installing a shibboleth sp from source
Thu, Jul 2, 2015
I’ve been working on an interesting project recently, along the lines of public access to university library resources (walk-in access). I’ve developed an Android app, set up an iBeacon for the App to detect and a backend which interfaces to Active Directory but between the app and the backend is some gubbins. That gubbins is a Shibboleth Service Provider (SP) and although I wrote my own one many years ago, I decided to go with the ‘official’ one and build it from source.
As usual, it’s in a non standard place as I tend not to use /opt and instead much prefer /usr/local. Call me old fashioned. Anyway, this is how to build the Shibboleth SP from source and run it from a ‘non standard’ (i.e. not /opt) location on linux.
These are the various bits ‘n pieces we’ll need:
Download all of the above and extract them into their various directories. The following configure commands are followed by:
make make install
Let’s start with OpenSSL:
then we need to install Apache:
./configure –enable-layout=shibbolethspand this is my config.layout section:
and add this to the top of /usr/local/httpd-2.2.29/bin/apachectl. We need this as we’re not using the version of OpenSSL that comes with linux.
Then install apr:
Then we need curl:
./configure –prefix=/usr/local/curl-7.40.0 \
Now to install Boost:
cp -r boost_1_57_0 /usr/local
Now for the SP itself:
Now that the SP is installed, let’s configure some attributes for it to process. Open the file:
and add an attribute:
<Attribute name="urn:oid:0.0.7" id="CB_InterestingAttribute"> <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/> </Attribute>
The above tells the SP to accept the attribute ‘urn:oid:0.0.7’ and turn it into one called ‘CB_InterestingAttribute’. It’s ‘CB_InterestingAttribute’ that any SP protected app will use. For example, if you have a Sinatra app behind the SP, you can access this attribute thusly:
I’ll leave the more complex configuration for trusting Identity Providers to the official documentation and instead, finish with showing how to start the SP. Remember we’re using a separate version of OpenSSL:
export LD_LIBRARY_PATH=/usr/local/shibboleth-sp/lib /usr/local/shibboleth-sp/sbin/shibd -f
One Shibboleth SP, built from source and running from a non standard location. Done!