Building Shibboleth with FastCGI support

Ondřej Košarko edited this page Jan 22, 2018 · 7 revisions

Building Shibboleth SP

Compilation of Shibboleth is a tedious but well documented on Shibboleth wiki

Run ./configure script --with-fastcgi to implement FastCGI support required by Nginx.

For the compilation you will need boost header files. xmltooling requires libcurl. Next you'll need libfcgi or apache2/httpd dev packages when building for apache. On Ubuntu/Debian installed with:

#check the version of libboost first
sudo apt-get install libfcgi-dev libboost-all-dev

or

sudo apt-get install apache2-dev

These are roughly the commands that get you quickly from ShibbolethSP sources to ShibbolethSP running application:

  • The expected installation directory is /opt/shibboleth-sp-fastcgi
  • NOTE: Links may be broken (Fix them by editing the wiki)
  • DO NOT copy the commands blindly
  • finally make sure with ldd that shibd is really using the libraries you have just built, if not rerun the build with --with-* options

See this gist for compilation script.

#!/bin/bash
# https://github.com/ufal/lindat-dspace/wiki/Building-Shibboleth-with-FastCGI-support
# ensure the versions are still latest

sudo apt-get install libfcgi-dev libboost-all-dev openssl libssl-dev pkg-config libcurl4-openssl-dev

INSTALLDIR=/opt/shibboleth-sp-fastcgi

function get {
  local dirname=$1
  local version=$2
  local url=$3
  local archive="$dirname-$version.tar.gz"

  if [ ! -d "$dirname" ]; then
    wget -O "$archive" "$url$archive"
    tar -xzvf "$archive"
    mv `tar -ztf "$archive" | head -n 1` "$dirname.$version"
        ln -s $dirname.$version $dirname
    rm "$archive"
  fi
}

get log4shib 1.0.9 http://shibboleth.net/downloads/log4shib/latest/
get xerces-c 3.2.0 http://mirror.hosting90.cz/apache/xerces/c/3/sources/
get xml-security-c 1.7.3 http://mirror.hosting90.cz/apache/santuario/c-library/
get xmltooling 1.6.3 http://shibboleth.net/downloads/c++-opensaml/latest/
get opensaml 2.6.1 http://shibboleth.net/downloads/c++-opensaml/latest/
get shibboleth-sp 2.6.1 http://shibboleth.net/downloads/service-provider/latest/


function compile {
    local dirname=$1
    local config="--enable-option-checking=fatal $2"

    cd $dirname && \
    ./configure $config && \
    make && \
    sudo make install && \
    cd ..
}

compile log4shib "--disable-static --disable-doxygen --prefix=$INSTALLDIR" && \
compile xerces-c "--disable-netaccessor-curl --prefix=$INSTALLDIR" && \
compile xml-security-c "--without-xalan --disable-static \
  --with-xerces=$INSTALLDIR \
  --prefix=$INSTALLDIR" && \
compile xmltooling "--with-log4shib=$INSTALLDIR --prefix=$INSTALLDIR -C" && \
compile opensaml "--with-log4shib=$INSTALLDIR --prefix=$INSTALLDIR -C" && \
compile shibboleth-sp "--with-log4shib=$INSTALLDIR \
  --prefix=$INSTALLDIR \
  --with-fastcgi"

For apache you can drop the --with-fastcgi line and you need to add one of

  --enable-apache-13      enable the Apache 1.3 module
  --enable-apache-20      enable the Apache 2.0 module
  --enable-apache-22      enable the Apache 2.2 module
  --enable-apache-24      enable the Apache 2.4 module

and maybe a path to apxs (via one of the --with-apxs* options)

Congratulation you have compiled and installed your own Shibboleth SP.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.