Wiki Markup |
---|
# Configure the system to use Apache 2.2.x, according to other pages on this wiki. |
...
# Check that the install of OpenSSL has the development extensions. If the system received a custom build of OpenSSL, there will be a /usr/local/ssl directory, and this step can be skipped. |
...
## Check the rpmlogs for openssl-devel. Install it if it is missing. |
...
{code |
...
} grep openssl-devel /var/log/rpmpkgs yum install openssl-devel |
...
{code} # Download the source code tarball and build script from either Trogdor or the /mit/webauth/shibboleth/source webauth Athena locker. |
...
## Download from Aether: |
...
{code |
...
} cd /home/www/tmp scp $troguser@trogdor.mit.edu:/opt/software-repository-tmp/Touchstone/shibboleth-sp-1.3.1-sources.tgz . |
...
{code} ## Download for the webauth Athena locker: {code} cd /home/www/tmp scp athena.dialup.mit.edu:/mit/webauth/shibboleth/source/shibboleth-sp-1.3.1-sources.tgz . |
...
{code} # Make certain that the correct version of apxs from httpd-devel packages are installed. |
...
#* If apxs is not in /home/www/apache/bin, install it from rpm: |
...
{code |
...
} yum install httpd-devel |
...
{code} # Create a Shibboleth build directory, unpack the tarball into it, and run the build script. #* If Apache was built locally: {code} mkdir /home/www/tmp/shibboleth-build-directory cd /home/www/tmp/shibboleth-build-directory tar -xzvf /home/www/tmp/shibboleth-sp-1.3.1-sources.tgz ./build-sp.sh -p /home/www/shibboleth -a /home/www/apache/bin/apxs chown -R www:www /home/www |
...
{code} #* If Apache was installed from rpm: {code} mkdir /home/www/tmp/shibboleth-build-directory cd /home/www/tmp/shibboleth-build-directory tar -xzvf /home/www/tmp/shibboleth-sp-1.3.1-sources.tgz ./build-sp.sh -p /home/www/shibboleth chown -R www:www /home/www |
...
{code} # Configure Shibboleth, as described in [Configuring+and+customizing+the+Shibboleth+SP]. |
...
#* Download to the config files from Trogdor or the webauth Athena locker and run the gen-shib.sh script: |
...
{code |
...
} cd /home/www/shibboleth/etc/shibboleth scp $troguser@trogdor:/opt/software-repository-tmp/Touchstone/config-SP/* . chmod u+x /home/www/shibboleth/etc/shibboleth/gen-shib.sh ./gen-shib.sh |
...
{code} #* Edit the file /home/www/apache/conf/httpd.conf. After the line "Include conf/extra/httpd-ssl.conf", insert the following: |
...
{code |
...
} # Touchstone/Shibboleth Include /home/www/shibboleth/etc/shibboleth/apache22.config |
...
{code} # Add the init script to /etc/init.d, and set to run on appropriate runlevels. |
...
{code |
...
} cd /home/www/shibboleth/etc/shibboleth cp /home/www/shibboleth/etc/shibboleth/shibd-redhat /etc/init.d/shibd chmod u+x,a-w /etc/init.d/shibd cd /etc/init.d ln -s /etc/init.d/shibd /etc/rc.d/rc3.d/S45shibd ln -s /etc/init.d/shibd /etc/rc.d/rc4.d/S45shibd ln -s /etc/init.d/shibd /etc/rc.d/rc5.d/S45shibd ln -s /etc/init.d/shibd /etc/rc.d/rc3.d/K45shibd ln -s /etc/init.d/shibd /etc/rc.d/rc4.d/K45shibd ln -s /etc/init.d/shibd /etc/rc.d/rc5.d/K45shibd /etc/init.d/shibd start |
...
{code} # At a convenient time, bounce Apache and related web services. |
...
{code |
...
} /etc/init.d/web stop /etc/init.d/web start |
...
{code} # Send email to the Touchstone support team (touchstone-support@mit.edu), asking for the system to be included in the Touchstone database. Information they need is hostname, CN name if different from hostname, technical support contact (using a list is preferred, for our group, map-support@mit.edu is normally used), the organization that owns the system, and a short description (one sentence) of what function this server will perform. |