Rozdíly

Zde můžete vidět rozdíly mezi vybranou verzí a aktuální verzí dané stránky.

--- en:tech:idp [2016/11/23 17:49]
jop@cesnet.cz [Installation and Configuration] grammar
+++ en:tech:idp [2017/02/10 07:02]
@@ Řádek 1: / Řádek 1: @@
-====== Shibboleth Identity Provider Installation Guide ======
-===== Introduction =====
-This guide describes [[https://wiki.shibboleth.net/confluence/display/IDP30/Home|Shibboleth IdP 3]] installation and configuration for the needs of members of the Czech Academic Identity Federation [[:en:index|eduID.cz]]. The guide is written in a step by step manner, however, it is intended for administrators experienced with a UNIX shell (individual components installation) and XML language (Shibboleth IdP configuration).
-In [[http://www.cesnet.cz/|CESNET]] association, we run our IdP on 64bit linux distribution [[https://www.debian.org/|Debian]] 8 (Jessie), so this guide is meant for it. Nevertheless, if you are an experienced linux administrator, you can use this guide with minor tweaks even if you prefer other distributions such as [[http://www.redhat.com/en/technologies/linux-platforms/enterprise-linux|Red Hat Enterprise Linux]], [[http://centos.org/|CentOS]], etc.
-**Please, read all the information carefully.** If there is a mistake, inaccuracy or something you find wrong, please contact me on my e-mail address [[jan.oppolzer@cesnet.cz]]. Thank you.
-===== System Requirements =====
-To run a Shibboleth IdP, it might be employed a physical or virtual machine (VMware, XEN, KVM, OpenVZ, etc.). The machine should be equipped with **at least** the following:
-  * **2GB RAM**
-  * **10GB HDD**
-It is very important that the machine has **accurate time**. SAML messages contain time stamps which are inspected, so if time is out of sync, authentization might not work. It is higly recommended to install an NTP client when installing a Shibboleth IdP on a physical machine (an NTP client installation is out of scope of this guide). In case of installing on a virutal machine, asking the virtualization platform administrator about time synchronization is a good idea.
-The utilities listed below are recommended or even necessary for a Shibboleth IdP installation and configuration using this guide. Except ''pwgen'', they are all installed automatically during minimal Debian 8 (Jessie) installation:
-  * tar,
-  * gzip,
-  * unzip,
-  * wget,
-  * openssl,
-  * vi (vim, nano, pico, joe or any other text editor have to be installed manually),
-  * pwgen (generates random passwords; not necessary, only recommended; have to be installed manually).
-===== Recommended Server Software =====
-Shibboleth IdP is a Java-based web application, so it demands Java programming language, a servlet container and a web server. Although it is still possible to use Apache HTTP server as a web server and Apache Tomcat as a servlet container (as in Shibboleth IdP 2 case), we think it is better to stick to Shibboleth consortium recommendation and use [[http://www.eclipse.org/jetty/|Jetty]] as the servlet container as well as the HTTP server.
-This guide employs the following software:
-  * Oracle JDK with JCE (Java Cryptography Extension)
-  * Jetty
-  * Shibboleth Identity Provider
-===== Installation and Configuration =====
-Installation and configuration instructions are separated into three individual steps taking care of installation and configuration of the three following components:
-  - [[en:tech:idp:java|Java]]
-  - [[en:tech:idp:jetty|Jetty]]
-  - [[en:tech:idp:shibboleth|Shibboleth IdP]]
-The three parts listed above are logically sequential, so proceeding chronologically is recommended.

Rozdíly

Links

Contact

Service desk