Shrine SSO runs on three software components: Tomcat, Apache, and Shibboleth.
It is assumed that you are running the CentOS 7 operating system (which is recommended for Shrine).
The following instructions further assume that (1) you have installed Shrine, and hence are using Tomcat as your application server, (2) you will install Apache on the same host as Tomcat and (3) you will therefore install Shibboleth SP 3 on the same host as well, since Shibboleth runs as an apache module + daemon).
Software Installation
Tomcat
Tomcat (install as user shrine): You are running Shrine, and so Tomcat is already installed. If you followed the instructions for installing Shrine you are running version 9.0.52 (as per SHRINE 4.0.0 Chapter 5 - Set up Apache Tomcat). Shrine SSO has been tested with the same Tomcat version.
The Tomcat home should be /opt/shrine/tomcat
Prepare for Apache Installation
Enable more recent version of apache (which are not available as yum packages):
Create a file called "codeit.repo
" and place it in /etc/yum.repos.d
In this file put the following:
[CodeIT] name=CodeIT repo for newer httpd versions baseurl=https://repo.codeit.guru/packages/centos/7/$basearch enabled=1 gpgkey=https://repo.codeit.guru/RPM-GPG-KEY-codeit gpgcheck=1
Prepare for Shibboleth Installation
Create file named shibboleth.repo
in /etc/yum.repos.d/
in it, put:
[shibboleth] name=Shibboleth (CentOS_7) # Please report any problems to https://shibboleth.atlassian.net/jira type=rpm-md mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/CentOS_7 gpgcheck=1 gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key enabled=1
Install Apache, mod_ssl and Shibboleth:
Note: Apache version should be 2.4.10 or higher so that the local address request field gets populated for use in the back-end code. (see: https://bz.apache.org/bugzilla/show_bug.cgi?id=56661). If it isn't populated the back-end fails with an NPE when looking for the local address in the request.
yum install httpd-2.4.54-1.codeit.el7 mod_ssl-1:2.4.54-1.codeit.el7 shibboleth-3.3.0-1
Install Key and Certificate in Apache
- acquire a TLS certificate from your CA (certificate authority) of choice; letsencrypt.org is a popular free option
- upload (via ftp, scp, or similar) your private key and certificate files and enable them in Apache as described here
Verify Installation
The Apache configuration files should be in /etc/httpd/
The Apache document root should be /var/www/html
(as specified in /etc/httpd/conf/httpd.conf
)
The Shibboleth configuration files should be in /etc/shibboleth
The Tomcat configuration files should be in /opt/shrine/tomcat/conf
and /opt/shrine/tomcat/lib
Next Step:
Fast forward: SHRINE 4.0.0 Appendix A.2 - Quick Configuration
or
SHRINE 4.0.0 Appendix A.3 - More Details : Shibboleth Configuration