Shibboleth at NC State » Technical Documentation » SP V3.0 Upgrade

Service Provider V3.0 Upgrade

Announcement

July 17, 2018 - From: Scott Cantor - To: Shibboleth Announcements List

The Shibboleth Project is pleased to announce that V3.0.0 of the Service Provider software is now available. This release is a largely compatible upgrade for the previous versions and supersedes those releases. There are no current plans to maintain the older SP and library branches based on experiences with the upgrade process so far but this is subject to change if unexpected problems arise.

The documentation for this release has been migrated from the old wiki space to a new dedicated space, which we hope is better organized and will be less cluttered by IdP material.

Upgraders should carefully review the Release Notes and Upgrade material beforehand.

Notable Changes from SP V2.6

New Configuration Changes

These are changes that will be applied by default when an new SP is setup. Existing SPs should continue to behave normally when an old (V2.6) configuration is used.

Upgrading from V2.6 on RHEL/Centos 6 or 7

In place upgrade without changing config files

If you have a Yum repository already setup to provide the Shibboleth packages for your server, you can simply "yum update" to load the new software in place. It is supposed to continue to work normally using existing v2.6 configuration files. In our tests they worked fine.

yum update curl-openssl shibboleth
    # should update around 9 to 11 packages

systemctl restart shibd
systemctl stop httpd
systemctl start httpd 
    # hard stop so the new mod_shib will load correctly
    # restart will continue to run mod_shib 2.6.x from memory

# now test to confirm you can still login to an SP-protected site

Upgrading configuration files

The format of the shibboleth2.xml file has not changed very much with version 3. There are a few subtle differences. We have provided new template files that you can download:

You should be able to copy your entityID and any other customizations that you've made from your 2.6.x copy of shibboleth.xml into the new template file. Once done, make a backup of the working v2.6 file and replace it with the new v3 file. Now restart shibd and httpd, and verify that the service is still running correctly.

The attribute-map.xml has not changed from version 2.6. However, we have added a few new attributes to our service. If you need to use those attributes, now is a good time to update the map file.