This tutorial will set up the following environment.
Install Java Runtime Environment (JRE).
~]# yum install jre
Add JAVA_HOME to your ~/.bash_profile file.
Install Shibboleth IdP (Identity Provider).
cd /tmp wget http://shibboleth.net/downloads/identity-provider/<version>/shibboleth-identity-provider-<version>.tar.gz tar -zxf shibboleth-identity-provider-<version>.tar.gz cd shibboleth-identity-provider-<version>/bin/ ./install.sh
There will be a series of prompts. Here are possible answers to the prompts. Ensure your DNS server can resolve the FQDN to the IP address of the Shibboleth server.
cp /opt/shibboleth-idp/war/idp.war /opt/tomcat/webapps/
The idp.war tends to take a long time to start up (5 minutes or so). This seems to be due to some issue with Shibboleth and LDAP. You can watch the Tomcat catalina.out for the deploy of idp.war.
Apr 04, 2018 8:00:42 PM org.apache.catalina.startup.HostConfig deployWAR INFO: Deploying web application archive /opt/tomcat/webapps/idp.war Apr 04, 2018 8:00:59 PM org.apache.catalina.startup.HostConfig deployWAR INFO: Deployment of web application archive /opt/tomcat/webapps/idp.war has finished in 15,040 ms
Assuming Tomcat is configured to use port 8443, once idp.war has deployed, navigate to https://www.example.com:8443/idp and the following should be displayed.
For more status information, add the IP address of your domain to the WEB-INF/web.xml file in the idp war.
<init-param> <param-name>AllowedIPs</param-name> <param-value>127.0.0.1/32 ::1/128 192.168.0.0/24</param-value> </init-param>
You should also be able to navigate to https://www.example.com:8443/idp/shibboleth, and the IdP metadata should be displayed. The metadata displayed in the browser should be exactly the same as the metadata in your /opt/shibboleth-idp/metadata/idp-metadata.xml file.