Back to the installation guide

2018-05-16 Guide updated for IdPv3.3.3 (affects download links only)

2018-04-18 Bug fixed in attribute-resolver-interfederation-core.xml for schac:homeOrganizationType values higherEducationalInstitution and educationalInstitution

2017-10-05: Adds step 4) to replace pc: prefix occurances in the XML Namespace Cleanup in Attribute Resolution Configuration section.

2017-10-04: Guide updated for IdPv3.3.2

2017-06-08: New link to LDIF files in the Attribute resolution configuration section.

2017-04-21: New Note in Upgrading from version 3.2.x to 3.3.x that update overwrites system/messages

2017-03-20: Guide updated for IdPv3.3.1

  • The guide now covers IdPv3.3.1
  • Fixes the path for the message translations for IdPv3.3.x. These messages_XX.properties files need to go into /opt/shibboleth-idp/messages/ directory. In the earlier proposed system/messages directory they get overwritten the next time you run the installer!

2017-02-23: Guide updated for IdPv3.3

2016-06-02: Explicit choice of language in the login form

2016-12-20: HTML encoding fixed to correctly display code snippets in pop-up windows

  • Code snippets displayed in pop-up windows were not always correct since pop-up windows do not evaluate JavaScript.

2016-06-02: Explicit choice of language in the login form

  • A new reference in 'Login form customization' points to the details in the Shibboleth Wiki on how to switch locale.

2016-06-02: Messages Translation upgraded to an own chapter

  • Messages Translation was only a section in 'Login form customization', now it is an own chapter.

2016-05-24: Remove two IP addresses from shibboleth.IPRangeAccessControl

  • The two IP addresses of the former Resource Registry were removed from the shibboleth.IPRangeAccessControl bean.

2016-05-18: Fixed two broken links

  • Two links pointing to the Shibboleth Wiki were fixed since the pages they were pointing to moved.

2016-03-04: Translation messages

  • An example was added to show how to adapt your translation messages.

2016-03-04: A note about Java8 and Tomcat8

  • We added links to the shibwiki in case you need to install Tomcat 8 and Java 8.

2016-02-24: Available RAM size dynamically suggests Tomcat Memory configuration

  • Available RAM size is a new setup input field. Its value affects the suggested JAVA_OPTS setting for Tomcat.

2016-02-23: New section on Final Tests

  • Test whether your IdP properly responds to SAML Attribute Queries.

2016-02-11: Apache Configuration enhanced

  • In the Apache Configuration, the X-Frame-Options DENY was added to prevent iframe embedding and HTTP Strict Transport Security (HSTS) was enabled.

2015-12-22: Update for 3.2.1 release

  • The updated template for consent-intercept-config.xml makes use of the newly introduced AttributeDisplayOrder list.

2015-12-17: Reorganise 3.1 to 3.2 upgrade procedure

  • Rearranged upgrade instructions so that those that require the IdP to be stopped (database migration) are grouped at the end.
  • Added explicit mention of when Tomcat should be stopped.
  • Fixed database migration SQL commands to preserve constraints on the storagerecords table.

2015-12-07: PostgreSQL

  • In addition to the daily PostgreSQL backup, we added a second cron entry which creates an hourly backup additionally.

2015-11-27: We improved the guide for version 3.2 with the following changes:

  • Change of the PostgreSQL Database structure and provide a script to migration to the new DB structure
  • In idp.properties, the auto-generated metadata under the URL of the IdP's entity ID is disabled
  • AttributeFilter: change to the new syntax in idp.properties
  • attribute-resolver-other.xml was added to the standard configuration. All attributes but eduPersonEntitlement with the common-lib-terms value are commented out by default.
  • persistendID: we no longer need to detour the additional attribute definition for swissEduPersonUniqueID.withoutAttributeEncoder
  • saml-name-id.properties: we replaced idp.persistentId.store with the new property idp.persistentId.dataSource
  • attribute-resolver-connectors.xml: the bug with the random-salt is fixed, so the work-around can be removed
  • New consent-intercept-config.xml file with a defined ordering for the attribute release consent dialog as well as an an extended blacklist that covers also the usually cryptic unique identifiers.

2015-11-10: PostgreSQL

  • To avoid problems with data loss when running vacuumlo: Change of the database structure, large objects are no longer needed