End of Life Warning
All maintenance for the Shibboleth Identity Provider V2 release branch ceased on July 31, 2016. All deployments should have upgraded to V3 or evaluate alternatives.
Upgrading from Shibboleth IdP 2.x
These instructions are for upgrading a currently operational version 2.x Shibboleth IdP. See Upgrade from 1.3 to 2.x for strategies for upgrading from version 1.x software.
- Download the .zip archive of the most recent Shibboleth IdP 2.x and unzip the archive. Do not use the .msi installer for upgrading an existing IdP 2.x installation.
- Make a back-up copy of your
$IDP_HOME directory "just in case" (recent versions of the IdP installer should not overwrite your config unless you answer "yes" in point 9 below).
- Stop your IdP (or stop the servlet container, eg. Tomcat), and stop Apache httpd too, if you're using it.
- If you don't already have one, it's a good idea to create a source directory specifically for storing the IdP unzipped archives. This makes it easier to manage any additional libraries or branding you might have.
- Copy your additional libraries (e.g. JDBC drivers or plugins and/or filters, like uApprove) into the
lib/ directory (i.e.
lib/ inside the source directory where you unzipped the archive; not
$IDP_HOME/lib/, which is inside the deployment directory).
- If using User Password authentication, reapply any branding you have made: ie. copy your customised
login.jsp etc. pages into the
src/main/webapp subdirectory of the unzipped archive.
- Open a command window and cd to the top-level directory of the unzipped archive
- Set the JAVA_HOME variable to the location of your jre, eg. export JAVA_HOME="/usr/lib/jvm/jdk1.8.0_40/jre"
- Run the install script from the command line (
install.sh on Unix machines,
install.bat on Windows).
- Provide the location of your
- Answer "no" when the installer asks if you wish to overwrite your configuration files.
- If your config files have been overwritten (eg. due to human error) copy the files from your back-up back in to your
- Start your IdP (or the servlet container), and start Apache httpd too, if you're using it.