Page History

# Check that the install of OpenSSL has the development extensions.  If the system received a custom build of OpenSSL, there will be a /usr/local/ssl directory, and this step can be skipped.

## Check the rpmlogs for openssl-devel.  Install it if it is missing.

{code

}
grep openssl-devel /var/log/rpmpkgs
yum install openssl-devel

{code}
# Download the source code tarball and build script from either Trogdor or the /mit/webauth/shibboleth/source webauth Athena locker.

## Download from Aether:

{code

}
cd /home/www/tmp
scp $troguser@trogdor.mit.edu:/opt/software-repository-tmp/Touchstone/shibboleth-sp-1.3.1-sources.tgz .

{code}
## Download for the webauth Athena locker:
{code}
cd /home/www/tmp
scp athena.dialup.mit.edu:/mit/webauth/shibboleth/source/shibboleth-sp-1.3.1-sources.tgz .

{code}
# Make certain that the correct version of apxs from httpd-devel packages are installed.

#* If apxs is not in /home/www/apache/bin, install it from rpm:

{code

}
yum install httpd-devel

{code}
# Create a Shibboleth build directory, unpack the tarball into it, and run the build script.
#* If Apache was built locally:
{code}
mkdir /home/www/tmp/shibboleth-build-directory
cd /home/www/tmp/shibboleth-build-directory
tar -xzvf /home/www/tmp/shibboleth-sp-1.3.1-sources.tgz
./build-sp.sh -p /home/www/shibboleth -a /home/www/apache/bin/apxs
chown -R www:www /home/www

{code}
#* If Apache was installed from rpm:
{code}
mkdir /home/www/tmp/shibboleth-build-directory
cd /home/www/tmp/shibboleth-build-directory
tar -xzvf /home/www/tmp/shibboleth-sp-1.3.1-sources.tgz
./build-sp.sh -p /home/www/shibboleth
chown -R www:www /home/www

{code}
# Configure Shibboleth, as described in [Configuring+and+customizing+the+Shibboleth+SP].

#* Download to the config files from Trogdor or the webauth Athena locker and run the gen-shib.sh script:

{code

}
cd /home/www/shibboleth/etc/shibboleth
scp $troguser@trogdor:/opt/software-repository-tmp/Touchstone/config-SP/* .
chmod u+x /home/www/shibboleth/etc/shibboleth/gen-shib.sh
./gen-shib.sh

{code}
#* Edit the file /home/www/apache/conf/httpd.conf.  After the line "Include conf/extra/httpd-ssl.conf", insert the following:

{code

}
# Touchstone/Shibboleth
Include /home/www/shibboleth/etc/shibboleth/apache22.config

{code}
# Add the init script to /etc/init.d, and set to run on appropriate runlevels.

{code

}
cd /home/www/shibboleth/etc/shibboleth
cp /home/www/shibboleth/etc/shibboleth/shibd-redhat /etc/init.d/shibd
chmod u+x,a-w /etc/init.d/shibd
cd /etc/init.d
ln -s /etc/init.d/shibd /etc/rc.d/rc3.d/S45shibd
ln -s /etc/init.d/shibd /etc/rc.d/rc4.d/S45shibd
ln -s /etc/init.d/shibd /etc/rc.d/rc5.d/S45shibd
ln -s /etc/init.d/shibd /etc/rc.d/rc3.d/K45shibd
ln -s /etc/init.d/shibd /etc/rc.d/rc4.d/K45shibd
ln -s /etc/init.d/shibd /etc/rc.d/rc5.d/K45shibd
/etc/init.d/shibd start

{code}
# At a convenient time, bounce Apache and related web services.

{code

}
/etc/init.d/web stop
/etc/init.d/web start

{code}
# Send email to the Touchstone support team (touchstone-support@mit.edu), asking for the system to be included in the Touchstone database.  Information they need is hostname, CN name if different from hostname, technical support contact (using a list is preferred, for our group, map-support@mit.edu is normally used), the organization that owns the system, and a short description (one sentence) of what function this server will perform.