Child pages
  • SolarisNotes

The Shibboleth 1.x software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

Skip to end of metadata
Go to start of metadata

ServiceProvider Notes

Successful C++ SP Builds

  • Solaris 2.8 (32-bit Sparc) using SunCC 5.2
  • Solaris 2.8 (32-bit Sparc) using gcc3

Build Environment Setup

  • Set LD_LIBRARY_PATH to the eventual lib path into which you'll be installing the packages you're building (e.g. /opt/shibboleth-sp/lib)
  • Set XERCESCROOT to the root of the unpacked Xerces-C tarball
  • Set OPENSSL to the location where OpenSSL is installed
  • Set CC and CXX to the names of the C and C++ compilers you want to use (gcc/cc, g++/CC)

configure Commands

$ OpenSSL (Sun CC): ./Configure solaris-sparcv9-cc threads shared --prefix=/opt/shibboleth-sp
$ OpenSSL (gcc): ./Configure solaris-sparcv9-gcc threads shared --prefix=/opt/shibboleth-sp
$ libcurl: ./configure --disable-static --without-ca-bundle --enable-thread --prefix=/opt/shibboleth-sp
$ log4cpp: ./configure --disable-static --disable-doxygen --prefix=/opt/shibboleth-sp
$ Xerces-C: ./runConfigure -p solaris -c $CC -x $CXX -r pthread -b 32 -P /opt/shibboleth-sp
$ XML-Security-C: ./configure --without-xalan --prefix=/opt/shibboleth-sp
$ OpenSAML: ./configure --with-curl=/opt/shibboleth-sp --with-log4cpp=/opt/shibboleth-sp --prefix=/opt/shibboleth-sp -C
$ Shibboleth (Sun CC): ./configure --with-saml=/opt/shibboleth-sp --with-log4cpp=/opt/shibboleth-sp --enable-apache-13 --with-apxs=/usr/local/apache/bin/apxs --enable-apache-20 --with-apxs=/usr/local/apache2/bin/apxs --prefix=/opt/shibboleth-sp CFLAGS=-D_sparc_ CXXFLAGS="-D_sparc_ -library=Cstd,Crun" LDFLAGS=-lz -C
$ Shibboleth (gcc): ./configure --with-saml=/opt/shibboleth-sp --with-log4cpp=/opt/shibboleth-sp --enable-apache-13 --with-apxs=/usr/local/apache/bin/apxs --enable-apache-20 --with-apxs=/usr/local/apache2/bin/apxs --prefix=/opt/shibboleth-sp -C

Build Notes

  • On all versions of Solaris, the ONC RPC library used by Shibboleth for www/shibd connectivity is not able to support the older system calls used. The Shibboleth-supplied version of must be used instead of the Sun version. This is automatically handled by the configure script and is normal.
  • Note the additional flags that are required when building Shibboleth with Sun's compiler. These are required to address bugs in the way libtool invokes the compiler and linker.
  • When using gcc4, the current version of Xerces supported by Home and Shibboleth does not support gcc4 and has a very small bug. One of the source files will fail because of an extraneous use of the static keyword on two lines. Simply remove the keyword from those lines and run make again to complete the build.
  • Some of the packages, particularly xml-security-c, do not build or install cleanly on some Solaris servers, depending on various software packages that may or may not be present. You may need to copy the install-sh script from the root folder of the package to various subdirectories, and manually copy the headers and library to the intended destination.
  • The xml-security-c configure script uses the wrong optimization flag for Sun's compiler. If not using gcc, you'll need to edit the configure script and change -O2 to -xO2

Runtime Notes

  • Set LD_LIBRARY_PATH to the lib path containing the dependencies and Shibboleth libraries (e.g. /opt/shibboleth-sp/lib). This is required both in the script that starts the shibd daemon and when starting Apache (so you might put it in /usr/local/apache/bin/apachectl).
  • No labels


  1. Unknown User (

    Spencer Thomas has attached a couple of scripts that he uses to build the Shibboleth 1.3 SP on Solaris 10 / X86 with GCC version 4 (4.1.1).  The first script sets environment variables assuming that OpenSSL is installed in /usr/local, and using a jstor-specific deployment location.  The second script contains a series of commands to unpack and compile the SP, and accurately reflects the commands used to build Shibboleth for JSTOR on Feb 12, 2007, using the versions of the dependencies that were available on that day. It assumes that tarballs for the dependencies and for the Shibboleth SP source have been downloaded to the current directory.  (Note the use of the "gtar" command to invoke Gnu tar -- your usage may differ.)

    OpenSSL note: I used the version of OpenSSL that was installed by our sysadmins in /usr/local.  It is otherwise extremely difficult to ensure that all the dependent packages are compiled with, and then linked with, the same version of OpenSSL.  Any version mismatch can cause Shibboleth to fail to run properly.  If OpenSSL 0.9.7g or higher is installed in your Solaris, I highly recommend that you use it and don't try to build your own.  If an earlier version is installed, you would probably be wise to ask the sysadmin staff to update it so you can use it, although this bears a risk of breaking other installed software, such as sshd.

    1. Unknown User (

      Another advantage to using the bundled OpenSSL (in /usr/sfw) is that it can use hardware crypto (if you configure it to use the pkcs11 engine).

  2. Unknown User (

    Shouldn't you set LDFLAGS with -L and -R instead of using LD_LIBRARY_PATH? The latter is a rather nasty hack.

  3. -L doesn't help, it's not a link-time issue, it's a loader issue. -R has as many problems as using a path does (more IMHO), they're just different problems.

    If you're building everything yourself, and know enough magic to make libtool use hardcoded search paths, that's fine. For most people, that's impossible or beyond their abilities, and using a load path is much simpler to use.