Install SP 2.4
These are obsolete docs that should not be used. For new installations, please refer to our current Technical Docs.
Installing Shibboleth SP on RHEL6 using NC State's Vision3 repository
0. Requirements
packages are available for i686 and x86_64 architectures
you must be willing to replace the standard RedHat curl library with a recompiled version (this may have unexpected side effects)
1. Get Vision3 repo file
# on your server, become root, then run:
cd /etc/yum.repos.d
wget http://install.linux.ncsu.edu/pub/yum/OIT/vision3/vision3.repo
cd /tmp
wget https://sysnews.ncsu.edu/oit-unixsys.gpg
rpm --import oit-unixsys.gpg
rm oit-unixsys.gpg
2. Replace RedHat curl
As of SP 2.5, this step is no longer necessary. The packaged curl- openssl RPM installs itself in /opt instead of overwriting the RedHat curl, and the SP software is configured to use the copy in that directory. Please disregard this step for new installs.
By default, RedHat and Fedora provide curl libraries built against the NSS encryption libraries. The team built Shibboleth SP using calls that are unique to libcurl built against the openSSL libraries. We are left in the position of changing a standard system library for another and hoping that it still works the same. The team has no advice as to whether or not this might break something else on your machine. We have packaged the curl library in such a way as to make it relatively easy to keep it separated from the system standard. For best results, you want to remove the existing curl and install the new using a single yum transaction, as follows:
# on your server, as root, in sh or bash:
yum shell << END
config assumeyes 1
remove curl libcurl
install curl-openssl libcurl-openssl
run
END
Yum should find the *curl-openssl packages in the vision3 repository installed in step 1. It should also have no trouble with the signatures if you installed the oit-unixsys key as in step 1.
3. Install Shibboleth Packages
# on your server, as root:
yum install shibboleth
After checking dependencies, yum will come back with a list of 8 packages to install. This is normal. Reply with Yes and let it do the job.
If you get conflict errors with curl, then you didn't replace curl with curl-openssl correctly as per step 2 above.
4. Configure
Follow steps 2 and 3 on the parent of this page. Namely, select an entityID for your server and generate your SP keys. Then come back to these notes.
SP configuration changed pretty dramatically with 2.4.x. To make things a little easier, here's a zip file with the files needed to customize for NCSU Federation.
- shibboleth2.xml = main SP configuration file
- attribute-map.xml = mappings for NCSU Federation attributes
- ncsu_federation.pem = NCSU Federation signing certificate
Unpack the zip file and move those files into /etc/shibboleth on your server. Edit shibboleth2.xml look for comments with the keyword "NCSUCONFIG" They will direct you to the pieces that you need to set for your individual server. Restart shibd once this is setup. Make sure Apache httpd is loading the shib.conf extension and restart Apache as well. The server should generate your Metadata file via the URL your.server.ncsu.edu/Shibboleth.sso/Metadata
For more information on how to configure access controls, vhosts, and such, see: Native SP Apache Config