LinuxBuild

Building the Native SP from Source on Linux

The following installation procedure will build the Shibboleth 2 SP and all its dependencies. Completion of the instructions will result in a functional and loaded but unconfigured SP installed under /opt/shibboleth-sp. If you'd like to use an alternative directory, modify all paths accordingly.

Building Shibboleth

Building Shibboleth requires building or obtaining a cascade of dependent projects.  

• The Boost headers.  But you don't need to actually build or install the full Boost library set.
• cxxtest (optional, for unit test support)
• log4shib (or log4cpp, deprecated)
• zlib
• OpenSSL
• libcurl
• Xerces-C
• XML-Security-C

At this stage you should build the products which make up the Shibboleth project.

• XMLTooling-C
• OpenSAML-C

Finally build the SP.  When building Shibboleth, you can usually rely on the configure script to detect your Apache version and do the right thing, but in special cases, you can pass various options to control the Apache module version and locate the apxs script to use.

./configure --with-log4shib=/opt/shibboleth-sp --enable-apache-13 --with-apxs=/usr/local/apache/bin/apxs --enable-apache-20 --with-apxs2=/usr/local/apache2/bin/apxs --prefix=/opt/shibboleth-sp

Basic Configuration

These steps will configure Apache to load mod_shib, supply it with proper host and scheme information, and start shibd.

1. Set the LD_LIBRARY_PATH environment variable to the path containing Shibboleth dependencies and libraries. This may be required both in the script that starts the shibd daemon and when starting Apache (so you might put it in /etc/sysconfig/httpdor someplace similar).


   export LD_LIBRARY_PATH=/opt/shibboleth-sp/lib

2. Edit httpd.conf:


   • Shibboleth includes sample Apache configuration files in etc/shibboleth for each version of Apache. You can add an Include to httpd.conf itself, but this isn't advisable because that file will be overwritten on subsequent installs/upgrades. Use it as a sample to add the necessary commands to your own configuration.

   • UseCanonicalNameOn
   • Ensure that the ServerName directive is properly set, and that Apache is being started with SSL enabled.
3. Restart Apache.

4. shibd must be independently started and run. The daemon should in the future be loaded and monitored along with all other major services.

   /opt/shibboleth-sp/sbin/shibd

5. By default, the Shibboleth module is configured to log information on behalf of Apache to /opt/shibboleth-sp/var/log/httpd/native.log

6. shibd creates its own separate logs in /opt/shibboleth-sp/var/log/shibboleth