aptitude install libsaml2 unixodbc opensaml2-schemas xmltooling-schemas
and i've downloaded:
http://ftp.us.debian.org/debian/pool/main/s/shibboleth-sp2/shibboleth-sp2-schemas_2.3.1+dfsg-2_all.deb
http://ftp.us.debian.org/debian/pool/main/s/shibboleth-sp2/libshibsp4_2.3.1+dfsg-2_amd64.deb
http://ftp.us.debian.org/debian/pool/main/s/shibboleth-sp2/libapache2-mod-shib2_2.3.1+dfsg-2_amd64.deb
and finally:
dpkg -i shibboleth-sp2-schemas*.deb libshibsp1*.deb libapache2-mod-shib2*.deb
After the installation, the shibd was started without problems...but
when i try to open https://localhost/Shibboleth.sso/Status, i obtain
"not found".
Is this procedure wrong?
After installing these packages, on a debian system, I had to tell the apache
server to use the shibboleth module.
a2enmod shib2
After that I had to tell the web server where to use this. I created a
shibtester.conf file in /etc/apache2/conf.d
--------------
# shibtester.conf
Alias /shibboleth-sp /var/www/shib
ShibConfig /etc/shibboleth/shibboleth2.xml
<Location /shibboleth-sp>
Options +Indexes +Includes +ExecCGI
Allow from all
AuthType shibboleth
ShibRequireSession On
require valid-user
</Location>
Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css
Alias /shibboleth-sp/logo.jpg /usr/share/shibboleth/logo.jpg
------------------
Then I had to restart apache.
Jean
--
Jean Robertson, McGill University (514) 398-8117
How about
$ apt-get install libapache2-mod-shib2
?
-peter
All the steps necessary are clearly documented as part of the package:
$ zless /usr/share/doc/libapache2-mod-shib2/README.Debian.gz
@Francesco: Try accesing via http:// instead of https:// and see if
that makes a difference. Or adjust the IP addresses allowed to access
the status handler (if you really must) and try from somewhere other
than localhost.
cheers,
-peter
> Thanks!
> I've forgotten to enable shibboleth module!
> Now it seems to work!
> The first try was using apt-get install libapache2-mod-shib2, but didn't
> work...
> so i followed another guide from satya blog.
Yeah, we don't enable the module by default as soon as you install the
package because I was worried that loading the module without having a
working configuration could cause Apache to refuse to start. I haven't
done a lot of experimentation here, though, so I may be too conservative.
--
Russ Allbery (r...@stanford.edu) <http://www.eyrie.org/~eagle/>
I wasn't especially keen on it myself, but other than the packaging aspects
of it, there haven't been that many problems as a result of automating it.
The "vanilla" shib.conf snippet is fairly innocuous, and the default SP
configuration is also fairly harmless.
-- Scott