Page tree
Skip to end of metadata
Go to start of metadata
Icon

This page provides information about how to setup Identity Provider (IdP) Shibboleth version 3 by using an installer wizard.

Resource Required

dedicated CentOS 7 (virtual or physical), with the following minimum specifications:

  • 2 CPU
  • 4GB RAM
  • 10GB+ partition for OS

Additional Requirement

This server MUST NOT be used for any other purpose in the future.

You MUST be able to execute commands as root on the system without limitation

The server MUST be accessible from the public internet.

The static IP MUST have a publicly resolvable DNS entry. Typically of the form idp.example.edu

The following ports and inbound/outbound connections MUST be allowed:

 

PortPurpose
80Outbound HTTP connections
443Outbound HTTPS connections
PortPurpose
80Inbound HTTP connections used within SAML flows
443Inbound HTTPS connections used within SAML flows
8443Backchannel, client verified TLS connections, used within SAML flows

 

An account which can bind to and run queries against your corporate directory service. You’ll require the following pieces of information from your directory administrator:

  1. IP Address / DNS entry for your LDAP server and connection port
  2. Base DN for user objects within your directory
  3. The Bind DN of the account you wish to connect to the directory with
  4. The password for the above account
  5. An LDAP filter attribute, often uid

Install Guide

Install EPEL Repository

Download the bootstrap script

 

 

Edit the bootstrap script

 

Run the bootstrap.sh script

Errors during installation

Icon

If an error occurs, the logs prior to installer termination MUST be reviewed to understand the underpinning cause.

Generally the installer SHOULD be executed once.

After the initial execution you’ll recieve an error if you try to run bootstrap.sh again.

You MUST NOT re-run bootstrap.sh if the installation process completed but you made a simple mistake. e.g.

  • Mistyped config in the MANDATORY SECTION
  • Mistyped config in the OPTIONAL SECTION

If you force bootstrap.sh to run again once initial installation has completed the action MAY be destructive.

In this scenario you should continue with federation registration as documented below and then make any configuration changes necessary as documented within the customisation stage following completion of the installation stage as documented below.

Customization

All modifiable configuration is located in the directory:

The structure of your configuration directory will look like the following:


If you made any changes to one of the file above, you need to run the following command:


Icon

If you make configuration changes directly within /opt/shibboleth/shibboleth-idp/etc/httpd or elsewhere your installation will become unsupported and you may have difficulties when upgrading.


Operation/Common Command


  • No labels