Shibboleth IDP 3.2.1 Apache Tomcat Installation
2016-11-10 00:00
106 查看
摘要: Shibboleth IDP 3.2.1 Apache Tomcat Installation process
今天把shibboleth的安装过程总结一下.
1.下载IDP并解压安装包:
wget http://shibboleth.net/downloads/identity-provider/3.2.1/shibboleth-identity-provider-3.2.1.tar.gz
tar xzvf shibboleth-identity-provider-3.2.1.tar.gz
解压出来的文件夹为${SIDP_INSTALLATION_HOME} (SIDP为shibboleth identity provider缩写)
本文中"${}"的环境变量请根据实际情况自行替换
2.安装配置SIDP
${SHIBBOLETH_INSTALLATION_HOME}/install.sh
Source (Distribution) Directory: [/tmp/shibboleth-identity-provider-3.2.1] //默认(直接回车)
Installation Directory: [/opt/shibboleth-idp] //默认${SIDP_HOME}
Hostname: [62b77edfa656.localdomain]
sidp //sdip作为主机名
SAML EntityID: [https://sidp/idp/shibboleth] //默认
Attribute Scope: [localdomain]
Backchannel PKCS12 Password: //${PKCS12_PASSWORD}
Re-enter password:
Cookie Encryption Key Password: //cookie password
Re-enter password:
Warning: /opt/shibboleth-idp/bin does not exist.
Warning: /opt/shibboleth-idp/dist does not exist.
Warning: /opt/shibboleth-idp/doc does not exist.
Warning: /opt/shibboleth-idp/system does not exist.
Warning: /opt/shibboleth-idp/webapp does not exist.
Generating Signing Key, CN = sidp URI = https://sidp/idp/shibboleth ...
...done
Creating Encryption Key, CN = sidp URI = https://sidp/idp/shibboleth ...
...done
Creating Backchannel keystore, CN = sidp URI = https://sidp/idp/shibboleth ...
...done
Creating cookie encryption key files...
...done
Rebuilding /opt/shibboleth-idp/war/idp.war ...
...done
BUILD SUCCESSFUL
Total time: 36 seconds
设置idp server访问控制策略(默认本机可访问)
修改${SIDP_HOME}/conf/access-control.xml
<util:map id="shibboleth.AccessControlPolicies">
<entry key="AccessByIPAddress">
<bean parent="shibboleth.IPRangeAccessControl"
p:allowedRanges="#{ {'127.0.0.1/32', '::1/128', '10.1.30.50/32', '10.1.10.20/32'} }" /> //增加可访问的ip10.1.30.50和10.1.10.20
</entry>
</util:map>
3.下载并准备tomcat (本实验在tomcat 8.5.6)
wget http://apache.fayea.com/tomcat/tomcat-8/v8.5.6/bin/apache-tomcat-8.5.6.tar.gz
tar xzvf apache-tomcat-8.5.6.tar.gz 解压出来的文件夹即为 ${TOMCAT_HOME}
修改 ${TOMCATHOME}/conf/server.xml
添加,或解除注释并修改https配置
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="want" keystoreFile="${SIDP_HOME}/credentials/idp-backchannel.p12"
keystorePass="${PKCS12_PASSWORD}" keystoreType="PKCS12" trustManagerClassName="net.shibboleth.utilities.ssl.TrustAnyCertificate" />
添加${TOMCATHOME}/conf/Catalina/localhost/idp.xml(路径不存在自行建立mkdir -p ${TOMCATHOME}/conf/Catalina/localhost)
<Context docBase="${SIDP_HOME}/war/idp.war"
privileged="true"
antiResourceLocking="false"
swallowOutput="true" />
添加jstl依赖
如果${TOMCAT_HOME}/lib没有jstl-1.2.jar则下载该jar包并放入${TOMCAT_HOME}/lib下
wget http://central.maven.org/maven2/javax/servlet/jstl/1.2/jstl-1.2.jar
添加idp-ssl依赖
下载trustany-ssl-1.0.0.jar并放入${TOMCAT_HOME}/lib下
wget https://build.shibboleth.net/nexus/service/local/repositories/releases/content/net/shibboleth/utilities/trustany-ssl/1.0.0/trustany-ssl-1.0.0.jar
4.启动并验证
${TOMCAT_HOME}/bin/startup.sh
打开浏览器访问 http://localhost:8080/idp/status(tomcat使用默认端口)
页面显示如下信息表示成功:
### Operating Environment Information operating_system: Linux operating_system_version: 3.13.0-74-generic operating_system_architecture: amd64 jdk_version: 1.8.0_102 ...
Reference:
https://wiki.shibboleth.net/confluence/display/IDP30/ApacheTomcat8
QA:
1.Web Login Service - Access Denied
正确添加可访问的主机地址,详见文中${SIDP_HOME}/conf/access-control.xml配置
http://stackoverflow.com/questions/33882791/web-login-service-access-denied-shibboleth-idp-3
2.Found error java.lang.ClassNotFoundException: net.shibboleth.utilities.ssl.TrustAnyCertificate
${TOMCAT_HOME}/lib下缺少trustany-ssl-1.0.0.jar
http://stackoverflow.com/questions/29958462/shibboleth-idp-installation-on-tomcat-8-found-error-java-lang-classnotfoundexc
今天把shibboleth的安装过程总结一下.
1.下载IDP并解压安装包:
wget http://shibboleth.net/downloads/identity-provider/3.2.1/shibboleth-identity-provider-3.2.1.tar.gz
tar xzvf shibboleth-identity-provider-3.2.1.tar.gz
解压出来的文件夹为${SIDP_INSTALLATION_HOME} (SIDP为shibboleth identity provider缩写)
本文中"${}"的环境变量请根据实际情况自行替换
2.安装配置SIDP
${SHIBBOLETH_INSTALLATION_HOME}/install.sh
Source (Distribution) Directory: [/tmp/shibboleth-identity-provider-3.2.1] //默认(直接回车)
Installation Directory: [/opt/shibboleth-idp] //默认${SIDP_HOME}
Hostname: [62b77edfa656.localdomain]
sidp //sdip作为主机名
SAML EntityID: [https://sidp/idp/shibboleth] //默认
Attribute Scope: [localdomain]
Backchannel PKCS12 Password: //${PKCS12_PASSWORD}
Re-enter password:
Cookie Encryption Key Password: //cookie password
Re-enter password:
Warning: /opt/shibboleth-idp/bin does not exist.
Warning: /opt/shibboleth-idp/dist does not exist.
Warning: /opt/shibboleth-idp/doc does not exist.
Warning: /opt/shibboleth-idp/system does not exist.
Warning: /opt/shibboleth-idp/webapp does not exist.
Generating Signing Key, CN = sidp URI = https://sidp/idp/shibboleth ...
...done
Creating Encryption Key, CN = sidp URI = https://sidp/idp/shibboleth ...
...done
Creating Backchannel keystore, CN = sidp URI = https://sidp/idp/shibboleth ...
...done
Creating cookie encryption key files...
...done
Rebuilding /opt/shibboleth-idp/war/idp.war ...
...done
BUILD SUCCESSFUL
Total time: 36 seconds
设置idp server访问控制策略(默认本机可访问)
修改${SIDP_HOME}/conf/access-control.xml
<util:map id="shibboleth.AccessControlPolicies">
<entry key="AccessByIPAddress">
<bean parent="shibboleth.IPRangeAccessControl"
p:allowedRanges="#{ {'127.0.0.1/32', '::1/128', '10.1.30.50/32', '10.1.10.20/32'} }" /> //增加可访问的ip10.1.30.50和10.1.10.20
</entry>
</util:map>
3.下载并准备tomcat (本实验在tomcat 8.5.6)
wget http://apache.fayea.com/tomcat/tomcat-8/v8.5.6/bin/apache-tomcat-8.5.6.tar.gz
tar xzvf apache-tomcat-8.5.6.tar.gz 解压出来的文件夹即为 ${TOMCAT_HOME}
修改 ${TOMCATHOME}/conf/server.xml
添加,或解除注释并修改https配置
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="want" keystoreFile="${SIDP_HOME}/credentials/idp-backchannel.p12"
keystorePass="${PKCS12_PASSWORD}" keystoreType="PKCS12" trustManagerClassName="net.shibboleth.utilities.ssl.TrustAnyCertificate" />
添加${TOMCATHOME}/conf/Catalina/localhost/idp.xml(路径不存在自行建立mkdir -p ${TOMCATHOME}/conf/Catalina/localhost)
<Context docBase="${SIDP_HOME}/war/idp.war"
privileged="true"
antiResourceLocking="false"
swallowOutput="true" />
添加jstl依赖
如果${TOMCAT_HOME}/lib没有jstl-1.2.jar则下载该jar包并放入${TOMCAT_HOME}/lib下
wget http://central.maven.org/maven2/javax/servlet/jstl/1.2/jstl-1.2.jar
添加idp-ssl依赖
下载trustany-ssl-1.0.0.jar并放入${TOMCAT_HOME}/lib下
wget https://build.shibboleth.net/nexus/service/local/repositories/releases/content/net/shibboleth/utilities/trustany-ssl/1.0.0/trustany-ssl-1.0.0.jar
4.启动并验证
${TOMCAT_HOME}/bin/startup.sh
打开浏览器访问 http://localhost:8080/idp/status(tomcat使用默认端口)
页面显示如下信息表示成功:
### Operating Environment Information operating_system: Linux operating_system_version: 3.13.0-74-generic operating_system_architecture: amd64 jdk_version: 1.8.0_102 ...
Reference:
https://wiki.shibboleth.net/confluence/display/IDP30/ApacheTomcat8
QA:
1.Web Login Service - Access Denied
正确添加可访问的主机地址,详见文中${SIDP_HOME}/conf/access-control.xml配置
http://stackoverflow.com/questions/33882791/web-login-service-access-denied-shibboleth-idp-3
2.Found error java.lang.ClassNotFoundException: net.shibboleth.utilities.ssl.TrustAnyCertificate
${TOMCAT_HOME}/lib下缺少trustany-ssl-1.0.0.jar
http://stackoverflow.com/questions/29958462/shibboleth-idp-installation-on-tomcat-8-found-error-java-lang-classnotfoundexc
相关文章推荐
- eclipes 集成tomcat时 The Apache Tomcat installation at this directory is version 8.5.6
- The Apache Tomcat installation at this directory is version 8.5.6A Tomcat 8.0 installation is expec
- tomcat版本换了报错:报错:The Apache Tomcat installation at this directory is version 8.5.6. A Tomcat 8.0 ins
- Eclipse添加tomcat出现 The Apache Tomcat installation at this directory is version 8.5.6. A Tomcat 8.0 in
- The Apache Tomcat installation at this directory is version 8.5.20 Tomcat 8.0 installation is expe
- eclipse中添加tomcat8:The Apache Tomcat installation at this directory is version 8.5.13. A Tomcat 8.0 i
- The Apache Tomcat installation at this directory is version 8.5.6A Tomcat 8.0
- The Apache Tomcat installation at this directory is version 8.5.6A Tomcat 8.0 installation is expect
- Windows-Eclipse-Tomcat8报错:The Apache Tomcat installation at this directory is version 8.5.28.
- The Apache Tomcat installation at this directory is version 9.0.2. A Tomcat 8.0 installation is exp
- The Apache Tomcat installation at this directory is version 8.5.24 Tomcat 8.0 installation is expec
- The Apache Tomcat installation at this directory is version 8.5.6. A Tomcat 8.0 installation is expe
- 报错:The Apache Tomcat installation at this directory is version 8.5.27. A Tomcat 8.0 installation is
- Tomcat异常之The Apache Tomcat installation at this directory is version 8.5.6A Tomcat 8.0 installation
- 在eclipse中安装tomcat8.5时,报错:The Apache Tomcat installation at this directory is version 8.5.6. A Tomca
- Installation Guide of ArcIMS9.1 with Tomcat 5.0.28 and Apache 2.0.48
- eclipse 配置tomcat8 报错:The Apache Tomcat installation at this directory is version 8.5.14. A Tomcat 8
- Eclipse添加tomcat出现 The Apache Tomcat installation at this directory is version 8.5.6. A Tomcat 8.0 in
- eclipse中添加tomcat8:The Apache Tomcat installation at this directory is version 8.5.11. A Tomcat 8.0 i
- Shibboleth IDP 的安装和部署配置步骤(Tomcat部署)