Installing the Shibboleth SP for Apache
V2.4+ of the SP are NOT compatible with Windows 2000, XP RTM/SP1 or Server 2003 RTM (without SP1).
The Shibboleth SP installer will install a set of Apache modules for each major version. It will also install the standalone Shibboleth daemon,
shibd. Actual integration with Apache is a simple, but manual, process.
- Download the
.msi Shibboleth SP installer from the Shibboleth download site.
- Run the installer. The installer will prompt for an install path, change default configuration files as appropriate for Windows, and set various environment variables for you. A default
shibd service can also be installed.
The versions of Apache available from the http://www.apachelounge.com/ web site are known to work with the modules that come with the Windows version of Shibboleth, specifically the Apache 2.x packages built with VC10. Do NOT use the VC11 version, which is the more prominent build they offer, as it uses a newer library runtime set that is not compatible with the Shibboleth software as delivered.
Other versions might work, but they also might not work. Versions with significantly altered header files, such as IBM's or Oracle's will definitely not work unless you build the Shibboleth module from source.
Officially, we support only Apache installations that are binary compatible with the versions from the ApacheLounge site and are not EOL (end of life). Modules for older versions (Apache 1.3 and 2.0) are currently still included, but are not officially supported.
- Edit httpd.conf:
- Shibboleth bundles example configuration directives in \etc\shibboleth in the files
apache22.config, and apache24.config, which can be added to
httpd.conf using the
Include command. Be wary of placing the configuration in the wrong
- You may need to modify the path to the module in those examples based on whether you're using the 32-bit or 64-bit version of Apache and Shibboleth. The default files use a path to the 32-bit modules.
- Use of the
<RequestMap> feature is not recommended for use with Apache, but its use requires that the
UseCanonicalName directive be set.
- Ensure that the
ServerName directive is properly set, and that Apache is being started with SSL enabled.
- The primary configuration file for the module and the Shibboleth daemon,
shibd, will be located at
\etc\shibboleth\shibboleth2.xml (within the directory used to install the SP software).
shibd creates its own log at
\var\log\shibboleth\shibd.log and must have appropriate read and write permissions itself for the entire installation directory.
- Apache also will need read access to most of the installation, with the exception of your Shibboleth private key file(s). It also needs write access to
\var\log\shibboleth-www to create the