The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 38 Next »

Building the Native SP from Source on Mac OS X

The following installation procedure will build the Shibboleth 2.x SP and all its dependencies. Completion of the instructions will result in a functional and loaded but unconfigured SP installed under /opt/shibboleth-sp/. If you'd like to use an alternative directory, modify all paths accordingly.

The 2.x native SP has been built successfully using the following combinations:

  • OS X 10.4 with gcc4 (PPC, 32-bit)
  • OS X 10.5 with gcc4 (PPC, 32-bit)
  • OS X 10.5 with gcc4 (Intel, 32-bit)
  • OS X 10.6 with gcc4 (Intel, 64-bit) - see below

Set Up the Build Environment

  • Set DYLD_LIBRARY_PATH to the eventual lib path into which you'll be installing the packages you're building (/opt/shibboleth-sp/lib)
  • Set MACOSX_DEPLOYMENT_TARGET to your OS X version (e.g. 10.4 or 10.5)

Building Shibboleth

The following packages must be built in the following order using the ./configure commands listed. Be sure to make and make install as appropriate for each package, including Shibboleth itself.

For any specific notes about each package and any special version requirements, you can click on the dependency.

  • libcurl: (not needed on 10.4, or use ./configure --disable-static --without-ca-bundle --enable-thread --with-ssl --prefix=/opt/shibboleth-sp
  • log4shib: ./configure --disable-static --disable-doxygen --prefix=/opt/shibboleth-sp
  • ICU: ./configure --prefix=/opt/shibboleth-sp
  • Xerces-C: ./configure --prefix=/opt/shibboleth-sp --disable-static --enable-netaccessor-socket --enable-transcoder-icu --with-icu=/opt/shibboleth-sp
  • XML-Security-C: ./configure --without-xalan --prefix=/opt/shibboleth-sp --with-xerces=/opt/shibboleth-sp
  • XMLTooling-C: ./configure --with-log4shib=/opt/shibboleth-sp --prefix=/opt/shibboleth-sp -C
  • OpenSAML-C: ./configure --with-log4shib=/opt/shibboleth-sp --prefix=/opt/shibboleth-sp -C

If you have pkg-config installed, you may need to append --with-openssl=/usr to the XMLTooling-C and OpenSAML-C configure commands (or remove pkg-config from your path).

When building Shibboleth, you may need to use different options if you're not using the standard Apple Apache version and/or if the Apache files are not in your system path.

  • Shibboleth: ./configure --with-log4shib=/opt/shibboleth-sp --prefix=/opt/shibboleth-sp -C

Troubleshooting

If you're not comfortable researching and diagnosing configure and/or make errors, we strongly suggest you find somebody who is, or use a package of some sort rather than a direct source build. However, we'll compile some tips on troubleshooting source builds.

Basic Configuration

These steps will configure Apache to load mod_shib, supply it with proper host and scheme information, and start shibd.

  1. Edit httpd.conf:
    • Shibboleth includes Apache configuration directives in etc/shibboleth for each version of Apache which must be added. On newer OS X versions, one method is to copy the appropriate file to /private/etc/apache2/other/shib.conf. Alternatively, you can add an Include to httpd.conf itself: 
      Include /opt/local/etc/shibboleth/apache.config
    • Ensure that the ServerName directive is properly set, and that Apache is being started with SSL enabled.
    • The UseCanonicalName directive should be set to On for secure operation.
  2. Restart Apache.
  3. /opt/shibboleth-sp/sbin/shibd must be independently started and run in order to handle access requests. The daemon should in the future be loaded and monitored along with all other major services. A launchd file is included in etc/shibboleth/shibd.osx.plist 
    /opt/shibboleth-sp/sbin/shibd &
  4. By default, the Shibboleth module is configured to log information on behalf of Apache to /opt/shibboleth-sp/var/log/httpd/native.log, though this can be changed by modifying the native.logger files pointed to by the configuration. For this log to be created, Apache must have permission to write to this file, which may require that the file be manually created and permissions assigned to whatever user Apache is configured to run under. If the file does not appear when Apache runs with the modules loaded, check for permission problems or change the location used.
  5. shibd creates its own separate logs at /opt/shibboleth-sp/var/log/shibboleth/shibd.log and must have appropriate write permissions itself as well.

For 64-bit Intel

I'm no Gnu config expert, so this is surely not the best, but the results do seem to work:

setenv CFLAGS "-arch x86_64"
setenv CCFLAGS "-arch x86_64"
setenv CXXFLAGS "-arch x86_64"
setenv LDFLAGS "-arch x86_64"
setenv DYLD_LIBRARY_PATH /opt/shibboleth-sp/lib
setenv MACOSX_DEPLOYMENT_TARGET 10.5

log4shib: ./configure --disable-static --disable-doxygen --prefix=/opt/shibboleth-sp
after doing configure edit libtool
find compiler_flags=
set to compiler_flags="-arch x86_64"

icu is not needed, which is good because I had big trouble building it for 64 bits

xerces: ./configure --prefix=/opt/shibboleth-sp --disable-static --enable-netaccessor-socket --enable-transcoder-macosunicodeconverter
it's possible that the last arg isn't needed.
after doing configure edit libtool
find compiler_flags=
set to compiler_flags="-arch x86_64"

xml-security: ./configure --without-xalan --prefix=/opt/shibboleth-sp --with-xerces=/opt/shibboleth-sp
after doing configure edit libtool
find compiler_flags=
set to compiler_flags="-arch x86_64"

xmltooling: ./configure --with-log4shib=/opt/shibboleth-sp --prefix=/opt/shibboleth-sp -C
***BEFORE configure, edit ltmain.sh
find compiler_flags=
set to compiler_flags="-arch x86_64"

opensaml: ./configure --with-log4shib=/opt/shibboleth-sp --prefix=/opt/shibboleth-sp -C
***BEFORE configure, edit ltmain.sh [don't know this is required; did it because
all the others needed it]
find compiler_flags=
set to compiler_flags="-arch x86_64"

shibboleth: ./configure --with-log4shib=/opt/shibboleth-sp --prefix=/opt/shibboleth-sp -C
***WARNING note the spaces around compiler flag
***BEFORE configure, edit ltmain.sh [don't know this is required; did it because
all the others needed it]
find compiler_flags=
set to compiler_flags=" -arch x86_64 "

  • No labels