Shrine SSO runs on three software components: Tomcat, Apache, and Shibboleth.
It is assumed that you are running the CentOS 7 operating system (which is recommended for Shrine).
The following instructions further assume that (1) you have installed Shrine, and hence are using Tomcat as your application server, (2) you will install Apache on the same host as Tomcat and (3) you will therefore install Shibboleth SP 3 on the same host as well, since Shibboleth runs as an apache module + daemon).
Tomcat (install as user shrine): You are running Shrine, and so Tomcat is already installed. If you followed the instructions for installing Shrine you are running version 9.0.52 (as per SHRINE 4.0.0 Chapter 5 - Set up Apache Tomcat). Shrine SSO has been tested with the same Tomcat version.
The Tomcat home should be
Prepare for Apache Installation
Enable more recent version of apache (which are not available as yum packages):
Create a file called "
codeit.repo" and place it in
In this file put the following:
Prepare for Shibboleth Installation
Create file named
in it, put:
Install Apache, mod_ssl and Shibboleth:
Note: Apache version should be 2.4.10 or higher so that the local address request field gets populated for use in the back-end code. (see: https://bz.apache.org/bugzilla/show_bug.cgi?id=56661). If it isn't populated the back-end fails with an NPE when looking for the local address in the request.
Install Key and Certificate in Apache
- acquire a TLS certificate from your CA (certificate authority) of choice; letsencrypt.org is a popular free option
- upload (via ftp, scp, or similar) your private key and certificate files and enable them in Apache as described here
The Apache configuration files should be in
The Apache document root should be
/var/www/html (as specified in
The Shibboleth configuration files should be in
The Tomcat configuration files should be in
Fast forward: SHRINE 4.1.0 Appendix A.2 - Quick Configuration