Shibboleth at NC State » Technical Documentation » SP Installation » Install SP 3.0 on RedHat Linux 6/7

Install SP 3.0 on RedHat Linux 6/7

OIT provides a yum repository of added software for RedHat-based Linux 6 and 7 machines. We have already imported the Native Service Provider and all of its dependent packages into this repo. Packages are available for RHEL/CentOS 6 and 7, for x86_64 architectures.

Prerequisites

If you haven't done so already, make sure you have Apache httpd and mod_ssl installed and configured.

yum install httpd mod_ssl

Add the vision4 yum repo to your server

Login to your server and become root. Run these commands to install our repo files:

cd /etc/yum.repos.d
wget http://install.linux.ncsu.edu/pub/yum/OIT/vision4/vision4.repo

Download and install the signing certificate used to verify our repo.

rpm --import http://install.linux.ncsu.edu/pub/yum/OIT/vision4/RPM-GPG-KEY-vision4-repo

Now you can verify that the repo is being used by looking for the SP package named "shibboleth".

yum search shibboleth
# returns ...
shibboleth.x86_64 : Open source system for attribute-based Web SSO

Install the SP software using yum

On your server, still as root, run yum to install the shibboleth package and its dependencies.

yum install shibboleth

It should return a list of packages that will be installed. Your versions and architecture will probably be different from this example:

Installing:
 shibboleth           x86_64  3.0.2-1.1.vision4.el7    vision4     1.2 M
Installing for dependencies:
 libcurl-openssl      x86_64  7.61.0-1.1.vision4.el7   vision4     235 k
 liblog4shib2         x86_64  2.0.0-3.1.vision4.el7    vision4      70 k
 libsaml10            x86_64  3.0.0-1.1.vision4.el7    vision4     950 k
 libxerces-c-3_2      x86_64  3.2.1-1.1.vision4.el7    vision4     895 k
 libxml-security-c20  x86_64  2.0.1-3.1.vision4.el7    vision4     188 k
 libxmltooling8       x86_64  3.0.2-3.1.vision4.el7    vision4     710 k
 opensaml-schemas     x86_64  3.0.0-1.1.vision4.el7    vision4      30 k
 xmltooling-schemas   x86_64  3.0.2-3.1.vision4.el7    vision4      13 k

If your installation looks right, answer "Is this ok" with "y" and let it proceed.

This installs:

Initial testing

The shibd service can be started for initial testing without performing any configuration. This test will only ensure that the pieces start correctly.

On your server, still as root, restart the shibd and httpd services. This is also a good time to make sure httpd and shibd are enabled on reboot.

systemctl restart shibd
systemctl restart httpd
systemctl enable shibd
systemctl enable httpd

The default httpd shib module creates a handler URL on your server at the URL path /Shibboleth.sso. You can verify this handler is running by making a Status request from the localhost.

curl -k https://localhost/Shibboleth.sso/Status

This should return quickly with an XML document on STDOUT. If it does, you are ready to proceed with Configuration.