I was tasked with reviewing solutions for implementing SAML into our applications. The first thing I tried was Shibboleth.
I had to download the following dependent packages for the installation of the Service Provider(SP):
- rpm -Uvh liblog4shib1-1.0.4-2.2.el4.i386.rpm
- rpm -Uvh libxerces-c-3_1-3.1.1-2.2.el4.i386.rpm
- rpm -Uvh libxml-security-c16-1.6.0-4.2.el4.i386.rpm
- rpm -Uvh xmltooling-schemas-1.4.1-2.1.el4.i386.rpm
- rpm -Uvh opensaml-schemas-2.4.1-2.1.el4.i386.rpm
- rpm -Uvh libxmltooling5-1.4-2.2.i386.rpm
- rpm -Uvh libsaml7-2.4-2.3.i386.rpm
- rpm -Uvh shibboleth-2.4-2.2.i386.rpm
Now that the installation over its time to configure.
I’m having problems with the install. The Shibboleth RPM creates an .so file for the native OS installation of Apache regardless of whatever you may have installed. In my case the OS installed version of Apache is 2.0 but I am running 2.2. According to threads I have found on mailing lists the only way to fix this is to rebuild the RPMs.
** UPDATE 06-08-2011
I have decided to find another way to implement SAML. I cannot get Shibboleth to install the proper version of this file: mod_shib_22.so it always installs mod_shib_20.so
I tried the following:
- Build Shibboleth and its dependencies from source.
- Rebuild the RPMs from the SRPM file.
- Build a new server from scratch without Apache.
** UPDATE 06-28-2011
I decided to give this another attempt using CentOS5. All went exactly as planned and my IdP was able to connect to a configured SP.