This tutorial will set up the following environment.
Install Java Runtime Environment (JRE).
~]# yum install jre
Add JAVA_HOME to your ~/.bash_profile file.
Install Shibboleth IdP (Identity Provider).
cd /tmp wget http://shibboleth.net/downloads/identity-provider/<version>/shibboleth-identity-provider-<version>.tar.gz tar -zxf shibboleth-identity-provider-<version>.tar.gz cd shibboleth-identity-provider-<version>/bin/ ./install.sh
There will be a series of prompts. Here are possible answers to the prompts. Ensure your DNS server can resolve the FQDN to the IP address of the Shibboleth server.
- Install location = /opt/shibboleth-idp
- FQDN = idp.your.domain
- Password = myPassword
Note that the idp.war may take a long time to start up (5 minutes or so). This seems to be due to some issue with Shibboleth and LDAP.
~]# cp /opt/shibboleth-idp/war/idp.war /opt/tomcat/webapps/
Assuming Tomcat is configured to use port 8443, navigate to https://www.example.com:8443/idp/profile/Status, and ok should be displayed.
For more status information, add the IP address of your domain to the WEB-INF/web.xml file in the idp war.
<init-param> <param-name>AllowedIPs</param-name> <param-value>127.0.0.1/32 ::1/128 192.168.0.0/24</param-value> </init-param>
You should also be able to navigate to https://www.example.com:8443/idp/shibboleth, and the IdP metadata should be displayed. The metadata displayed in the browser should be exactly the same as the metadata in your /opt/shibboleth-idp/metadata/idp-metadata.xml file.