[Shib-Users] problem installing SP on ubuntu

[Francesco Pirani]

Hi all,
i know that sp installation isn't officially supported on ubuntu, but
unfortunately i've to install SP on ubuntu server 10.4...processor amd
64bit.
I've installed apache and i've enabled ssl, and it works fine.
I've installed the dependencies with:

aptitude install libsaml2 unixodbc opensaml2-schemas xmltooling-schemas

and i've downloaded:

http://ftp.us.debian.org/debian/pool/main/s/shibboleth-sp2/shibboleth-sp2-schemas_2.3.1+dfsg-2_all.deb
http://ftp.us.debian.org/debian/pool/main/s/shibboleth-sp2/libshibsp4_2.3.1+dfsg-2_amd64.deb
http://ftp.us.debian.org/debian/pool/main/s/shibboleth-sp2/libapache2-mod-shib2_2.3.1+dfsg-2_amd64.deb

and finally:

dpkg -i shibboleth-sp2-schemas*.deb libshibsp1*.deb libapache2-mod-shib2*.deb

After the installation, the shibd was started without problems...but
when i try to open https://localhost/Shibboleth.sso/Status, i obtain
"not found".

Is this procedure wrong?

[Jean Robertson]

Hello,

After installing these packages, on a debian system, I had to tell the apache
server to use the shibboleth module.

a2enmod shib2

After that I had to tell the web server where to use this. I created a
shibtester.conf file in /etc/apache2/conf.d

--------------
# shibtester.conf

Alias /shibboleth-sp /var/www/shib

ShibConfig /etc/shibboleth/shibboleth2.xml

<Location /shibboleth-sp>
Options +Indexes +Includes +ExecCGI
Allow from all
AuthType shibboleth
ShibRequireSession On
require valid-user
</Location>
Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css
Alias /shibboleth-sp/logo.jpg /usr/share/shibboleth/logo.jpg
------------------

Then I had to restart apache.

Jean

--
Jean Robertson, McGill University (514) 398-8117

[Peter Schober]

* Francesco Pirani <franc...@gmail.com> [2010-09-27 17:13]:
> Is this procedure wrong?

How about
$ apt-get install libapache2-mod-shib2
?

-peter

[Peter Schober]

* Jean Robertson <jean.ro...@mcgill.ca> [2010-09-27 17:35]:

> After installing these packages, on a debian system, I had to tell
> the apache server to use the shibboleth module.

[...]

All the steps necessary are clearly documented as part of the package:

$ zless /usr/share/doc/libapache2-mod-shib2/README.Debian.gz

@Francesco: Try accesing via http:// instead of https:// and see if
that makes a difference. Or adjust the IP addresses allowed to access
the status handler (if you really must) and try from somewhere other
than localhost.

cheers,
-peter

[Francesco Pirani]

Thanks!
I've forgotten to enable shibboleth module!
Now it seems to work!
The first try was using apt-get install libapache2-mod-shib2, but didn't work...
so i followed another guide from satya blog.

Thanks again!

2010/9/27 Peter Schober <peter....@univie.ac.at>

[Russ Allbery]

Francesco Pirani <franc...@gmail.com> writes:

> Thanks!
> I've forgotten to enable shibboleth module!
> Now it seems to work!
> The first try was using apt-get install libapache2-mod-shib2, but didn't
> work...
> so i followed another guide from satya blog.

Yeah, we don't enable the module by default as soon as you install the
package because I was worried that loading the module without having a
working configuration could cause Apache to refuse to start. I haven't
done a lot of experimentation here, though, so I may be too conservative.

--
Russ Allbery (r...@stanford.edu) <http://www.eyrie.org/~eagle/>

[Scott Cantor]

> Yeah, we don't enable the module by default as soon as you install the
> package because I was worried that loading the module without having a
> working configuration could cause Apache to refuse to start. I haven't
> done a lot of experimentation here, though, so I may be too conservative.

I wasn't especially keen on it myself, but other than the packaging aspects
of it, there haven't been that many problems as a result of automating it.
The "vanilla" shib.conf snippet is fairly innocuous, and the default SP
configuration is also fairly harmless.

-- Scott