Versions Compared

Old Version 24

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 25

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Windows installer contains a fourth version field that indicates the patch level within a particular SP release. Initially 0, it will be incremented if patches to software included with but not part of the SP need to be updated (e.g., OpenSSL). Subsequent patch level installers will safely upgrade older versions and the ReleaseNotes will always document exactly what library versions are included in each release.

Upgrades

Upgrading to new releases is handled automatically when the MSI installer is used. The system prevents configuration files from being overwritten and skips "initial install" tasks like generating keys. The Shibboleth daemon is restarted by the package but you will need to restart the web server you're using yourself.

Web Server Overview

Note

Restricting ACLs

Note that the installer does not adjust file system ACLs based on your install path. Wherever you choose to install the software, you should consider reviewing and hardening the file and folder access to that location. Most of these folders and files should be read only. The daemon process runs by default as a system account and should already have the necessary access. You should if possible prevent all other access to the private key file(s) as those need not be readable by anything else, and you need not allow any writing of files, or creation of folders or files by any other users.

If you run your web server under a different user account (not a member of the Administrators group) you will need to adjust the rights if you limit read access, but the web server should not in general require any write access whatsoever to those folders or files.

Upgrades

Upgrading to new releases is handled automatically when the MSI installer is used. The system prevents configuration files from being overwritten and skips "initial install" tasks like generating keys. The Shibboleth daemon is restarted by the package but you will need to restart the web server you're using yourself.

Web Server Overview

Installation with IIS

The plugin modules in support of IIS are always installed. If IIS itself is installed you will be prompted "Configure IIS7 module?".  Check this box to actually configure Shibboleth to run with IIS, in practice this can be done with two command.

...