The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

LinuxNotes

Owned by Scott Cantor
Last updated: Sept 17, 2007Version comment
2 min read

ServiceProvider Notes

Successful C++ SP Builds

Build Environment Setup

  • Set XERCESCROOT to the root of the unpacked Xerces-C tarball

configure Commands

$ OpenSSL: (not needed, just use what comes with your Linux)
$ libcurl: (usually not needed, or use ./configure --disable-static --without-ca-bundle --enable-thread --prefix=/opt/shibboleth-sp)
$ log4cpp: ./configure --disable-static --disable-doxygen --prefix=/opt/shibboleth-sp
$ Xerces-C: ./runConfigure -p linux -c gcc -x g++ -r pthread -b 32 -P /opt/shibboleth-sp
$ XML-Security-C: ./configure --without-xalan --prefix=/opt/shibboleth-sp
$ OpenSAML: ./configure --with-curl=/opt/shibboleth-sp --with-log4cpp=/opt/shibboleth-sp --prefix=/opt/shibboleth-sp -C
$ Shibboleth: ./configure --with-saml=/opt/shibboleth-sp --with-log4cpp=/opt/shibboleth-sp --enable-apache-20 --with-apxs2=/usr/sbin/apxs --prefix=/opt/shibboleth-sp -C

Build Notes

  • On most versions of Linux, the standard ONC RPC library provided should support Shibboleth properly. The configure script will attempt to verify this, and may force the use of the Shibboleth-supplied version if it appears to be necessary. Options can be passed to configure to override this detection logic.
  • RHEL3: if pkg-config is not installed (or not aware of OpenSSL), you should set some OpenSSL flags before running the Shibboleth configure script:
    • export SSLLIBS="-L/usr/kerberos/lib -lssl -lcrypto -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto -lresolv -ldl -lz" (you can omit -lssl and -lcrypto because the script adds them)
    • export SSLFLAGS="-I/usr/kerberos/include"
  • Debian:
    • apxs for Apache 1.3 packages will require --with-apxs=/usr/bin/apxs (also use --enable-apache-13 to build the module for Apache httpd v1.3)
    • apxs2 for Apache 2.0 packages will require --with-apxs2=/usr/bin/apxs2

Runtime Notes

  • Set LD_LIBRARY_PATH to the lib path containing the dependencies and Shibboleth libraries (e.g. /opt/shibboleth-sp/lib). This is required both in the script that starts the shibd daemon and when starting Apache (so you might put it in /usr/sbin/apachectl).