Here is a quick how-to on installing the Shibboleth Identity Provider software on Ubuntu 16.04. I uploaded a video to YouTube that roughly accompanies this guide. You’ll obviously need to replace hostnames accordingly.
This guide makes the following assumptions:
- You are running a 64 bit version of Ubuntu 16.04
- Tomcat, Java, are NOT installed
- You have a working DNS resolver
Install and update Ubuntu VM – This doesn’t need documenting.
Install Java and Tomcat
sudo apt-get install tomcat8 tomcat8-admin
Add the following to your /etc/profile
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre
export CATALINA_HOME=/var/lib/tomcat8
You may need to log off and on again for these variables to take effect or issue a:
source /etc/profile
Edit $CATALINA_HOME/conf/tomcat-users.xml
and add the following between the <tomcat-users>
tags to enable access to the Tomcat manager web site:
<role rolename="manager-gui"/>
<user username="admin" password="secret" roles="manager-gui"/>
Modify the Tomcat memory restriction from 128m to 1500m in /etc/defaults/tomcat8
Restart Tomcat
sudo service tomcat8 restart
Open a web browser and check http://shib-idp.lan:8080/manager to check that Tomcat is running properly
Download and extract the latest Shibboleth Identity Provider software from: https://shibboleth.net/downloads/identity-provider/latest/
Open a terminal and change directory to the extracted archive. eg. ~/Downloads/shibboleth-identity-provider-3.2.1
To install the IdP software issue:
sudo -E bin/install.sh
You will be prompted for the installation source, Installation folder, Hostname. Entity ID, Attribute Scope and some passwords. Use the defaults for all of these except the passwords of course.
Change the owner of the installation to tomcat8:
sudo chown -R tomcat8 /opt/shibboleth-idp
Modify the /opt/shibboleth-idp/conf/access-control.xml
and add your network and number of bits in CIDR notation. eg. {'10.0.0.0/24', 127.0.0.1/32'}
To deploy Shibboleth IdP on Tomcat, open a text editor and create $CATALINA_HOME/conf/Catalina/localhost/idp.xml
and give it the following contents:
<Context docBase="/opt/shibboleth-idp/war/idp.war"
privileged="true"
antiResourceLocking="false"
swallowOutput="true"/>
Start the IdP in Tomcat App ManagerĀ http://shib-idp.lan:8080/manager
Check the status of the IdP by issuing:
cd /opt/shibboleth-idp/edit-webapp/WEB-INF/lib
sudo curl -O https://build.shibboleth.net/nexus/service/local/repositories/thirdparty/content/javax/servlet/jstl/1.2/jstl-1.2.jar
sudo chown tomcat8 jstl-1.2.jar
cd /opt/shibboleth-idp
sudo -E bin/build.sh
Choose the default installation directory.
In your web browser, open: http://shib-idp.lan:8080/idp/status