Download Shibboleth IDP
You can download the Shibboleth IDP from the this location. Download the shibboleth-identity-provider-3.4.6.tar.gz file
wget https://shibboleth.net/downloads/identity-provider/3.4.6/shibboleth-identity-provider-3.4.6.tar.gz
Extract the file using the following command
tar -xvzf shibboleth-identity-provider-3.4.6.tar.gz
Install Shibboleth IDP
Install the IDP using the installation script install.sh inside extracted folder shibboleth-identity-provider-3.4.6/bin
sudo sh install.sh
Use relevant parameters when installing the product.
Source (Distribution) Directory: /home/Downloads/shibboleth-identity-provider-3.4.6Installation Directory: /opt/shibboleth-idpHostname: localhost.localdomainSAML EntityID: my-idp Attribute Scope: localdomainBackchannel PKCS12 Password: secretRe-enter password: secretCookie Encryption Key Password: secretRe-enter password: secret
Note: above process will create the idp war file in /opt/shibboleth-idp/war/idp.war
Enable Error Logs
It is useful to enable shibboleth IDP error logs when using the product. You can enable the logs by editing the file at the location /opt/shibboleth-idp/conf/logback.xml
<!-- Logging level shortcuts. --> <variable name="idp.loglevel.idp" value="ALL" /> <variable name="idp.loglevel.ldap" value="ALL" /> <variable name="idp.loglevel.messages" value="ALL" /> <variable name="idp.loglevel.encryption" value="INFO" /> <variable name="idp.loglevel.opensaml" value="ALL" /> <variable name="idp.loglevel.props" value="INFO" />
Deploy the war file in Tomcat with enabled https
You must make sure that you have installed tomcat and enable SSL correctly before deploying the war file. In my example I have used tomcat8.
To Enable SSL on Tomcat use following steps.
To Enable SSL on Tomcat use following steps.
1. Creating a Keystore file using Java (need java SDK)
Above command change the current directory to bin folder of Java SDK. Inside it there is a file named keytool. It will generate a keystore file for us.
Next, type on the terminal:
When you type the command above, it will ask you some questions. First, it will ask you to create a password (My password is “password“):
It will create a .keystore file on your user home directory. (/home/[username])
2. Configuring Tomcat for using the keystore file – SSL config
Open your Tomcat installation directory and open the conf folder. Inside this folder, you will find the server.xml file. Open it.
Find the following declaration:
Uncomment it and modify it to look like the following:
3. Let’s test it!
Start tomcat service and try to access https://localhost:8443. You will see Tomcat’s local home page.
Note if you try to access the default 8080 port it will be working too: http://localhost:8080
Go to IDP war file location /opt/shibboleth-idp/war/idp.war and deploy it in tomcat.
Then browse the following URL to see the IDP works fine in tomcat.
https://localhost:8443/idp/status
Note :- You may sometimes encounter an error called Nested Servelet Exception. In such cases download this jar file from the maven repository and include it in the tomcat.
You can check other errors of idp by looking at its log
You can check other errors of idp by looking at its log
tail -f /opt/shibboleth-idp/logs/*.log
Quick Test
Now you will able to see the status of the server in the browser.
Now you have successfully installed shibboleth IDP
Now you have successfully installed shibboleth IDP
Comments
Post a Comment