Shibboleth SP Install on Amazon AMI Linux

Here is a recipe for installing the Shibboleth Service Provider on Amazon AMI Linux and integrating with the built-in Apache.

Install Prerequisites

Use the following command to install all of the prerequisite tools:

  • yum install automake boost-devel chrpath doxygen gcc-c++ groff httpd-devel libidn-devel openldap-devel openssl-devel redhat-rpm-config stunnel unixODBC-devel
  • yum install rpmdevtools rpm-build

*Note: the above steps install Apache 2.2

Manually Install Shibboleth Dependencies via SRPM

You will want to grab the latest SRPM files that match your version of Amazon Linux.  This recipe is based on Amazon Linux AMI release 2015.09, which is compatible with RHEL 6 SRPMs.  The instructions below are based on the Shibboleth SRPM install instructions.  If you grab newer libraries, you will need to adjust the file names in the recipe.

Use following sequence to build and install all prerequisites.  There are a lot of dependencies, so the order of the steps below matters.

  1. log4shib
  2. xerces-c
  3. xml-security-c
  4. curl-openssl (on RHEL/CentOS 6.x and later)
  5. xmltooling
  6. opensaml
    • wget http://download.opensuse.org/repositories/security://shibboleth/RHEL_6/src/opensaml-2.5.3-1.1.el6.src.rpm
    • rpmbuild –rebuild opensaml-2.5.3-1.1.el6.src.rpm
    • rpm -ivh /usr/src/rpm/RPMS/x86_64/libsaml8-2.5.3-1.1.amzn1.x86_64.rpm
    • rpm -ivh /usr/src/rpm/RPMS/x86_64/libsaml-devel-2.5.3-1.1.amzn1.x86_64.rpm
    • rpm -ivh /usr/src/rpm/RPMS/x86_64/opensaml-schemas-2.5.3-1.1.amzn1.x86_64.rpm
    • rpm -ivh /usr/src/rpm/RPMS/x86_64/opensaml-debuginfo-2.5.3-1.1.amzn1.x86_64.rpm
    • rpm -ivh /usr/src/rpm/RPMS/x86_64/opensaml-bin-2.5.3-1.1.amzn1.x86_64.rpm
  7. shibboleth
    • wget http://download.opensuse.org/repositories/security://shibboleth/RHEL_6/src/shibboleth-2.5.3-1.1.el6.src.rpm
    • rpmbuild –rebuild –without builtinapache -D ‘shib_options –with-apxs24=/usr/sbin/apxs –with-apr1=/usr/bin/apr-1-config –enable-apache24’ shibboleth-2.5.5-3.1.el6.src.rpm
      • **Note: this is an important step to make sure you build the Shib Apache module to work with Apache on AMI Linux.  You may need to adjust the path for apxs and apr-1-config
    • rpm -ivh /usr/src/rpm/RPMS/x86_64/shibboleth-2.5.3-1.1.amzn1.x86_64.rpm
    • rpm -ivh /usr/src/rpm/RPMS/x86_64/shibboleth-devel-2.5.3-1.1.amzn1.x86_64.rpm
    • rpm -ivh /usr/src/rpm/RPMS/x86_64/shibboleth-debuginfo-2.5.3-1.1.amzn1.x86_64.rpm
  8. Copy the Apache config for Shibboleth
    • cp /etc/shibboleth/apache22.config /etc/httpd/conf.d/shib.conf
  9. Configure Shibboleth
    • Edit /etc/shibboleth/shibboleth2.xml to configure your SP and add your IdP metadata
  10. Start the shibd process
    • /usr/sbin/shibd