Tuesday, April 24, 2012

Shibboleth IdP SLO part 1 (preparation)

Prerequisite

Jdk with version > 1.6.0

In debian older than 6, we must download the jdk manually (cannot use apt-get install openjdk-6-jdk)
download and install jdk from sun website in to /usr/lib/jvm/ 
curl -L -O http://download.oracle.com/otn-pub/java/jdk/6u30-b12/jdk-6u30-linux-i586.bin
chmod +x jdk-6u30-linux-i586.bin
./jdk-6u30-linux-i586.bin

Change default jvm

To change the default jvm, use this command:
idp:~# update-alternatives --config java

Es gibt 2 Alternativen, die »java« bereitstellen.

Auswahl      Alternative
-----------------------------------------------
*         1    /usr/lib/jvm/java-1.5.0-sun/jre/bin/java
 +        2    /usr/lib/jvm/java-6-openjdk/jre/bin/java

Drücken Sie die Eingabetaste, um die Vorgabe[*] beizubehalten,
oder geben Sie die Auswahlnummer ein: 2
Verwende »/usr/lib/jvm/java-6-openjdk/jre/bin/java«, um »java« bereitzustellen.

Change default keytool

To change the default java keytool, use this command:
idp:~# update-alternatives --config keytool

Es gibt 2 Alternativen, die »keytool« bereitstellen.

Auswahl      Alternative
-----------------------------------------------
*         1    /usr/lib/jvm/java-1.5.0-sun/jre/bin/keytool
 +        2    /usr/lib/jvm/java-6-openjdk/jre/bin/keytool

Drücken Sie die Eingabetaste, um die Vorgabe[*] beizubehalten,
oder geben Sie die Auswahlnummer ein: 2
Verwende »/usr/lib/jvm/java-6-openjdk/jre/bin/keytool«, um »keytool« bereitzustellen.

Edit profile

Add the following into file /etc/profile:
export JAVA_HOME=/usr/lib/jvm/java-6-openjdk         # in debian 5 export JAVA_HOME=/usr/lib/jvm/jdk1.6.0_30
export JRE_HOME=/usr/lib/jvm/java-6-openjdk  # in debian 5 export JRE_HOME=/usr/lib/jvm/jdk1.6.0_30
export PATH=$JAVA_HOME/bin:$PATH
export CATALINA_HOME=/usr/local/src/tomcat6
export CATALINA_BASE=/usr/local/src/tomcat6
export IDP_HOME=/opt/shibboleth-idpSLO
export JAVA_ENDORSED_DIRS=/usr/local/src/tomcat6/endorsed

Install tomcat 6

To install tomcat6, do the following step:
apt-get install tomcat6
or
curl -L -O http://apache.mirror.clusters.cc/tomcat/tomcat-6/v6.0.35/bin/apache-tomcat-6.0.35.tar.gz
tar zxvf apache-tomcat-6.0.35.tar.gz
mv apache-tomcat-6.0.35 /usr/local/src/tomcat6

Configure tomcat startup script

  • Edit the CATALINA_HOME/bin/catalina.sh file and add the JAVA_OPTS variable as:
JAVA_OPTS="-Djava.awt.headless=true -Xmx512M -XX:MaxPermSize=128M -Dcom.sun.security.enableCRLDP=true"

  • Edit the CATALINA_HOME/conf/server.xml and change autoDeploy to false:
<Host  appBase="webapps" unpackWARs="true" autoDeploy="false" xmlValidation="false" xmlNamespaceAware="false">

Install Apache

Actually, Shibboleth IdP can be installed and running only using tomcat server, but in this example, we use tomcat and apache.

No comments: