow the SP to build against it. Th=
erefore, the port will now shift to depending on, and building against, the=
Apache 2.4 port available from macports. If your current SP installation i=
s based on the Apple-provided Apache, you will need to migrate to the macpo=
rt Apache as part of upgrading the SP.
You can find disk images with an installer at http://www.macport= s.org/ or you can download and build the port software manually fr= om their tarball. After installing it, particularly if you do so from sourc= e, you may need to add /opt/local/bin to your sh= ell path.
Once installed, the port software is self updating using the =
port selfupdate
command.
Normally, it's possible to just install the primary port ("shibboleth") = and let it automatically handle dependencies. This won't work in this case = because one of the dependencies (curl) has to be installed with a port "var= iant" to enable SSL support. Ports cannot indicate that a variant of a depe= ndency is required, so you have to install curl yourself first.
All port installations MUST be done as root.<= /p>
$ sudo = -s # port install curl +ssl # port install shibboleth
You should see a number of packages downloaded and installed for you. Ot=
her port commands and options include -v
for a verbo=
se trace of the process, the upgrade
command to get new v=
ersions, and uninstall
to remove things.
If you want to build universal binaries (typically meaning both i386 and=
x86_64 architecture), you can add +universal
to the=
port installation command.
If you want to use the ODBC storage plugin, you can add +odbc=
to the command line and it will ensure that the unixODBC port =
is installed and build the plugin for you.
In httpd.conf:
Shibboleth includes sample snippets in /opt/local/etc/shibboleth for eac= h version of Apache. Do not include these files directly but copy the relev= ant portions to your own Apache configuration files/strategy.
Use of the <RequestMap>
&nbs=
p;feature is not needed for use with Apache, but if you must, its use absol=
utely requires that the UseCanonicalName
Apache directive=
be set.
Ensure that the ServerName
directive in each virt=
ual host is properly set, including overriding the scheme or port as requir=
ed by any load balancing, proxying, or offloading you may be doing.
Restart Apache.
The port install process generates and installs a launchd descriptor to = use in starting and monitoring shibd. You can manually start and s= top it yourself, or you can use launchctl like so:
launchc= tl load -F /Library/LaunchDaemons/org.macports.shibd.plist launchctl unload -F /Library/LaunchDaemons/org.macports.shibd.plist
If you want shibd to start upon boot, run:
launchc= tl load -Fw /Library/LaunchDaemons/org.macports.shibd.plist
By default, the Shibboleth module is configured to log information to th= e local syslog, with a subset also to the Apache error log.
The shibd service creates its own separate logs in /opt/local/va= r/log/shibboleth. This is the most important log used for debuggin= g anything regarding the SP and most problems manifest here rather than on = the web server side.
In order to upgrade the installation, run the commands below.
sudo -s port sync port upgrade outdated