Changes between Version 3 and Version 4 of idpiam2018
- Timestamp:
- Sep 3, 2018, 7:59:38 AM (6 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
idpiam2018
v3 v4 24 24 25 25 3. Define the costants `JAVA_HOME` and `IDP_SRC` inside `/etc/environment`: 26 26 * 27 27 {{{ 28 28 update-alternatives --config java 29 29 }}} 30 30 (copy the path without /bin/java) 31 31 * 32 32 {{{ 33 33 vim /etc/environment``` … … 37 37 IDP_SRC=/usr/local/src/shibboleth-identity-provider-3.3.2 38 38 }}} 39 39 * 40 40 {{{ 41 41 source /etc/environment 42 42 }}} 43 43 * 44 44 {{{ 45 45 export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64 46 46 }}} 47 47 * 48 48 {{{ 49 49 export IDP_SRC=/usr/local/src/shibboleth-identity-provider-3.3.2 … … 51 51 52 52 4. Configure '''/etc/default/tomcat8''': 53 53 * 54 54 {{{ 55 55 update-alternatives --config java 56 56 }}} 57 57 (copy the path without /bin/java) 58 58 * 59 59 {{{ 60 60 update-alternatives --config javac 61 61 }}} 62 62 * 63 63 {{{ 64 64 vim /etc/default/tomcat8 … … 76 76 77 77 5. Download the Shibboleth Identity Provider v3.3.2: 78 78 * 79 79 {{{ 80 80 cd /usr/local/src 81 81 }}} 82 82 * 83 83 {{{ 84 84 wget http://shibboleth.net/downloads/identity-provider/3.3.2/shibboleth-identity-provider-3.3.2.tar.gz 85 85 }}} 86 86 * 87 87 {{{ 88 88 tar -xzvf shibboleth-identity-provider-3.3.2.tar.gz 89 89 }}} 90 90 * 91 91 {{{ 92 92 cd shibboleth-identity-provider-3.3.2 … … 95 95 96 96 6. Generate Passwords for later use in the installation 97 97 * 98 98 {{{ 99 99 tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' </dev/urandom | dd bs=32 count=1 2>/dev/null;echo … … 103 103 104 104 7. Run the installer `install.sh` to install Shibboleth Identity Provider v3.3.2: 105 105 * 106 106 {{{ 107 107 ./bin/install.sh … … 125 125 126 126 8. Import the JST libraries to visualize the IdP `status` page: 127 127 * 128 128 {{{ 129 129 cd /opt/shibboleth-idp/edit-webapp/WEB-INF/lib 130 130 }}} 131 131 * 132 132 {{{ 133 133 wget https://build.shibboleth.net/nexus/service/local/repositories/thirdparty/content/javax/servlet/jstl/1.2/jstl-1.2.jar 134 134 }}} 135 135 * 136 136 {{{ 137 137 cd /opt/shibboleth-idp/bin ; ./build.sh -Didp.target.dir=/opt/shibboleth-idp … … 139 139 140 140 9. Change the owner to enable '''tomcat8''' user to access on the following directories: 141 141 * 142 142 {{{ 143 143 chown -R tomcat8 /opt/shibboleth-idp/logs/ 144 144 }}} 145 145 * 146 146 {{{ 147 147 chown -R tomcat8 /opt/shibboleth-idp/metadata/ 148 148 }}} 149 149 * 150 150 {{{ 151 151 chown -R tomcat8 /opt/shibboleth-idp/credentials/ 152 152 }}} 153 153 * 154 154 {{{ 155 155 chown -R tomcat8 /opt/shibboleth-idp/conf/ … … 160 160 161 161 10. Disable default apache configuration: 162 162 * 163 163 {{{ 164 164 a2dissite 000-default … … 166 166 167 167 11. Create a new configuration file as `idp.conf` with the following: 168 168 * 169 169 {{{ 170 170 vim /etc/apache2/site-available/idp.conf 171 171 }}} 172 173 172 {{{ 174 173 <VirtualHost *:80> … … 178 177 </VirtualHost> 179 178 }}} 180 181 Enable Apache2 modules: 182 * 179 Enable Apache2 modules: 180 * 183 181 {{{ 184 182 a2enmod proxy_http ssl headers alias include negotiation 185 183 }}} 186 Restart the Apache service: 184 Restart the Apache service: 185 * 187 186 {{{ 188 187 service apache2 restart 189 188 }}} 190 189 190 191 191 12. Install Letsencrypt and enable HTTPS: 192 193 * 192 * 194 193 {{{ 195 194 add-apt-repository ppa:certbot/certbot 196 195 }}} 197 196 * 198 197 {{{ 199 198 apt install python-certbot-apache 200 199 }}} 201 200 * 202 201 {{{ 203 202 certbot --apache -d idp.YOUR-DOMAIN … … 254 253 255 254 13. (OPTIONAL) If you haven't follow the letsencrypt method Create a Certificate and a Key self-signed for HTTPS 256 255 * 257 256 {{{ 258 257 mkdir /root/certificates 259 258 }}} 260 259 * 261 260 {{{ 262 261 openssl req -x509 -newkey rsa:4096 -keyout /root/certificates/idp-key-server.key -out /root/certificates/idp-cert-server.crt -nodes -days 1095 … … 264 263 If you purchased SSL certificates from a Public CA, move the Certificate and the Key file for HTTPS server to `/root/certificates`: 265 264 266 265 * 267 266 {{{ 268 267 mv /location-to-crts/idp-cert-server.crt /root/certificates 269 268 }}} 270 269 * 271 270 {{{ 272 271 mv /location-to-crts/idp-key-server.key /root/certificates 273 272 }}} 274 273 * 275 274 {{{ 276 275 mv /location-to-crts/PublicCA.crt /root/certificates … … 279 278 Then, 280 279 281 280 * 282 281 {{{ 283 282 chmod 400 /root/certificates/idp-key-server.key 284 283 }}} 285 284 * 286 285 {{{ 287 286 chmod 644 /root/certificates/idp-cert-server.crt 288 287 }}} 289 288 * 290 289 {{{ 291 290 chmod 644 /root/certificates/PublicCA.crt … … 329 328 }}} 330 329 Enable '''proxy_http''', '''SSL''' and '''headers''' Apache2 modules: 331 330 * 332 331 {{{ 333 332 a2enmod proxy_http ssl headers alias include negotiation 334 333 }}} 335 334 * 336 335 {{{ 337 336 a2ensite idp-ssl.conf 338 337 }}} 339 338 * 340 339 {{{ 341 340 service apache2 restart … … 343 342 344 343 Configure Apache2 to redirect all on HTTPS: 345 344 * 346 345 {{{ 347 346 vim /etc/apache2/sites-enabled/000-default.conf … … 359 358 360 359 14. Modify `server.xml`: 361 360 * 362 361 {{{ 363 362 vim /etc/tomcat8/server.xml
