Categories
Shibboleth

Shibboleth Identity Provider Installation on Ubuntu 16.04

Here is a quick how-to on installing the Shibboleth Identity Provider software on Ubuntu 16.04. I uploaded a video to YouTube that roughly accompanies this guide. You’ll obviously need to replace hostnames accordingly.

This guide makes the following assumptions:

  • You are running a 64 bit version of Ubuntu 16.04
  • Tomcat, Java, are NOT installed
  • You have a working DNS resolver

Install and update Ubuntu VM – This doesn’t need documenting.

Install Java and Tomcat

sudo apt-get install tomcat8 tomcat8-admin

Add the following to your /etc/profile

export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre export CATALINA_HOME=/var/lib/tomcat8

You may need to log off and on again for these variables to take effect or issue a:

source /etc/profile

Edit $CATALINA_HOME/conf/tomcat-users.xml and add the following between the <tomcat-users> tags to enable access to the Tomcat manager web site:

<role rolename="manager-gui"/>
<user username="admin" password="secret" roles="manager-gui"/>

Modify the Tomcat memory restriction from 128m to 1500m in /etc/defaults/tomcat8

Restart Tomcat

sudo service tomcat8 restart

Open a web browser and check http://shib-idp.lan:8080/manager to check that Tomcat is running properly

Download and extract the latest Shibboleth Identity Provider software from: https://shibboleth.net/downloads/identity-provider/latest/

Open a terminal and change directory to the extracted archive. eg. ~/Downloads/shibboleth-identity-provider-3.2.1

To install the IdP software issue:

sudo -E bin/install.sh

You will be prompted for the installation source, Installation folder, Hostname. Entity ID, Attribute Scope and some passwords. Use the defaults for all of these except the passwords of course.

Change the owner of the installation to tomcat8:

sudo chown -R tomcat8 /opt/shibboleth-idp

Modify the /opt/shibboleth-idp/conf/access-control.xml and add your network and number of bits in CIDR notation. eg. {'10.0.0.0/24', 127.0.0.1/32'}

To deploy Shibboleth IdP on Tomcat, open a text editor and create $CATALINA_HOME/conf/Catalina/localhost/idp.xml and give it the following contents:

<Context docBase="/opt/shibboleth-idp/war/idp.war"
         privileged="true"
         antiResourceLocking="false"
         swallowOutput="true"/>

Start the IdP in Tomcat App Manager  http://shib-idp.lan:8080/manager

Check the status of the IdP by issuing:

cd /opt/shibboleth-idp/edit-webapp/WEB-INF/lib
sudo curl -O https://build.shibboleth.net/nexus/service/local/repositories/thirdparty/content/javax/servlet/jstl/1.2/jstl-1.2.jar
sudo chown tomcat8 jstl-1.2.jar
cd /opt/shibboleth-idp
sudo -E bin/build.sh

Choose the default installation directory.

In your web browser, open: http://shib-idp.lan:8080/idp/status