Bootstrap FreeKB - Shibboleth (IdP) - Install and setup shibboleth IdP on Linux
Shibboleth (IdP) - Install and setup shibboleth IdP on Linux
Updated:   |  Shibboleth (IdP) articles

This tutorial will set up the following environment.

 

Install Java Runtime Environment (JRE).

~]# yum install jre

 

Add JAVA_HOME to your ~/.bash_profile file.

export JAVA_HOME=/usr/lib/jvm/jre

 

Install Shibboleth IdP (Identity Provider).

cd /tmp
wget http://shibboleth.net/downloads/identity-provider/<version>/shibboleth-identity-provider-<version>.tar.gz
tar -zxf shibboleth-identity-provider-<version>.tar.gz
cd shibboleth-identity-provider-<version>/bin/
./install.sh

 

There will be a series of prompts. Here are possible answers to the prompts. Ensure your DNS server can resolve the FQDN to the IP address of the Shibboleth server.

  • Install location = /opt/shibboleth-idp
  • FQDN = idp.your.domain
  • Password = myPassword

 

Copy the idp.war file to the Tomcat webapps folder. If you do not have a Tomcat server set up, install Tomcat, configure Tomcat to use HTTPS port 8443, and start Tomcat.

cp /opt/shibboleth-idp/war/idp.war /opt/tomcat/webapps/

 

The idp.war tends to take a long time to start up (5 minutes or so). This seems to be due to some issue with Shibboleth and LDAP. You can watch the Tomcat catalina.out for the deploy of idp.war.

Apr 04, 2018 8:00:42 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive /opt/tomcat/webapps/idp.war

Apr 04, 2018 8:00:59 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deployment of web application archive /opt/tomcat/webapps/idp.war has finished in 15,040 ms

 

Assuming Tomcat is configured to use port 8443, once idp.war has deployed, navigate to https://www.example.com:8443/idp and the following should be displayed.

 

For more status information, add the IP address of your domain to the WEB-INF/web.xml file in the idp war.

<init-param>
    <param-name>AllowedIPs</param-name>
    <param-value>127.0.0.1/32 ::1/128 192.168.0.0/24</param-value>
</init-param>

 

You should also be able to navigate to https://www.example.com:8443/idp/shibboleth, and the IdP metadata should be displayed. The metadata displayed in the browser should be exactly the same as the metadata in your /opt/shibboleth-idp/metadata/idp-metadata.xml file.

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 371892 in the box below so that we can be sure you are a human.