Building the Native SP from Source on Linux
For notes on Installation see this topic
The following installation procedure will build the Shibboleth 2 SP and all its dependencies. Completion of the instructions will result in a functional and loaded but unconfigured SP installed under /opt/shibboleth-sp
. If you'd like to use an alternative directory, modify all paths accordingly.
Building Shibboleth
Building Shibboleth requires building or obtaining a cascade of dependent projects.
- The Boost headers. But you don't need to actually build or install the full Boost library set.
- cxxtest (optional, for unit test support)
- log4shib (or log4cpp, deprecated)
- zlib
- OpenSSL
- libcurl
- Xerces-C
- XML-Security-C
At this stage you should build the products which make up the Shibboleth project.
Finally build the SP. When building Shibboleth, you can usually rely on the configure
script to detect your Apache version and do the right thing, but in special cases, you can pass various options to control the Apache module version and locate the apxs
script to use.
./configure --with-log4shib=/opt/shibboleth-sp --enable-apache-13 --with-apxs=/usr/local/apache/bin/apxs --enable-apache-20 --with-apxs2=/usr/local/apache2/bin/apxs --prefix=/opt/shibboleth-sp
Basic Configuration
These steps will configure Apache to load mod_shib
, supply it with proper host and scheme information, and start shibd
.
Set the LD_LIBRARY_PATH environment variable to the path containing Shibboleth dependencies and libraries. This may be required both in the script that starts the
shibd
daemon and when starting Apache (so you might put it in/etc/sysconfig/httpd
or someplace similar).export LD_LIBRARY_PATH=/opt/shibboleth-sp/lib
Edit
httpd.conf
:Shibboleth includes sample Apache configuration files in
etc/shibboleth
for each version of Apache. You can add anInclude
tohttpd.conf
itself, but this isn't advisable because that file will be overwritten on subsequent installs/upgrades. Use it as a sample to add the necessary commands to your own configuration.UseCanonicalName
On
- Ensure that the
ServerName
directive is properly set, and that Apache is being started with SSL enabled.
- Restart Apache.
shibd
must be independently started and run. The daemon should in the future be loaded and monitored along with all other major services./opt/shibboleth-sp/sbin/shibd
By default, the Shibboleth module is configured to log information on behalf of Apache to
/opt/shibboleth-sp/var/log/httpd/native.log
shibd
creates its own separate logs in/opt/shibboleth-sp/var/log/shibboleth