Install SP 3.0 on RedHat Linux 6/7
OIT provides a yum repository of added software for RedHat-based Linux 6 and 7 machines. We have already imported the Native Service Provider and all of its dependent packages into this repo. Packages are available for RHEL/CentOS 6 and 7, for x86_64 architectures.
If you haven't done so already, make sure you have Apache httpd and mod_ssl installed and configured.
yum install httpd mod_ssl
Add the vision4 yum repo to your server
Login to your server and become root. Run these commands to install our repo files:
cd /etc/yum.repos.d wget http://install.linux.ncsu.edu/pub/yum/OIT/vision4/vision4.repo
Download and install the signing certificate used to verify our repo.
rpm --import http://install.linux.ncsu.edu/pub/yum/OIT/vision4/RPM-GPG-KEY-vision4-repo
Now you can verify that the repo is being used by looking for the SP package named "shibboleth".
yum search shibboleth # returns ... shibboleth.x86_64 : Open source system for attribute-based Web SSO
Install the SP software using yum
On your server, still as root, run yum to install the shibboleth package and its dependencies.
yum install shibboleth
It should return a list of packages that will be installed. Your versions and architecture will probably be different from this example:
Installing: shibboleth x86_64 3.0.2-1.1.vision4.el7 vision4 1.2 M Installing for dependencies: libcurl-openssl x86_64 7.61.0-1.1.vision4.el7 vision4 235 k liblog4shib2 x86_64 2.0.0-3.1.vision4.el7 vision4 70 k libsaml10 x86_64 3.0.0-1.1.vision4.el7 vision4 950 k libxerces-c-3_2 x86_64 3.2.1-1.1.vision4.el7 vision4 895 k libxml-security-c20 x86_64 2.0.1-3.1.vision4.el7 vision4 188 k libxmltooling8 x86_64 3.0.2-3.1.vision4.el7 vision4 710 k opensaml-schemas x86_64 3.0.0-1.1.vision4.el7 vision4 30 k xmltooling-schemas x86_64 3.0.2-3.1.vision4.el7 vision4 13 k
If your installation looks right, answer "Is this ok" with "y" and let it proceed.
- shibd - a new service.
- /etc/shibboleth - default directory for config files for shibd.
- /etc/httpd/conf.d/shib.conf - Apache httpd module config file.
The shibd service can be started for initial testing without performing any configuration. This test will only ensure that the pieces start correctly.
On your server, still as root, restart the shibd and httpd services. This is also a good time to make sure httpd and shibd are enabled on reboot.
systemctl restart shibd systemctl restart httpd systemctl enable shibd systemctl enable httpd
The default httpd shib module creates a handler URL on your server at the URL path /Shibboleth.sso. You can verify this handler is running by making a Status request from the localhost.
curl -k https://localhost/Shibboleth.sso/Status
This should return quickly with an XML document on STDOUT. If it does, you are ready to proceed with Configuration.