These instructions are for IdPs versions 2.0, 2.1 and 2.2 in the SWITCHaai federation which have been installed using the deployment guides on our website.
The following instructions assume that the latest Shibboleth Identity Provider has been downloaded and extracted in the directory /usr/local/src/shibboleth-identityprovider-x.y.z
.
To clean up, move the previous version of the IdP into /usr/local/src instead of keeping it in /opt.
mv /opt/shibboleth-identityprovider-* /usr/local/srcPlease also take the time to upgrade the OS, Java and Apache Tomcat. The Shibboleth IdP 2.3 runs well on Tomcat 6.
cd /opt/shibboleth-idp tar -cvzf ../shibboleth-idp_config.tar.gz ./conf ./metadata ./credentials
WEB-INF/web.xml
. The IdP version installed on your system may be different from the example (2.2.1) below. The customized pages are located in src/main/webapp/
.
cd /usr/local/src/shibboleth-identityprovider-2.2.1 cp -pr src/main/webapp/* \ /usr/local/src/shibboleth-identityprovider-x.y.z/src/main/webapp/
cp lib/mysql-connector-java-5.1.18-bin.jar \ /usr/local/src/shibboleth-identityprovider-x.y.z/lib/
lib
directory: :
cp /opt/cas-client-X.Y.Z/cas-client-core/target/cas-client-core-X.Y.Z.jar \ /usr/local/src/shibboleth-identityprovider-x.y.z/lib/
endorsed
directory $TOMCAT_HOME/endorsed/
:
rm /usr/share/tomcat6/endorsed/*.jar cp -p /usr/local/src/shibboleth-identityprovider-x.y.z/endorsed/*.jar \ /usr/share/tomcat6/endorsed/
Check the autoDeploy
parameter in /etc/tomcat6/server.xml
. If its value is true, change it to false. Restart tomcat
/etc/init.d/tomcat6 restart
relying-party.xml
has changed since previous versions of the IdP. Please review and adapt your relying-party.xml
. In particular check Section 11.1.2, Metadata Trust Configuration in the documentation for the changes.
cp /opt/uApprove-2.x/lib/* /usr/local/src/shibboleth-identityprovider-x.y.z/lib/
cd /usr/local/src/shibboleth-identityprovider-x.y.z ./install.sh Buildfile: src/installer/resources/build.xml install: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Be sure you have read the installation/upgrade instructions on the Shibboleth website before proceeding. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Where should the Shibboleth Identity Provider software be installed? [/opt/shibboleth-idp] The directory '/opt/shibboleth-idp' already exists. Would you like to overwrite this Shibboleth configuration? (yes, [no]) no (further output omitted)
Set appropriate ownership and permissions for the files in
/opt/shibboleth-idp/
.
cd /opt/shibboleth-idp chown -R tomcat6 logs metadata chgrp -R tomcat6 conf credentials logs metadata war lib chown tomcat6 conf/attribute-filter.xml chmod 664 conf/attribute-filter.xml chmod 755 lib war chmod 755 conf credentials chmod 640 conf/logging.xml chmod 640 conf/attribute-resolver.xml chmod 644 conf/attribute-filter.xml chmod 755 logs metadata