The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

IdPQuickInstall

Owned by Rod Widdowson
Last updated: Jun 22, 2012 by shopkins@ed.ac.ukVersion comment
3 min read

What It Does

The aim of the Quick Installer is to install a Shibboleth 2.x Identity Provider (IdP) and all the ancillary software it relies upon into a Windows machine which is part of an Active Directory Domain. It then configures all these packages to work in conjunction with the more common Active Directory configurations. The motivation is to short-circuit the error-prone but formulaic first stages of development and get the installation to a stage where testing and personalization can start.
It is always easier to change the configuration of something that works than it is to start with something which doesn't work at all. The aim of the installer is to expedite the process by installing a working IdP which can be the basis of a production IdP.

Using the Installer

Installation can be thought of as a five stage process:

  1. Download and install a 32bit Java runtime from the Java download site. This should be at least version 6.
  2. Set up the JAVA_HOME environmental variable to point to the jre environment:
    set JAVA_HOME=C:\Program Files (x86)\Java\jre6
  3. Download the installer msi for the latest version of the Identity Provider.
  4. Read this document, which explains the parameters you will be prompted for.
  5. Install the msi file (running as the administrator).
  6. Test the install.
  7. Finish configuring the installation.

Under the hood.

Briefly, the IdP Quick Installer does the following:

  1. Checks to see that Java has been installed.
  2. Checks that there is no existing Tomcat Installation.
  3. Prompts the user for some configuration details.
  4. Installs and configures an Apache Tomcat Web Server.
  5. Installs the Shibboleth IdP software.
  6. Configures the IdP to authenticate against the Active Directory Domain.
  7. Configures the IdP to extract a small number of attributes from the Active Directory Domain.

The details are described on this page .

Updating the Java VM - Beta installer versions only.

If you installed java prior to running the installer then the Java VM is updated automatically and you do not need to follow this section

Earlier test versions of the installer (probably 2.1.5 beta-3 and earlier) installed a private version of Java. This will not be updated automatically. To switch to a version which is automatically update you need to be logged in as administrator and then:

  • Download and install a 32 bit java VM.
  • Start "Manage captive tomcat" c:\program files\internet2\CaptiveTomcat 6.0\bin\tomcatw.exe.
  • Select the Java tab.
  • Click the "Use default" tick box.
  • Exit the tool
  • Edit C:\Program Files (x86)\Java\jre6\lib\security\java.security and, below the line

security.provider.9=sun.security.mscapi.SunMSCAPI

add the line

security.provider.10=edu.internet2.middleware.shibboleth.DelegateToApplicationProvider

  • Copy C:\Program Files\Internet2\CaptiveJava6\lib\ext\shib-jce-1.0.jar to C:\Program Files\Java\jre6\lib\ext
  • Restart Tomcat
  • Test your IdP.

From then on you will be using a standard java installation which will update automatically. The contexts of C:\Program Files\Internet2\CaptiveJava6 can be deleted.