Refer to the SystemRequirements page for details on supported software platforms.
If using the recommended Oracle JDK, make sure you've installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files (see http://www.oracle.com/technetwork/java/javase/downloads/index.html, towards the bottom). If you don't do this, your deployment will be unable to make use of cryptographic algorithms such as AES with 256-bit keys which may be required for interoperability with some SPs.
If you use Java 8 (which you should), be aware that it relies on a blocking PRNG by default, and the IdP may be observed to start up very slowly if there is insufficient entropy available. There are various workarounds or ways to install better sources of entropy by altering jre/lib/security/java.security or using system properties, but they are platform-specific.
See the SecurityAndNetworking page for introductory help in understanding the use of network ports, keys, and certificates.
A nice cross-platform GUI for manipulating Java keystores, PKCS#12 files, viewing certificates, etc., is Keystore Explorer.
Before you begin you should collect the following items and information:
Assuming you plan to use the IdP for SAML support (as opposed to CAS support for example), you will need:
If you don't have any SAML metadata to give the IdP, you won't have an easy time making it do anything useful without changing a lot of defaults, so please take the time and start by acquiring or creating that metadata first if you're just starting out. If you have nothing else to use, the TestShib site can help you get started, but if you're using it longer than a couple of weeks, you should rethink what you're trying to accomplish.
The installation process will suggest or generate the following information for you:
A specially packaged installer is available for Microsoft Windows that ensures files will have the correct line endings and optionally provides automated support for the use of Jetty and configuration against Active Directory. See the WindowsInstallation topic for instructions.
As noted, the IdP is a standard Java web application based on the Servlet 3.0 specification and should run for the most part in any compatible servlet container, but official support is provided only for Jetty and Tomcat. Jetty is the strongly recommended option and is used by the primary team members in their production environments.
Containers for which we have specific installation guidance are shown in step 1 below, including some that we do not officially support. Material specific to any container is provided as a convenience, and is not a substitute for the container's own documentation.
idp.homethroughout this documentation.
In Version 3.4 the default key size has been increased. Under certain circumstances this may fail because of restrictions imposed by version of java or the java "jusrisdiction policy".
In nearly all situations this should be fixed by installing the unlimited strength Unlimited Strength Jurisdiction Policy or by updating to a more recent version of java.
If this is impossible (or if you want a different key size) you cna specify the
idp.keysize parameter on the command line
You can test that the IdP is properly installed and is at least running successfully in the container with the status command line utility (idp.home/bin/status.sh or idp.home\bin\status.bat).
If everything is working correctly, you should see output summarizing the environment and information about the IdP's state. This doesn't mean that you will be able to log into anything yet as you have not yet configured the IdP to use your organization's infrastructure, added metadata, etc.
To rebuild the WAR file, run the build command line utility (idp.home/bin/build.sh or idp.home\bin\build.bat) from the installation directory