Installing the Shibboleth SP from RPM
The Shibboleth project officially provides up-to-date RPMs for most of the supported Linux platforms. For a current list, you can refer to the NativeSPLinuxInstall topic. These packages are built and published out of the OpenSUSE project's Build Service, and include all of the supported Linux variants.
A special note applies to Red Hat 7 and probably all future versions: because of Red Hat's licensing restrictions, it's now impossible for the build service to target Red Hat 7 directly. However, CentOS is an identical system, and the packages for it work on the equivalent Red Hat versions, so Red Hat 7 deployments should rely on the CentOS 7 package repository.
For other RPM-supporting Linux versions, you can usually rebuild the SRPM packages.
Installing via Yum
The strongly recommended approach is to take advantage of the Build Service's ability to act as a yum repository alongside your existing OS-supplied repository. Ths allows you to manage the Shibboleth packages in a standard way and pick up updates using a single command.
For Red Hat Enterprise, the CentOS team provides some usual material on using yum.
The root of the repository tree for Shibboleth can be found at http://download.opensuse.org/repositories/security://shibboleth/ with each supported OS in its own subdirectory. Each subdirectory is the root of a yum repository and contains a definition file named
security:shibboleth.repo. (Per the note above, Red Hat 7 systems must use the CentOS 7 repository.)
Installation varies by OS, but usually you just drop the definition file into a directory such as
/etc/yum.repos.d. You can turn the repository on and off by adjusting the "enabled" property in the file, such as to prevent automated updates and maintain manual control. While enabled, the yum command will "see" the Shibboleth packages when you perform standard operations, and installing the SP should require only a single command:
If you prefer to do things by hand, you can download the packages individually from the repositories hosted on the Build Service at http://download.opensuse.org/repositories/security://shibboleth/.
Installation requires every RPM that is not a
The RPM installation process will place various components of Shibboleth in appropriate default directories based on your operating system's file system layout. Typically:
- Shibboleth configuration files will be placed at
/etc/shibboleth/and the necessary Apache configuration in
shibdwill be installed to
/usr/sbinand may be managed using
- An appropriate version of
mod_shiband other pluggable modules will be installed to
- Logs will be located in
- Ensure that the
ServerNamedirective is properly set, and that Apache is being started with SSL enabled.
- Restart Apache.
/usr/sbin/shibdmust be independently started and run in order to handle requests. The daemon should be loaded and monitored along with all other major services.
- By default, the Shibboleth module is configured to log information on behalf of Apache to
shibdcreates its own separate logs at