Versions Compared

Old Version 12

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 13

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For other RPM-supporting Linux versions, you can usually rebuild the SRPM packages.

Warning
title

Use the Correct RPM or not at all

Under no circumstances should you attempt to install a set of RPM packages built for/with a different OS or version from your own (apart from the CentOS/RHEL exception noted above). This will usually lead to unpredictable problems and support issues. Instead, you can rebuild the SRPM packages.

title
Warning

Incompatibility with RHEL / CentOS 7.0-7.3

Red Hat and CentOS 7.4 included a newer version of OpenSSL than 7.0-7.3, and the official packages don't support versions older than 7.4.

...

Installation varies by OS, but usually you just drop the definition file into a directory such as /etc/yum.repos.d. You can turn the repository on and off by adjusting the "enabled" property in the file, such as to prevent automated updates and maintain manual control. While enabled, the yum command will "see" the Shibboleth packages when you perform standard operations, and installing the SP should require only a single command:

32 bit OS
Code Block
languagebashtitle32 bit OS
$ yum install shibboleth
64 bit OS
Code Block
languagebash
title64 bit OS
$ yum install shibboleth.x86_64
Warning

Be careful of accidentally installing both the 64-bit and 32-bit version on a 64-bit server. The yum repository contains both versions for some OSs and the OS will think it can install both.

After Installation

The RPM installation process will place various components of Shibboleth in appropriate default directories based on your operating system's file system layout. Typically:

  • Shibboleth configuration files will be placed at /etc/shibboleth/ and the necessary Apache configuration in /etc/httpd/conf.d/shib.conf

  • shibd will be installed to /usr/sbin and may be managed using service and chkconfig (on System V platforms) or with systemctl (on systemd platforms, some additional information available).

  • An version of mod_shib.so appropriate to the OS-supplied Apache and other pluggable modules will be installed to /usr/lib/shibboleth/ on a 32-bit OS and /usr/lib64/shibboleth on a 64-bit OS.

Basic Configuration

  1. In httpd.conf:

    • Use of the <RequestMap> feature is not needed for use with Apache, but if you must, its use absolutely requires that the UseCanonicalName Apache directive be set.

    • Ensure that the ServerName directive in each virtual host is properly set, including overriding the scheme or port as required by any load balancing, proxying, or offloading you may be doing.

  2. Restart Apache.

  3. /usr/sbin/shibd must be independently started and run in order to handle requests. The daemon should be loaded and monitored along with all other major services.

  4. By default, the Shibboleth module is configured to log information to the local syslog, with a subset also to the Apache error log.

  5. The shibd service creates its own separate logs in /var/log/shibboleth. This is the most important log used for debugging anything regarding the SP and most problems manifest here rather than on the web server side.

...