Page tree

The Shibboleth 2.x software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP30 and SP3 wiki spaces for current documentation on the supported versions.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Installing the Discovery Service

Before You Begin

The first question you should ask is whether you need to install the DiscoveryService. If you're working in a non-Java environment, you may find it easier to build a selection page in a more native fashion, or you may find that the SP alone provides enough rudimentary support to get started.

If you do decide to install it, you'll primarily need to collect the metadata sources that will contain the IdPs that users will select from. If you're planning to use SAML 2.0 or other protocols not supported by the old WAYF model, you may also need to provide metadata about your SP(s) to enable the DS to safely interact with the SP.

Which protocol?

The Discovery Service will automatically select between "WAYF-Mode" (in which it intercepts and handles a legacy Shibboleth AuthnRequest message) and the full Discovery Service Protocol.

No explicit configuration to select the right protocol is needed.

Performing the Install

The Shibboleth Discovery Service, version 1.0, is a standard Java web application.

  1. Download the Discovery Service package from Internet2 Shibboleth Download site
  2. Unzip the package.
  3. Change into the newly created IdP distribution directory.
  4. Endorse Xerces and Xalan by copying the contents of the endorsed directory to the approriate place on the web Server (for tomcat this is $TOMCAT_ROOT\common\endorsed).
  5. Edit install.properties to control:
    1. Where to install the configuration files.
    2. Whether the install will delete any previous installation.
  6. Run either ./ant.sh (on Unix systems) or ant.bat (on Windows systems) as a suitably authorised user user. This user must have the ability to create the Discovery Service home directory identified in the previous step.
  7. Configure the Discovery Service to point to the metadata sources you identified above as described here.
  8. Deploy the Discovery Service WAR file, located in the Discovery Service's Home directory.
  9. Further Configuration is described here.
  • No labels