Zde můžete vidět rozdíly mezi vybranou verzí a aktuální verzí dané stránky.
en:tech:idp [2016/11/23 17:49] jop@cesnet.cz [Installation and Configuration] grammar |
en:tech:idp [2017/02/10 07:02] |
||
---|---|---|---|
Řádek 1: | Řádek 1: | ||
- | ====== Shibboleth Identity Provider Installation Guide ====== | ||
- | |||
- | ===== Introduction ===== | ||
- | |||
- | This guide describes [[https://wiki.shibboleth.net/confluence/display/IDP30/Home|Shibboleth IdP 3]] installation and configuration for the needs of members of the Czech Academic Identity Federation [[:en:index|eduID.cz]]. The guide is written in a step by step manner, however, it is intended for administrators experienced with a UNIX shell (individual components installation) and XML language (Shibboleth IdP configuration). | ||
- | |||
- | In [[http://www.cesnet.cz/|CESNET]] association, we run our IdP on 64bit linux distribution [[https://www.debian.org/|Debian]] 8 (Jessie), so this guide is meant for it. Nevertheless, if you are an experienced linux administrator, you can use this guide with minor tweaks even if you prefer other distributions such as [[http://www.redhat.com/en/technologies/linux-platforms/enterprise-linux|Red Hat Enterprise Linux]], [[http://centos.org/|CentOS]], etc. | ||
- | |||
- | **Please, read all the information carefully.** If there is a mistake, inaccuracy or something you find wrong, please contact me on my e-mail address [[jan.oppolzer@cesnet.cz]]. Thank you. | ||
- | |||
- | ===== System Requirements ===== | ||
- | |||
- | To run a Shibboleth IdP, it might be employed a physical or virtual machine (VMware, XEN, KVM, OpenVZ, etc.). The machine should be equipped with **at least** the following: | ||
- | |||
- | * **2GB RAM** | ||
- | * **10GB HDD** | ||
- | |||
- | It is very important that the machine has **accurate time**. SAML messages contain time stamps which are inspected, so if time is out of sync, authentization might not work. It is higly recommended to install an NTP client when installing a Shibboleth IdP on a physical machine (an NTP client installation is out of scope of this guide). In case of installing on a virutal machine, asking the virtualization platform administrator about time synchronization is a good idea. | ||
- | |||
- | The utilities listed below are recommended or even necessary for a Shibboleth IdP installation and configuration using this guide. Except ''pwgen'', they are all installed automatically during minimal Debian 8 (Jessie) installation: | ||
- | |||
- | * tar, | ||
- | * gzip, | ||
- | * unzip, | ||
- | * wget, | ||
- | * openssl, | ||
- | * vi (vim, nano, pico, joe or any other text editor have to be installed manually), | ||
- | * pwgen (generates random passwords; not necessary, only recommended; have to be installed manually). | ||
- | |||
- | ===== Recommended Server Software ===== | ||
- | |||
- | Shibboleth IdP is a Java-based web application, so it demands Java programming language, a servlet container and a web server. Although it is still possible to use Apache HTTP server as a web server and Apache Tomcat as a servlet container (as in Shibboleth IdP 2 case), we think it is better to stick to Shibboleth consortium recommendation and use [[http://www.eclipse.org/jetty/|Jetty]] as the servlet container as well as the HTTP server. | ||
- | |||
- | This guide employs the following software: | ||
- | |||
- | * Oracle JDK with JCE (Java Cryptography Extension) | ||
- | * Jetty | ||
- | * Shibboleth Identity Provider | ||
- | |||
- | ===== Installation and Configuration ===== | ||
- | |||
- | Installation and configuration instructions are separated into three individual steps taking care of installation and configuration of the three following components: | ||
- | |||
- | - [[en:tech:idp:java|Java]] | ||
- | - [[en:tech:idp:jetty|Jetty]] | ||
- | - [[en:tech:idp:shibboleth|Shibboleth IdP]] | ||
- | |||
- | The three parts listed above are logically sequential, so proceeding chronologically is recommended. | ||