Shrine SSO runs on three software components: Tomcat, Apache, and Shibboleth.
The following instructions assume that (1) you have installed Shrine, and hence are using Tomcat as your application server, (2) you will install Apache on the same host as Tomcat and (3) you will therefore need to install Shibboleth SP 3 on the same host (Shibboleth will run as an apache module + daemon).
Software Installation
- Tomcat (install as user shrine): You are most likely already running Shrine, and so Tomcat is already installed. If you followed the instructions for installing Shrine you are probably running version 9.0.52 (as per SHRINE 4.0.0 Chapter 5 - Set up Apache Tomcat.). Shrine SSO has been tested with the same Tomcat version.
- The Tomcat home should be
/opt/shrine/tomcat
- The Tomcat home should be
- Apache (install as user root): version 2.4.10 or higher
- Apache version should be 2.4.10 or higher so that the local address request field gets populated for use in the back-end code. (see: https://bz.apache.org/bugzilla/show_bug.cgi?id=56661). If it isn't populated the back-end fails with an NPE when looking for the local address in the request.
- The Apache configuration files should be in
/etc/httpd/
- The Apache document root should be
/var/www/html
(as specified in/etc/httpd/conf/httpd.conf
)
- Shibboleth SP version 3 (install as user root)
- The Shibboleth configuration files should be in
/etc/shibboleth
- The Shibboleth configuration files should be in
Starting and Restarting the Software
The appropriate software must be restarted whenever the configuration is modified.
Tomcat
Restart when server.xml, shrine.conf or override.conf are modified
Starting Tomcat:
sudo -u shrine bash
cd /opt/shrine/tomcat
./bin/startup.sh
To deploy a new WAR file:
sudo -u shrine bash
./bin/shutdown.sh
rm fr ./webapps/shrine api*
cp <Shrine war file> ./webapps
./bin/startup.sh
Shibboleth
Restart when shibboleth2.xml or other Shibboleth configuration files are modified.
sudo -u root bash
service shibd (re)start
Apache
Restart after restarting Shibboleth; or when there is a change in Apache configuration.
sudo -u root bash
service https (re)start