Shibboleth IdP SLO part 1 (preparation)
Prerequisite
Jdk with version > 1.6.0
In debian older than 6, we must download the jdk manually (cannot use apt-get install openjdk-6-jdk)
download and install jdk from sun website in to /usr/lib/jvm/
download and install jdk from sun website in to /usr/lib/jvm/
curl -L -O http://download.oracle.com/otn-pub/java/jdk/6u30-b12/jdk-6u30-linux-i586.bin chmod +x jdk-6u30-linux-i586.bin ./jdk-6u30-linux-i586.bin
Change default jvm
To change the default jvm, use this command:
idp:~# update-alternatives --config java Es gibt 2 Alternativen, die »java« bereitstellen. Auswahl Alternative ----------------------------------------------- * 1 /usr/lib/jvm/java-1.5.0-sun/jre/bin/java + 2 /usr/lib/jvm/java-6-openjdk/jre/bin/java Drücken Sie die Eingabetaste, um die Vorgabe[*] beizubehalten, oder geben Sie die Auswahlnummer ein: 2 Verwende »/usr/lib/jvm/java-6-openjdk/jre/bin/java«, um »java« bereitzustellen.
Change default keytool
To change the default java keytool, use this command:
idp:~# update-alternatives --config keytool Es gibt 2 Alternativen, die »keytool« bereitstellen. Auswahl Alternative ----------------------------------------------- * 1 /usr/lib/jvm/java-1.5.0-sun/jre/bin/keytool + 2 /usr/lib/jvm/java-6-openjdk/jre/bin/keytool Drücken Sie die Eingabetaste, um die Vorgabe[*] beizubehalten, oder geben Sie die Auswahlnummer ein: 2 Verwende »/usr/lib/jvm/java-6-openjdk/jre/bin/keytool«, um »keytool« bereitzustellen.
Edit profile
Add the following into file /etc/profile:
export JAVA_HOME=/usr/lib/jvm/java-6-openjdk # in debian 5 export JAVA_HOME=/usr/lib/jvm/jdk1.6.0_30 export JRE_HOME=/usr/lib/jvm/java-6-openjdk # in debian 5 export JRE_HOME=/usr/lib/jvm/jdk1.6.0_30 export PATH=$JAVA_HOME/bin:$PATH export CATALINA_HOME=/usr/local/src/tomcat6 export CATALINA_BASE=/usr/local/src/tomcat6 export IDP_HOME=/opt/shibboleth-idpSLO export JAVA_ENDORSED_DIRS=/usr/local/src/tomcat6/endorsed
Install tomcat 6
To install tomcat6, do the following step:
apt-get install tomcat6
or
curl -L -O http://apache.mirror.clusters.cc/tomcat/tomcat-6/v6.0.35/bin/apache-tomcat-6.0.35.tar.gz tar zxvf apache-tomcat-6.0.35.tar.gz mv apache-tomcat-6.0.35 /usr/local/src/tomcat6
Configure tomcat startup script
- Edit the CATALINA_HOME/bin/catalina.sh file and add the JAVA_OPTS variable as:
JAVA_OPTS="-Djava.awt.headless=true -Xmx512M -XX:MaxPermSize=128M -Dcom.sun.security.enableCRLDP=true"
- Edit the CATALINA_HOME/conf/server.xml and change autoDeploy to false:
<Host appBase="webapps" unpackWARs="true" autoDeploy="false" xmlValidation="false" xmlNamespaceAware="false">
Install Apache
Actually, Shibboleth IdP can be installed and running only using tomcat server, but in this example, we use tomcat and apache.
Comments