From 4d1b7af28df5d46430da83ede596b7adb754a62d Mon Sep 17 00:00:00 2001 From: "don.sizemore" Date: Tue, 8 Feb 2022 15:37:39 -0500 Subject: [PATCH 1/5] #8405 update Shibboleth documentation for version 3 and repository webform --- .../source/installation/shibboleth.rst | 28 ++++--------------- 1 file changed, 5 insertions(+), 23 deletions(-) diff --git a/doc/sphinx-guides/source/installation/shibboleth.rst b/doc/sphinx-guides/source/installation/shibboleth.rst index 08d69bcad4a..fcb58d705b1 100644 --- a/doc/sphinx-guides/source/installation/shibboleth.rst +++ b/doc/sphinx-guides/source/installation/shibboleth.rst @@ -23,7 +23,7 @@ System Requirements Support for Shibboleth in the Dataverse Software is built on the popular `"mod_shib" Apache module, "shibd" daemon `_, and the `Embedded Discovery Service (EDS) `_ Javascript library, all of which are distributed by the `Shibboleth Consortium `_. EDS is bundled with the Dataverse Software, but ``mod_shib`` and ``shibd`` must be installed and configured per below. -Only Red Hat Enterprise Linux (RHEL) and derivatives have been tested (x86_64 versions) by the Dataverse Project team. See https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLinuxInstall for details and note that (according to that page) as of this writing Ubuntu and Debian are not offically supported by the Shibboleth project. +Only Red Hat Enterprise Linux (RHEL) and derivatives have been tested (x86_64 versions) by the Dataverse Project team. See https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335566/RPMInstall for details and note that (according to that page) as of this writing Ubuntu and Debian are not offically supported by the Shibboleth project. Install Apache ~~~~~~~~~~~~~~ @@ -39,28 +39,10 @@ Install Shibboleth Installing Shibboleth will give us both the ``shibd`` service and the ``mod_shib`` Apache module. -Enable Shibboleth Yum Repo -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This yum repo is recommended at https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLinuxRPMInstall - -``cd /etc/yum.repos.d`` - -Install ``wget`` if you don't have it already: - -``yum install wget`` - -If you are running el8 (RHEL/derivative 8): - -``wget http://download.opensuse.org/repositories/security:/shibboleth/CentOS_8/security:shibboleth.repo`` - -If you are running el7 (RHEL/CentOS 7): - -``wget http://download.opensuse.org/repositories/security:/shibboleth/CentOS_7/security:shibboleth.repo`` - -If you are running el6 (RHEL/CentOS 6): +Install Shibboleth Yum Repo +^^^^^^^^^^^^^^^^^^^^^^^^^^^ -``wget http://download.opensuse.org/repositories/security:/shibboleth/CentOS_CentOS-6/security:shibboleth.repo`` +The Shibboleth Project now provides `a web form ` to generate an appropriate package repository for use with YUM/DNF. Install Shibboleth Via Yum ^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -214,7 +196,7 @@ SELinux is set to "enforcing" by default on RHEL/CentOS, but unfortunately Shibb Disable SELinux ~~~~~~~~~~~~~~~ -The first and easiest option is to set ``SELINUX=permisive`` in ``/etc/selinux/config`` and run ``setenforce permissive`` or otherwise disable SELinux to get Shibboleth to work. This is apparently what the Shibboleth project expects because their `wiki page `_ says, "At the present time, we do not support the SP in conjunction with SELinux, and at minimum we know that communication between the mod_shib and shibd components will fail if it's enabled. Other problems may also occur." +The first and easiest option is to set ``SELINUX=permisive`` in ``/etc/selinux/config`` and run ``setenforce permissive`` or otherwise disable SELinux to get Shibboleth to work. This is apparently what the Shibboleth project expects because their `wiki page `_ says, "At the present time, we do not support the SP in conjunction with SELinux, and at minimum we know that communication between the mod_shib and shibd components will fail if it's enabled. Other problems may also occur." Reconfigure SELinux to Accommodate Shibboleth ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From 02db1b48070afdedcb68d5ad1bd35149e663eb35 Mon Sep 17 00:00:00 2001 From: Don Sizemore Date: Wed, 9 Feb 2022 15:29:22 -0500 Subject: [PATCH 2/5] Update doc/sphinx-guides/source/installation/shibboleth.rst Co-authored-by: Philip Durbin --- doc/sphinx-guides/source/installation/shibboleth.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/sphinx-guides/source/installation/shibboleth.rst b/doc/sphinx-guides/source/installation/shibboleth.rst index fcb58d705b1..2c23458b391 100644 --- a/doc/sphinx-guides/source/installation/shibboleth.rst +++ b/doc/sphinx-guides/source/installation/shibboleth.rst @@ -23,7 +23,7 @@ System Requirements Support for Shibboleth in the Dataverse Software is built on the popular `"mod_shib" Apache module, "shibd" daemon `_, and the `Embedded Discovery Service (EDS) `_ Javascript library, all of which are distributed by the `Shibboleth Consortium `_. EDS is bundled with the Dataverse Software, but ``mod_shib`` and ``shibd`` must be installed and configured per below. -Only Red Hat Enterprise Linux (RHEL) and derivatives have been tested (x86_64 versions) by the Dataverse Project team. See https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335566/RPMInstall for details and note that (according to that page) as of this writing Ubuntu and Debian are not offically supported by the Shibboleth project. +Only Red Hat Enterprise Linux (RHEL) and derivatives have been tested (x86_64 versions) by the Dataverse Project team. See https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335547/LinuxInstall for details and note that (according to that page) as of this writing Ubuntu and Debian are not officially supported by the Shibboleth project. Install Apache ~~~~~~~~~~~~~~ From 231359f69739682e10ba13ebf2d1eba0f8a3aed7 Mon Sep 17 00:00:00 2001 From: Don Sizemore Date: Wed, 9 Feb 2022 15:29:58 -0500 Subject: [PATCH 3/5] Update doc/sphinx-guides/source/installation/shibboleth.rst Co-authored-by: Philip Durbin --- doc/sphinx-guides/source/installation/shibboleth.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/sphinx-guides/source/installation/shibboleth.rst b/doc/sphinx-guides/source/installation/shibboleth.rst index 2c23458b391..dc95598e11d 100644 --- a/doc/sphinx-guides/source/installation/shibboleth.rst +++ b/doc/sphinx-guides/source/installation/shibboleth.rst @@ -42,7 +42,7 @@ Installing Shibboleth will give us both the ``shibd`` service and the ``mod_shib Install Shibboleth Yum Repo ^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The Shibboleth Project now provides `a web form ` to generate an appropriate package repository for use with YUM/DNF. +The Shibboleth project now provides `a web form `_ to generate an appropriate package repository for use with YUM/DNF. Install Shibboleth Via Yum ^^^^^^^^^^^^^^^^^^^^^^^^^^ From 42a39d13386e54b4e77c9c6f05830ee7bd143dfb Mon Sep 17 00:00:00 2001 From: "don.sizemore" Date: Wed, 9 Feb 2022 15:34:54 -0500 Subject: [PATCH 4/5] #8405 update Vagrant shibboleth.repo to match Rocky 8 Vagrant image --- conf/vagrant/etc/yum.repos.d/shibboleth.repo | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/conf/vagrant/etc/yum.repos.d/shibboleth.repo b/conf/vagrant/etc/yum.repos.d/shibboleth.repo index 3a9277b127f..adf42185d8a 100644 --- a/conf/vagrant/etc/yum.repos.d/shibboleth.repo +++ b/conf/vagrant/etc/yum.repos.d/shibboleth.repo @@ -1,7 +1,9 @@ -[security_shibboleth] -name=Shibboleth (CentOS_8) +[shibboleth] +name=Shibboleth (rockylinux8) +# Please report any problems to https://shibboleth.atlassian.net/jira type=rpm-md -baseurl=http://download.opensuse.org/repositories/security:/shibboleth/CentOS_8/ +mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/rockylinux8 gpgcheck=1 -gpgkey=http://download.opensuse.org/repositories/security:/shibboleth/CentOS_8/repodata/repomd.xml.key +gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key + https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key enabled=1 From f0214467bf7f6105303c4662700f8123b9e5c119 Mon Sep 17 00:00:00 2001 From: "don.sizemore" Date: Wed, 9 Feb 2022 15:37:13 -0500 Subject: [PATCH 5/5] #8405 suggest shibboleth.repo location --- doc/sphinx-guides/source/installation/shibboleth.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/sphinx-guides/source/installation/shibboleth.rst b/doc/sphinx-guides/source/installation/shibboleth.rst index dc95598e11d..6d904b3b610 100644 --- a/doc/sphinx-guides/source/installation/shibboleth.rst +++ b/doc/sphinx-guides/source/installation/shibboleth.rst @@ -44,6 +44,8 @@ Install Shibboleth Yum Repo The Shibboleth project now provides `a web form `_ to generate an appropriate package repository for use with YUM/DNF. +You'll want to copy-paste the form results into ``/etc/yum.repos.d/shibboleth.repo`` or wherever is most appropriate for your operating system. + Install Shibboleth Via Yum ^^^^^^^^^^^^^^^^^^^^^^^^^^