Versions Compared

Old Version 4

changes.mady.by.user carsi_pku_team

Saved on

compared with

New Version Current

changes.mady.by.user carsi_pku_team

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

登录mgmt.carsi.edu.cn自服务系统,“我的CARSI”-“我的IdP”下载安装脚本:idp_install_script.zip。解压后为:idp512-openeuler-anolisos-jetty11-install.sh(如需4.1.7安装脚本,请发邮件到carsi@pku.edu.cn),如下图所示:sh,如下图所示:

使用carsi用户登录IdP服务器并下载以下脚本和软件,存放在同一个目录下。

...

Code Block
languagebash
borderStylesolid
[carsi@www ~]$ sudo sh ./idp512-openeuler-anolisos-jetty11-install.sh
Install shibboleth idp at 2024.04.22 15:18:24
Shibboleth IdP 5.1.12 is installing.
Script Version v5.1.12
Checking Internet access...
Check Internet access success!
Setting timezone...
Install tar ...
Install zip and unzip...
Testing installing envirenment...
Check shibboleth idp installation file success!
Check Jetty installation file success!

...

如果机器从IdP v3版本升级到新版本,可能会提示另外准备安装环境并退出。请根据IdP512: 将IdP 从v3.4.3/v3.4.7/v4.1.7/v4.3.1升级到v5x升级到v5.1.2,进行新版本安装。

Code Block
languagebash
borderStylesolid
You are upgrading IdP from 3.4.7 to 5.1.1 . We suggest to setup suitable environment to install IdP 5.1.1 but don't upgrade from the old system.
If you still insist to upgrade the old system to IdP 5.1.1, please make sure you have made a backup of data. You will take some risks for the installation.

注意:如果IdP已经上线,需要升级,强烈建议在新环境重新安装。新系统安装成功后拷贝老系统credentials和metadata目录下文件,完成配置和调试,以减少新老系统切换对IdP服务的影响。重装后如何恢复IdP请参考IdP512: IdP备份恢复及高可用方案

2.2 安装java、nginx、Jetty基础软件

...

Code Block
languagebash
borderStylesolid
Installing shibbolet idp...
INFO  - Skipping non-existent resource: class path resource [-Didp.src.dir=../shibboleth-identity-provider-5.1.2]
Installation Directory: [/opt/shibboleth-idp] ?   #确认安装路径,直接回车
install:
INFO  - New Install.  Version: 5.1.2
Host Name: [idp.xxx.edu.cn] ?          #确认是服务器hostname是否正确,一般会设置hostname和IdP域名一致,此处可能显示IP地址,如果出现IP地址,请手动输入IdP服务器域名

INFO  - Creating idp-signing, CN = idp.xxx.edu.cn URI = https:/idp.xxx.edu.cn/idp/shibboleth, keySize=3072
INFO  - Creating idp-encryption, CN = idp.xxx.edu.cn URI = https://idp.xxx.edu.cn/idp/shibboleth, keySize=3072
INFO  - Creating backchannel keystore, CN = idp.xxx.edu.cn URI = https://idp.xxx.edu.cn/idp/shibboleth, keySize=3072
INFO  - Creating Sealer KeyStore
INFO  - No existing versioning property, initializing...
SAML EntityID: [https://idp.xxx.edu.cn/idp/shibboleth] ?    #确认是正确的EntityID,主要检查域名是否正确,无误后回车(不需要输入Y),如果不是,请手动输入EntityID,注意中间不要有空格
 
Attribute Scope: [xxx.edu.cn] ?      #确认是正确的学校域名,无误后回车,如果不是,请手动设置学校域名,比如:pku.edu.cn

INFO  - Initializing OpenSAML using the Java Services API
INFO  - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmlenc#ripemd160
INFO  - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
INFO  - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
INFO  - Including auto-located properties in /opt/shibboleth-idp/conf/admin/admin.properties
INFO  - Including auto-located properties in /opt/shibboleth-idp/conf/authn/authn.properties
INFO  - Including auto-located properties in /opt/shibboleth-idp/conf/c14n/subject-c14n.properties
INFO  - Including auto-located properties in /opt/shibboleth-idp/conf/ldap.properties
INFO  - Including auto-located properties in /opt/shibboleth-idp/conf/saml-nameid.properties
INFO  - Including auto-located properties in /opt/shibboleth-idp/conf/services.properties
INFO  - Creating Metadata to /opt/shibboleth-idp/metadata/idp-metadata.xml
INFO  - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 5.1.2
INFO  - Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
INFO  - Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
INFO  - Creating war file /opt/shibboleth-idp/war/idp.war
INFO  - Including auto-located properties in /opt/shibboleth-idp/bin/../conf/admin/admin.properties
INFO  - Including auto-located properties in /opt/shibboleth-idp/bin/../conf/authn/authn.properties
INFO  - Including auto-located properties in /opt/shibboleth-idp/bin/../conf/c14n/subject-c14n.properties
INFO  - Including auto-located properties in /opt/shibboleth-idp/bin/../conf/ldap.properties
INFO  - Including auto-located properties in /opt/shibboleth-idp/bin/../conf/saml-nameid.properties
INFO  - Including auto-located properties in /opt/shibboleth-idp/bin/../conf/services.properties
Enabling idp.intercept.Consent...
	conf/intercept/consent-intercept-config.xml created
	views/intercept/attribute-release.vm created
	views/intercept/terms-of-use.vm created
[OK]

...

Code Block
languagebash
borderStylesolid
RebuildingInstalling nashorn plugin and rebuilding /opt/shibboleth-idp/war/idp.war
Buildfile:
INFO - Including auto-located properties in /opt/shibboleth-idp/bin/build.xml

build-war:
Installation Directory: [/../conf/admin/admin.properties
INFO - Including auto-located properties in /opt/shibboleth-idp] ?  #直接回车

INFO [net.shibboleth.idp.installer.BuildWar:103] - Rebuilding/bin/../conf/authn/authn.properties
INFO - Including auto-located properties in /opt/shibboleth-idp/war/idp.war, Version 5.1.1
INFO [net.shibboleth.idp.installer.BuildWar:113] - Initial populate frombin/../conf/c14n/subject-c14n.properties
INFO - Including auto-located properties in /opt/shibboleth-idp/bin/../dist/webapp toconf/ldap.properties
INFO - Including auto-located properties in /opt/shibboleth-idp/bin/webpapp.tmp
INFO [net.shibboleth.idp.installer.BuildWar:92] - Overlay from../conf/saml-nameid.properties
INFO - Including auto-located properties in /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
INFO [net.shibboleth.idp.installer.BuildWar:125] - Creating war file /opt/shibboleth-idp/war/idp.war

BUILD SUCCESSFUL
Total time: 4 seconds
restarting Jetty...
Jetty restartedbin/../conf/services.properties
INFO - Downloading from HTTPResource [http://shibboleth.net/downloads/identity-provider/plugins/scripting/2.0.0/idp-plugin-nashorn-jdk-dist-2.0.0.tar.gz]
....................................
INFO - Downloading from HTTPResource [http://shibboleth.net/downloads/identity-provider/plugins/scripting/2.0.0/idp-plugin-nashorn-jdk-dist-2.0.0.tar.gz.asc]
INFO - Plugin net.shibboleth.idp.plugin.nashorn: Trust store folder does not exist, creating
INFO - Plugin net.shibboleth.idp.plugin.nashorn: Trust store does not exist, creating
INFO - TrustStore does not contain signature 0x1483F262A4B3FF0
Accept this key:
Signature: 0x1483F262A4B3FF0
FingerPrint: 4AF4D83EEDDF43DA3C06CB3101483F262A4B3FF0
Username: Rod Widdowson <rdw@steadingsoftware.com>
[yN] y   #接受插件的安装,输入y
INFO - Installing Plugin 'net.shibboleth.idp.plugin.nashorn' version 2.0.0
INFO - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 5.1.2
INFO - Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
INFO - Overlay from /opt/shibboleth-idp/dist/plugin-webapp to /opt/shibboleth-idp/webpapp.tmp
INFO - Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
INFO - Creating war file /opt/shibboleth-idp/war/idp.war
restarting Jetty...
Jetty restarted
download filefornginx2 success!
Generating RSA private key, 2048 bit long modulus (2 primes)
....+++++
...............................+++++
e is 65537 (0x010001)
Signature ok
subject=C = CN, ST = BeiJing, L = BeiJing, O = xxx, OU = xxx, CN = idp.xxx.edu.cn
Getting CA Private Key
restarting nginx...
nginx restarted...
shibboleth idp installed success!