« Explorations into UMN Shibboleth Auth - Part 1: Overview | Main | Explorations into UMN Shibboleth Auth - Part 3 Testing and Configuring Shibboleth SP »

Explorations into UMN Shibboleth Auth - Part 2 Installing Shibboleth SP on Ubuntu OS

Overview of Tasks

In order to use Shibboleth SP the web server needs to be able to communicate over SSL (https connection). My tasks then for installing Shibboleth SP are:
  1. Create a self-serv certificate for SSL
  2. Enable SSL for Apache web server on Ubuntu
  3. Install Shibboleth for Apache web server
  4. Enable Shibboleth SP on Apache web server
  5. Test Shibboleth to make sure it is working
  6. Configure Shibboleth to use UMN Shibboleth Identity Provider (IdP)

These directions apply to Apache version 2.2 and Ubuntu OS version 9.10 (Karmic Koala). More detailed descriptions of these tasks will follow.

Tasks 1 and 2: Create a self-serv certificate for SSL and enable SSL on Apache.

I learned good information about creating a certificate in this article in Ubuntu Documentation, but eventually opted to go a much simpler route for creating the certificate and enabling it on Apache. The documentation for the method I chose is available in Ubuntu OS in /usr/share/doc/apache2.2-common/README.Debian.gz file. The steps I performed were:
  1. Installed ssl-cert package: ~$ sudo apt-get install ssl-cert -- This creates a self-serv certification for your server automatically.
  2. Enabled default-ssl virtual host: ~$ sudo a2ensite default-ssl
  3. Enabled Apache's SSL module: ~$ sudo a2enmod ssl
  4. Restarted Apache: ~$ sudo /etc/init.d/apache2 restart

Tasks 3 and 4: Install and enable Shibboleth SP on Apache 2.2

  1. Installed Shibboleth module for Ubuntu 9.10: ~$ sudo apt-get install libapache2-mod-shib2
  2. Enabled Apache Shibboleth module: ~$ sudo a2enmod shib
  3. Restarted Apache ~$ sudo /etc/init.d/apache2 restart

Tasks 5 and 6: Test Shibboleth SP and configure it for UMN IdP... - see next posts

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)