Versions Compared

Old Version 47

changes.mady.by.user Former user

Saved on

compared with

New Version 48

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

These steps will configure Apache to load mod_shib, supply it with proper host and scheme information, and start shibd.

  1. Edit httpd.confApache configuration:

    • Shibboleth includes sample Apache configuration

      directives

      files in etc/shibboleth for each version of Apache

      which must be added

      . On newer OS X versions, one method is to copy the appropriate file to /private/etc/apache2/other/shib.conf and make whatever adjustments you like. Alternatively, you can add an Include to httpd.conf itself

      : Code Blocknonenone Include /opt/local/etc/shibboleth/apache.config

      , but this isn't advisable because that file will be overwritten on subsequent installs/upgrades. Use it as a sample to add the necessary commands to your own configuration.

    • Ensure that the ServerName directive is properly set, and that Apache is being started with SSL enabled.
    • The UseCanonicalName directive should be set to On for secure operation.
  2. Restart Apache.

  3. /opt/shibboleth-sp/sbin/shibd must be independently started and run in order to handle access requests. The daemon should in the future be loaded and monitored along with all other major services. A launchd file is included in etc/shibboleth/shibd.osx.plist

    Code Block
    none
    none
    
/opt/shibboleth-sp/sbin/shibd
&

  4. By default, the Shibboleth module is configured to log information on behalf of Apache to /opt/shibboleth-sp/var/log/httpd/

    native.log, though this can be changed by modifying the

    native.

    logger files pointed to by the configuration. For this

    log

    to be created, Apache must have permission to write to this file, which may require that the file be manually created and permissions assigned to whatever user Apache is configured to run under. If the file does not appear when Apache runs with the modules loaded, check for permission problems or change the location used.

  5. shibd creates its own separate logs at in /opt/shibboleth-sp/var/log/shibboleth/shibd.log and must have appropriate write permissions itself as well.

Anchor
dyldlibpathapache
dyldlibpathapache
DYLD_LIBRARY_PATH and Apache on Mac OS X

...

Add the following XML snippet to /System/Library/LaunchDaemons/org.apache.httpd.plist.

Code Block

<key>EnvironmentVariables</key>
    <dict>
        <key>DYLD_LIBRARY_PATH</key>
        <string>/opt/shibboleth-sp/lib</string>
    </dict>

...