Install Shibboleth Service Provider on Debian Linux 4

I. Prerequisites

  • Debian Linux 4.0
  • GNU gcc/g++ compilers. aptitude install gcc g++
  • Apache 2.2.x with SSL and its development libraries. For Debian, the package apache2-threaded-dev provides the necessary Apache 2 development libraries and tools while libssl > 0.9.7 will provide the required openssl library support.
  • A test account at an IdP in the Federation. This will allow you to test your SP installation.
  • Ntp tools to synchronize time with a remote time server (eg. ntpdate)
  • wget (or something similar) to download files from a webserver on a command line.
  • A public IP address and a public DNS name for the systen.
  • Firewall open for the following ports on the IdP machines:
    • TCP destination ports (ie. ports on the IdP machine) 80, 443.
    • UDP source port (ie. port on the remote host) 123.

II. Build and Install the Shibboleth SP and required components

  1. Setup build environment
    • aptitude install libcurl3 libcurl3-dev
    • $export SHIB_SP_HOME=/optl/shibboleth-sp; mkdir -p $SHIB_SP_HOME
  2. Compile required components
    • log4cpp
      • Download log4cpp-1.0.tar.gz from
      • Untar log4cpp-1.0.tar.gz, go into that directory, configure and build it with the following:
        • tar xzvf log4cpp-1.0.tar.gz
        • cd log4cpp-1.0
        • ./configure - -disable-static - -without-ca-bundle - -enable-thread - -prefix=$SHIB_SP_HOME
        • make
        • make install
    • xerces-c
      • Download xerces-c-src_2_8_0.tar.gz from
      • Untar xerces-c-src_2_8_0.tar.gz, configure and build it with the following:
        • tar xvzf xerces-c-src_2_6_1.tar.gz
        • cd xerces-c-src_2_6_1
        • export XERCESCROOT=`pwd`
        • cd src/xercesc
        • ./runConfigure -p linux -c gcc -x g++ -r pthread -P $SHIB_SP_HOME
        • make
        • make install
    • xml-security
      • Download xml-security-c-1.4.0.tar.gz from
      • Untar xml-security-c-1.4.0.tar.gz, configure and build it with the following:
        • tar xvzf xml-security-c-1.4.0.tar.gz
        • cd xml-security-c-1.4.0
        • ./configure - -prefix=$SHIB_SP_HOME - -without-xalan
        • make
        • make install
    • opensaml
      • Download from
      • Untar opensaml-1.1.1.tar.gz, configure and build it with the following:
        • tar xvzf opensaml-1.1.1.tar.gz
        • cd opensaml-1.1.1
        • ./configure - -prefix=$SHIB_SP_HOME - -with-log4cpp=$SHIB_SP_HOME -C
        • make
        • make install
  3. Build Shibboleth SP
    • Download
    • Untar shibboleth-sp-1.3.1.tar.gz, configure and build it with the following:
      • tar xvzf shibboleth-sp-1.3.1.tar.gz
      • cd shibboleth-1.3.1
      • ./configure - -prefix=$SHIB_SP_HOME - -with-log4cpp=$SHIB_SP_HOME - -enable-apache-22 - -with-apxs2=/usr/bin/apxs2 - -disable-mysql
      • make
      • make install
      • Note: —-enable-apache-22 option is for apache 2.2.x only. You may need to change it if your apache version is different. At this point Shibboleth SP Apache 2.2.x module and the Shibboleth shibd daemon is built for your system.

See also here

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License