Page tree
Skip to end of metadata
Go to start of metadata

Building the Native SP from Source on Linux

The following installation procedure will build the Shibboleth 2 SP and all its dependencies. Completion of the instructions will result in a functional and loaded but unconfigured SP installed under /opt/shibboleth-sp. If you'd like to use an alternative directory, modify all paths accordingly.

Building Shibboleth

The following packages must be built in the following order using the ./configure commands listed. Unless specific version notes are given, any modern release is sufficient. Be sure to make and make install as appropriate for each package, including Shibboleth itself.

You will also need the Boost headers available (but don't need to actually build or install the full Boost library set).

  • log4shib: ./configure --disable-static --disable-doxygen --prefix=/opt/shibboleth-sp
  • Xerces-C: ./configure --prefix=/opt/shibboleth-sp --disable-netaccessor-libcurl
  • XML-Security-C: ./configure --without-xalan --disable-static --prefix=/opt/shibboleth-sp
  • XMLTooling-C: ./configure --with-log4shib=/opt/shibboleth-sp --prefix=/opt/shibboleth-sp -C
  • OpenSAML-C: ./configure --with-log4shib=/opt/shibboleth-sp --prefix=/opt/shibboleth-sp -C

When building Shibboleth, you can usually rely on the configure script to detect your Apache version and do the right thing, but in special cases, you can pass various options to control the Apache module version and locate the apxs script to use.

  • Shibboleth: ./configure --with-log4shib=/opt/shibboleth-sp --enable-apache-13 --with-apxs=/usr/local/apache/bin/apxs --enable-apache-20 --with-apxs2=/usr/local/apache2/bin/apxs --prefix=/opt/shibboleth-sp

Troubleshooting

If you're not comfortable researching and diagnosing configure and/or make errors, we strongly suggest you find somebody who is, or use a package of some sort rather than a direct source build. However, we'll compile some tips on troubleshooting source builds.

Basic Configuration

These steps will configure Apache to load mod_shib, supply it with proper host and scheme information, and start shibd.

  1. Set the LD_LIBRARY_PATH environment variable to the path containing Shibboleth dependencies and libraries. This may be required both in the script that starts the shibd daemon and when starting Apache (so you might put it in /etc/sysconfig/httpdor someplace similar).

    export LD_LIBRARY_PATH=/opt/shibboleth-sp/lib
    
  2. Edit httpd.conf:
    • Shibboleth includes sample Apache configuration files in etc/shibboleth for each version of Apache. You can add an Include to httpd.conf itself, but this isn't advisable because that file will be overwritten on subsequent installs/upgrades. Use it as a sample to add the necessary commands to your own configuration.

    • UseCanonicalName On
    • Ensure that the ServerName directive is properly set, and that Apache is being started with SSL enabled.
  3. Restart Apache.
  4. shibd must be independently started and run. The daemon should in the future be loaded and monitored along with all other major services.

    /opt/shibboleth-sp/sbin/shibd
    
  5. By default, the Shibboleth module is configured to log information on behalf of Apache to /opt/shibboleth-sp/var/log/httpd/native.log

  6. shibd creates its own separate logs in /opt/shibboleth-sp/var/log/shibboleth
  • No labels

1 Comment

  1. You will need to add CXXFLAGS="-std=gnu++98" to the configure arguments in order to build xml-security-c on GCC 6.