Here is the instruction to install ShARPE on Debian linux system:
Assumptions
- JDK 5 installed.
- Tomcat 5 installed at /usr/local/tomcat/webapps (referred as $TOMCAT_HOME)
- shibboleth idp 1.3.x installed at /usr/local/shibboleth-idp (referred as $IDP_HOME)
- Ant is installed somewhere (version > 1.6.5 preferable)
Building ShARPE
Checkout the lastest source code from svn and build using follow command
mkdir ShARPE
cd ShARPE
svn checkout https:
ant
Installation Steps:
Because ShARPE extends Shibboleth IdP functionalies, we need to modify IdP installation to plug ShARPE library into it.
Modify IdP to include ShARPE
- copy all jar files from lib folder and dist/mams-idp-ext.jar to $TOMCAT_HOME/shibboleth-idp/WEB-INF/lib
- copy the web/WEB-INF/classes/conf/mams-sharpe.properties to $TOMCAT_HOME/shibboleth-idp/WEB-INF/classes/conf
- edit $TOMCAT_HOME/shibboleth-idp/WEB-INF/web.xml: change IdPResponder to MAMSIdPResponder
- copy (if not existed) the sample.grouplookup.properties and conf/mams-sharpe folder to /usr/local/shibboleth-idp/etc
- Changes in idp.xml
- edit your idp configuration xml ($IDP_HOME/etc/idp.xml). Make sure the parameters refer to correct entries (i.e. change resolver.xml to resolver..ldap.xml for example, if you use ldap version)
Replace :
<ReleasePolicyEngine>
<ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
<Path>/usr/local/shibboleth-idp/etc/arps/</Path>
</ArpRepository>
</ReleasePolicyEngine>
to:
<ReleasePolicyEngine>
<ArpRepository implementation="au.edu.mq.melcoe.mams.sharpe.shib.aa.arp.provider.MAMSFileSystemArpRepository">
<Path>/usr/local/shibboleth-idp/etc/arps/</Path>
<GroupLookup implementation="au.edu.mq.melcoe.mams.sharpe.shib.aa.arp.group.provider.AttributeResolverGroupLookup">
<!-- usage of MAMSAttributeResolver is optional,
when not used the default AttributeResolver will be instantiated instead
-->
<ResolverConfig implementation="edu.internet2.middleware.shibboleth.aa.attrresolv.MAMSAttributeResolver">/usr/local/shibboleth-idp/etc/resolver.ldap.xml</ResolverConfig>
<UserGroup>urn:mace:dir:attribute-def:eduPersonAffiliation</UserGroup>
</GroupLookup>
<GroupLookup implementation="au.edu.mq.melcoe.mams.sharpe.shib.aa.arp.group.provider.PropertyFileGroupLookup"
separator="%PRINCIPAL%.">
<PropertyFile>/usr/local/shibboleth-idp/etc/sample.grouplookup.properties</PropertyFile>
<GroupListing>institutionalGroupList</GroupListing>
<GroupListing>groupList</GroupListing>
</GroupLookup>
</ArpRepository>
</ReleasePolicyEngine>
- Make sure IdP_HOME is writable by tomcat
Install ShARPE GUI
There is nothing special need doing, just copy the dist/ShARPE.war to $TOMCAT_HOME.
Changes in Apache config
It is important to protect access to ShARPE to limited to users who are known by Shibboleth IdP (the host of ShARPE). For this purpose, you will need to configure appropriate section of Apache for it.Find the section on Apache where you protect Shibboleth's SSO (refer to manual Shibboleth IdP configuration; usually 00X-ssl-vhost )
Find:
<Location /shibboleth-idp/SSO>
...
</Location>
Add:
<Location /ShARPE >
#copy whatever the content of shibboleth-idp/SSO above
</Location>
Redirecting ShARPE to Apache front-end by mean of mod_jk is recommended.
if you use mod_jk, add the following entries to your vhost files (000-default and 00X-ssl-vhost): [JkMount] /ShARPE* shibboleth
if you have mod_jk2, make sure you add the following entries to workers2.properties: [uri:/shibboleth-idp*]
group=lb
[uri:/ShARPE*]
Testing
- restart apache & tomcat
- access ShARPE through https://whatever.com/ShARPE
