This document describes how to configure, compile, and install the Shibboleth components
on Solaris 10. The SP is built to run under the native apache2 server. Components that
use SSL are linked with the native OpenSSL libraries. All executables and libraries are
built with a runtime library path so that LD_LIBRARY_PATH is not necessary. This is the
recommended practice for Solaris. Additional components all install into /usr/local.
SP Components
I have versions of these scripts that I used under Opensolaris 2009.6 with Shib 2.1. See geneva.rutgers.edu/shib21-opensolaris.tar. They assume (1) ssl is in /usr/local/ssl, (2) apache 2.2 installed from the repository, (3) shib goes into /usr/local/shibboleth. --hedrick@rutgers.edu
- Openssl
This is present in /usr/sfw and can be used by other components.
- libcurl
This is a library for URL manipulation. It has no non-native dependancies. The
version name is curl-7.18.2. Configure with this script:
#!/bin/sh
# Built on Solaris 10 with the native OpenSSL libraries
# Using Shibboleth recommended options
PATH=/usr/sfw/bin:/opt/SUNWspro/bin:/usr/bin:/usr/ccs/bin:/usr/dt/bin:/usr/openwin/bin:/usr/sbin; export PATH
env CC=cc \
INSTALL=/usr/ucb/install \
LDFLAGS="-R/usr/sfw/lib" \
./configure \
--with-ssl=/usr/sfw \
--disable-static \
--without-ca-bundle \
--enable-thread
#!/end
|
Compile with `make'.
- log4shib
This is a C++ logging library that's specific to shibboleth. It also has no
non-native dependancies. The version name is log4shib-1.0. Configure with this
script:
#!/bin/sh
# Built on Solaris 10 with the native OpenSSL libraries
# Using Shibboleth recommended options
PATH=/usr/sfw/bin:/opt/SUNWspro/bin:/usr/bin:/usr/ccs/bin:/usr/dt/bin:/usr/openwin/bin:/usr/sbin; export PATH
env CC=cc \
CXX=CC \
CFLAGS=-xO2 \
CXXFLAGS=-xO2 \
INSTALL=/usr/ucb/install \
LDFLAGS="-R/usr/sfw/lib" \
./configure \
--disable-static \
--disable-doxygen
#!/end
|
Compile with `make'.
- Xerces-C
This is an XML parser for C++ from Apache Foundation. The recommended version is 2.8.0,
which is also the current version. It has no non-native dependancies. The version name is
xerces-c-2.8.0. Configure with this script:
#!/bin/sh
# Built on Solaris 10
# Using Shibboleth recommended options
# Requires GNU make
PATH=/usr/sfw/bin:/opt/SUNWspro/bin:/usr/bin:/usr/ccs/bin:/usr/dt/bin:/usr/openwin/bin:/usr/sbin; export PATH
XERCESCROOT=/usr/local/src/xerces-c/xerces-c-src_2_8_0; export XERCESCROOT
cd src/xercesc
env CFLAGS=-xO2 \
CXXFLAGS=-xO2 \
INSTALL=/usr/ucb/install \
./runConfigure -p solaris -c cc -x CC \
-r pthread -b 32 -P /usr/local
# LDFLAGS="-R/usr/sfw/lib"
#!/end
|
Compile with this script:
#!/bin/sh
XERCESCROOT=/usr/local/src/xerces-c/xerces-c-src_2_8_0; export XERCESCROOT
LD_RUN_PATH=/usr/local/lib; export LD_RUN_PATH
# DBGFLAGS=-g; export DBGFLAGS
cd src/xercesc
exec gmake "$@"
#!/end
|
- XML-Security-C
This is the Apache C++ XML Signature and Encryption library. The recommended version is
1.4.0, also the current version. It requires OpenSSL and Xerces-C. The version name is
xml-security-c-1.4.0. Configure with this script:
#!/bin/sh
# Built on Solaris 10
# Using Shibboleth recommended options
# Requires GNU make
# Requires mapfile to define EVP_aes_192_cbc and EVP_aes_256_cbc
PATH=/usr/sfw/bin:/opt/SUNWspro/bin:/usr/bin:/usr/ccs/bin:/usr/dt/bin:/usr/openwin/bin:/usr/sbin; export PATH
XERCESCROOT=/usr/local/src/xerces-c/xerces-c-src_2_8_0; export XERCESCROOT
env CC=cc CXX=CC \
CFLAGS=-xO2 \
CXXFLAGS=-xO2 \
INSTALL=/usr/ucb/install \
LD_OPTIONS="-M mapfile" \
./configure \
--disable-static \
--without-xalan \
--with-openssl=/usr/sfw
# LDFLAGS="-R/usr/sfw/lib"
#!/end
|
This is `mapfile', required to work around a Solaris SSL library bug:
{
global:
EVP_aes_192_cbc = FUNCTION FILTER libcrypto_extra.so.0.9.7;
EVP_aes_256_cbc = FUNCTION FILTER libcrypto_extra.so.0.9.7;
EVP_aes_192_ecb = FUNCTION FILTER libcrypto_extra.so.0.9.7;
EVP_aes_256_ecb = FUNCTION FILTER libcrypto_extra.so.0.9.7;
};
|
Compile with this script:
#!/bin/sh
_pwd=${PWD:-`pwd`}
XERCESCROOT=/usr/local/src/xerces-c/xerces-c-src_2_8_0; export XERCESCROOT
LD_RUN_PATH=/usr/sfw/lib:/usr/local/lib; export LD_RUN_PATH
LD_OPTIONS="-M $_pwd/mapfile"; export LD_OPTIONS
exec gmake "$@"
#!/end
|
- XMLTooling-C
This is a library used by OpenSAML 2. It requires log4shib, libcurl, OpenSSL, Xerces-C,
and XML-Security-C. Make sure that you don't have another version of OpenSSL installed
in /usr/local. The version name is xmltooling-1.0. Configure with this script:
#!/bin/sh
# Built on Solaris 10
# Using Shibboleth recommended options
# Requires GNU make
# Requires packages: curl-7.18.2 log4shib-1.0 xerces-c-2.8.0
# xml-security-c-1.4.0
PATH=/usr/sfw/bin:/opt/SUNWspro/bin:/usr/bin:/usr/ccs/bin:/usr/dt/bin:/usr/openwin/bin:/usr/sbin; export PATH
# XERCESCROOT=/usr/local/src/xerces-c/xerces-c-src_2_8_0; export XERCESCROOT
env CC=cc CXX=CC \
CFLAGS=-xO2 \
CXXFLAGS=-xO2 \
INSTALL=/usr/ucb/install \
./configure \
--with-log4shib=/usr/local \
--with-xerces=/usr/local \
--with-xmlsec=/usr/local \
--with-openssl=/usr/sfw \
--with-curl=/usr/local
#!/end
|
Compile with this script:
#!/bin/sh
# XERCESCROOT=/usr/local/src/xerces-c/xerces-c-src_2_8_0; export XERCESCROOT
LD_RUN_PATH=/usr/sfw/lib:/usr/local/lib; export LD_RUN_PATH
# DBGFLAGS=-g; export DBGFLAGS
exec gmake "$@"
#!/end
|
- OpenSAML-C
This is a set of C++ and Java libraries for SAML. It requires log4shib, libcurl, OpenSSL, Xerces-C, XML-Security-C, and XMLTooling-C. The version name is opensaml-2.0.
Configure with this script:
#!/bin/sh
# Built on Solaris 10
# Using Shibboleth recommended options
# Requires GNU make
# Requires packages: curl-7.18.2 log4shib-1.0 xerces-c-2.8.0
# xml-security-c-1.4.0 xmltooling-1.0
PATH=/usr/sfw/bin:/opt/SUNWspro/bin:/usr/bin:/usr/ccs/bin:/usr/dt/bin:/usr/openwin/bin:/usr/sbin; export PATH
# XERCESCROOT=/usr/local/src/xerces-c/xerces-c-src_2_8_0; export XERCESCROOT
env CC=cc CXX=CC \
CFLAGS=-xO2 \
CXXFLAGS=-xO2 \
INSTALL=/usr/ucb/install \
./configure \
--with-log4shib=/usr/local \
--with-xerces=/usr/local \
--with-xmlsec=/usr/local \
--with-xmltooling=/usr/local \
--with-openssl=/usr/sfw \
--with-curl=/usr/local
#!/end
|
Compile with this script:
#!/bin/sh
# XERCESCROOT=/usr/local/src/xerces-c/xerces-c-src_2_8_0; export XERCESCROOT
LD_RUN_PATH=/usr/sfw/lib:/usr/local/lib; export LD_RUN_PATH
# DBGFLAGS=-g; export DBGFLAGS
exec gmake "$@"
#!/end
|
- Shibboleth
This is the SP itself. It requires OpenSSL, log4shib, Xerces-C, XML-Security-C,
XMLTooling-C, and OpenSAML-C. In order to use apxs on Solaris 10, add this symlink:
/usr/apache2/build -> /var/apache2/build
|
Installing this component does not update the apache2 configuration files. The version
name is shibboleth-2.0. Configure with this script:
#!/bin/sh
# Built on Solaris 10
# Using Shibboleth recommended options
# Requires GNU make
# Requires packages: log4shib-1.0 xerces-c-2.8.0
# xml-security-c-1.4.0 xmltooling-1.0 opensaml-2.0
PATH=/usr/sfw/bin:/opt/SUNWspro/bin:/usr/bin:/usr/ccs/bin:/usr/dt/bin:/usr/openwin/bin:/usr/sbin; export PATH
# XERCESCROOT=/usr/local/src/xerces-c/xerces-c-src_2_8_0; export XERCESCROOT
env CC=cc CXX=CC \
CFLAGS=-xO2 \
CXXFLAGS="-xO2 -library=Cstd,Crun" \
INSTALL=/usr/ucb/install \
./configure \
--enable-apache-20 \
--with-log4shib=/usr/local \
--with-xerces=/usr/local \
--with-xmlsec=/usr/local \
--with-xmltooling=/usr/local \
--with-openssl=/usr/sfw \
--with-saml=/usr/local \
--with-apxs2=/usr/apache2/bin/apxs
# LDFLAGS="-R/usr/sfw/lib"
#!/end
|
Compile with this script:
#!/bin/sh
# XERCESCROOT=/usr/local/src/xerces-c/xerces-c-src_2_8_0; export XERCESCROOT
LD_RUN_PATH=/usr/sfw/lib:/usr/local/lib; export LD_RUN_PATH
# DBGFLAGS=-g; export DBGFLAGS
exec gmake "$@"
#!/end
|
Installation
Some components will need to be installed so that others can be built. This is noted
in the configure scripts. All components can be installed with either `make install'
or by executing the make script with the `install' option. At my university, we don't
install them directly but build packages first, and then install them from the packages.
If there is interest, I can make these packages available. They are compiled for the
x86 flavour of Solaris 10 only.
Apache2 configuration
On Solaris 10, all apache2 configuration files reside in /etc/apache2. You will have
to insert:
Include /usr/local/etc/shibboleth/apache2.config
|
into ssl.conf. Just before:
is a good place. As well, you will have to comment out this line in the same file:
This prevents a mysterious interaction with the Shibboleth module that causes CGI
execution to hang because apache is waiting on a mutex.
`shibd' should be started at boot time. On Solaris 10, this is done with an SMF
manifest. These typically reside in /var/svc/manifest. The `site' subdirectory is
a suitable place for locally-added manifests.
Log files for the apache module are defined in /usr/local/etc/shibboleth/native.logger.
Likewise, for shibd they are defined in /usr/local/etc/shibboleth/shibd.logger. These
can be changed to more suitable locations, or the /usr/local/var/log/shibboleth directory
can be replaced to a symlink, to /var/log/shibboleth for example.