...
- Red Hat Fedora Core 4 (Linux 2.6.14-1.1656_FC4smp #1 SMP)
- Apache 2.0.54
Protected resources:
- https://computer.ncsa.uiuc.edu/gridshib-ca/
- TestingGridShibCA (internal use only)
The SP providerId:
Note: All NCSA SP providerIds should satisfy the pattern ^https://\(.+\.\)?ncsa\.uiuc\.edu/shibboleth$
Test apache
If apache is not responding, try poking a couple of holes in the firewall:
Code Block |
---|
/sbin/iptables -I RH-Firewall-1-INPUT -p tcp --dport http -j ACCEPT
/sbin/iptables -I RH-Firewall-1-INPUT -p tcp --dport https -j ACCEPT
|
To save this iptables configuration use the following command:
Code Block |
---|
/etc/init.d/iptables save
|
Download/install RPMs
Code Block |
---|
# get all the RPMs:
$ wget -r -l1 --no-parent --no-directories -A.rpm -o log.txt \
http://shibboleth.internet2.edu/downloads/RPMS/i386/fedora/4/ &
# sanity check:
$ rpm -ql --package log4cpp-0.3.5rc1-1.i386.rpm
# install log4cpp:
$ su
$ rpm -ihv log4cpp*
$ rpm -ql log4cpp-0.3.5rc1-1
$ rpm -ql log4cpp-debuginfo-0.3.5rc1-1
$ rpm -ql log4cpp-devel-0.3.5rc1-1
$ rpm -ql log4cpp-docs-0.3.5rc1-1
# install xerces:
$ rpm -ihv xerces*
$ rpm -ql xerces-c-2.6.1-2
$ rpm -ql xerces-c-debuginfo-2.6.1-2
$ rpm -ql xerces-c-devel-2.6.1-2
$ rpm -ql xerces-c-doc-2.6.1-2
$ rpm -ql xerces-c-samples-2.6.1-2
# install xml-security:
$ rpm -ihv xml-security*
$ rpm -ql xml-security-c-1.2.0-1
$ rpm -ql xml-security-c-debuginfo-1.2.0-1
$ rpm -ql xml-security-c-devel-1.2.0-1
$ rpm -ql xml-security-c-docs-1.2.0-1
# install opensaml:
$ rpm -ihv opensaml*
$ rpm -ql opensaml-1.1-5
$ rpm -ql opensaml-debuginfo-1.1-5
$ rpm -ql opensaml-devel-1.1-5
# test opensaml (90% success rate is expected):
$ export SAMLSCHEMAS=/usr/share/xml/opensaml
$ /usr/bin/samltest
Running 10 tests
...
Failed 1 of 10 tests
Success rate: 90%
# install shibboleth:
$ rpm -ihv shibboleth*
error: Failed dependencies:
selinux-policy-targeted-sources is needed by
shibboleth-selinux-policy-targeted-1.3-8.i386
# install selinux-policy-targeted-sources:
$ yum install selinux-policy-targeted-sources
$ rpm -ql selinux-policy-targeted
/etc/selinux
/etc/selinux/targeted
/etc/selinux/targeted/booleans
/etc/selinux/targeted/contexts
/etc/selinux/targeted/contexts/customizable_types
/etc/selinux/targeted/contexts/dbus_contexts
/etc/selinux/targeted/contexts/default_contexts
/etc/selinux/targeted/contexts/default_type
/etc/selinux/targeted/contexts/failsafe_context
/etc/selinux/targeted/contexts/files
/etc/selinux/targeted/contexts/files/file_contexts
/etc/selinux/targeted/contexts/files/file_contexts.homedirs
/etc/selinux/targeted/contexts/files/homedir_template
/etc/selinux/targeted/contexts/files/media
/etc/selinux/targeted/contexts/initrc_context
/etc/selinux/targeted/contexts/port_types
/etc/selinux/targeted/contexts/removable_context
/etc/selinux/targeted/contexts/userhelper_context
/etc/selinux/targeted/contexts/users
/etc/selinux/targeted/contexts/users/root
/etc/selinux/targeted/policy
/etc/selinux/targeted/policy/policy.19
/etc/selinux/targeted/users
/etc/selinux/targeted/users/local.users
/etc/selinux/targeted/users/system.users
/usr/share/man/man8/ftpd_selinux.8.gz
/usr/share/man/man8/httpd_selinux.8.gz
/usr/share/man/man8/kerberos_selinux.8.gz
/usr/share/man/man8/named_selinux.8.gz
/usr/share/man/man8/nfs_selinux.8.gz
/usr/share/man/man8/nis_selinux.8.gz
/usr/share/man/man8/rsync_selinux.8.gz
/usr/share/man/man8/samba_selinux.8.gz
/usr/share/man/man8/ypbind_selinux.8.gz
# try to install shibboleth again:
$ rpm -ihv shibboleth*
cat: /selinux/policyvers: No such file or directory
cat: /selinux/mls: No such file or directory
cat: /selinux/policyvers: No such file or directory
cat: /selinux/mls: No such file or directory
/usr/sbin/load_policy: Warning! unable to get boolean names: No such file or directory
/usr/sbin/load_policy: security_load_policy failed
make: *** [tmp/load] Error 3
# try to update shibboleth:
$ rpm -Uhv shibboleth*
Preparing... ########################################### [100%]
package shibboleth-1.3-8 is already installed
package shibboleth-debuginfo-1.3-8 is already installed
package shibboleth-devel-1.3-8 is already installed
package shibboleth-selinux-policy-targeted-1.3-8 is already installed
# remove shibboleth and selinux:
$ rpm --erase shibboleth-1.3-8 shibboleth-debuginfo-1.3-8 shibboleth-devel-1.3-8 shibboleth-selinux-policy-targeted-1.3-8
$ rpm --erase selinux-policy-targeted-sources
# custom install shibboleth (no selinux):
$ rpm -ihv shibboleth-1.3-8.i386.rpm shibboleth-debuginfo-1.3-8.i386.rpm shibboleth-devel-1.3-8.i386.rpm
$ rpm -ql shibboleth-1.3-8
$ rpm -ql shibboleth-debuginfo-1.3-8
$ rpm -ql shibboleth-devel-1.3-8
# test opensaml (100% success rate is expected):
$ export SAMLSCHEMAS=/usr/share/xml/shibboleth
$ /usr/bin/samltest
Running 10 tests
...
OK!
|
...
If you prefer to install from source, follow these directions: http://shib.kuleuven.be/docs/sp/build-rpms.shtml
Modify httpd.conf
...
Numerous useful test scripts, in a variety of languages: http://shib.kuleuven.be/download/sp/test_scripts/
Set log level="DEBUG"
...
Generate bossie credential
https://bossie.doit.wisc.edu:3443/cert/i2server/csr
Join InQueue
...
Code Block |
---|
# this was done by the RPM:
$ /sbin/chkconfig --add /etc/shibboleth/shibd
# restart shibd:
$ /etc/init.d/shibd status
shibd is stopped
$ /etc/init.d/shibd start
Starting shibd:
$ /etc/init.d/shibd status
shibd (pid 2386) is running...
|
HTML |
---|
<hr <HR></>HR> |
HTML |
---|
...
<A class name="upgrade" |
...
></A> |
HTML |
---|
...
Code Block |
---|
# query old packages:
$ rpm -ql opensaml-1.1-5
$ rpm -ql opensaml-debuginfo-1.1-5
$ rpm -ql opensaml-devel-1.1-5
$ rpm -ql shibboleth-1.3-8
$ rpm -ql shibboleth-debuginfo-1.3-8
$ rpm -ql shibboleth-devel-1.3-8
# backup shibboleth config:
$ tar cvf /tmp/shibboleth-1.3-8.tar /etc/shibboleth/ /etc/init.d/shibd /etc/httpd/conf.d/shib.conf
# get opensaml and shibboleth rpms:
$ cd /tmp
$ wget -r -l1 --no-parent --no-directories -Aopensaml*.rpm -o log.txt http://shibboleth.internet2.edu/downloads/RPMS/i386/fedora/4/ &
$ wget -r -l1 --no-parent --no-directories -Ashibboleth*.rpm -o log.txt http://shibboleth.internet2.edu/downloads/RPMS/i386/fedora/4/ &
# query new packages:
$ rpm -qip opensaml-1.1-6.i386.rpm
$ rpm -qip opensaml-debuginfo-1.1-6.i386.rpm
$ rpm -qip opensaml-devel-1.1-6.i386.rpm
$ rpm -qip shibboleth-1.3-11.i386.rpm
$ rpm -qip shibboleth-debuginfo-1.3-11.i386.rpm
$ rpm -qip shibboleth-devel-1.3-11.i386.rpm
# test new packages:
$ rpm -U --test opensaml-1.1-6.i386.rpm
$ rpm -U --test opensaml-debuginfo-1.1-6.i386.rpm
$ rpm -U --test opensaml-devel-1.1-6.i386.rpm
$ rpm -U --test shibboleth-1.3-11.i386.rpm
$ rpm -U --test shibboleth-debuginfo-1.3-11.i386.rpm
$ rpm -U --test shibboleth-devel-1.3-11.i386.rpm
# stop shibd:
$ /etc/init.d/shibd status
shibd (pid 1712) is running...
$ /etc/init.d/shibd stop
/etc/init.d/shibd stop
# update opensaml:
$ rpm -Uvh opensaml-1.1-6.i386.rpm
$ rpm -Uvh opensaml-debuginfo-1.1-6.i386.rpm
$ rpm -Uvh opensaml-devel-1.1-6.i386.rpm
# test opensaml (90% success rate is expected):
$ export SAMLSCHEMAS=/usr/share/xml/opensaml
$ /usr/bin/samltest
..
Failed 1 of 10 tests
Success rate: 90%
# update shibboleth:
$ rpm -Uvh shibboleth-1.3-11.i386.rpm
$ rpm -Uvh shibboleth-debuginfo-1.3-11.i386.rpm
$ rpm -Uvh shibboleth-devel-1.3-11.i386.rpm
# test opensaml (100% success rate is expected):
$ export SAMLSCHEMAS=/usr/share/xml/shibboleth
$ /usr/bin/samltest
Running 10 tests
...
OK!
# start processes:
$ /etc/init.d/shibd status
shibd is stopped
$ /etc/init.d/shibd start
Starting shibd:
$ /etc/init.d/httpd graceful
|