...
Denna steg är testad på Centos 7 och Debian X.
Centos specifik
Avinstallera Java 8 och installera Java 11. Kör följande som root.
Code Block |
---|
language | bash |
---|
title | Uppgradera Java version |
---|
collapse | true |
---|
|
sudo yum remove java-1.8.0-openjdk-headless java-1.8.0-openjdk
sudo yum install java-11-openjdk-headless java-11-openjdk
sudo alternatives --config java
There is 2 program that provides 'java'.
Selection Command
-----------------------------------------------
*+ 1 /usr/java/jre1.8.0_151/bin/java
2 java-11-openjdk.x86_64 (/usr/lib/jvm/java-11-openjdk-11.0.7.10-4.el7_8.x86_64/bin/java)
Enter to keep the current selection[+], or type selection number: 2
|
Debian specifik
Avinstallera Java 8 och installera Java 11
Code Block |
---|
language | bash |
---|
title | Uppgradera Java version |
---|
collapse | true |
---|
|
|
Debian och Centos
Kör allt nedan som root.
Jetty
Shibboleth IdP v4 kräver Jetty 9.4 och ganska mycket har ändrats jämfört med 9.3. SWAMID operations har packeterat en jetty-base mapp som är anpassad för SWAMID IdPer med enbart minimal ändringar. Den är baserad på en jetty-base som Shibboleth projektet publicerar.
Ladda ner den senaste version av Jetty 9.4. https://www.eclipse.org/jetty/download.html Vid skrivande stund, 9.4.31.v20200723
Code Block |
---|
|
cd /opt/
wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.31.v20200723/jetty-distribution-9.4.31.v20200723.zip
unzip jetty-distribution-9.4.31.v20200723
|
Ladda ner SWAMIDs jetty-base och packa upp. Ladda ner från HÄR
Code Block |
---|
|
cd jetty-distribution-9.4.31.v20200723
unzip jetty-base-swamid.zip
|
Uppdatera jetty-base saker.... TO BE COMPLETED.
Länka om jetty till rätt distributionsmapp
Code Block |
---|
|
cd /opt
rm jetty
ln -s 9.4.31.v20200723 jetty |
Uppdatera /etc/default/jetty
Code Block |
---|
language | bash |
---|
title | /etc/default/jetty |
---|
collapse | true |
---|
|
export JAVA_HOME=/etc/alternatives/jre_11
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export JAVA_OPTIONS="-Didp.home=/opt/shibboleth-idp -Xmx4096M"
export JETTY_HOME=/opt/jetty
export JETTY_BASE=/opt/jetty/jetty-base
export JETTY_USER=jetty |
Kontrollera Jetty start script
Code Block |
---|
|
cd /etc/init.d
rm jetty
ln -s /opt/jetty/bin/jetty.sh jetty |
Kontrollera ägarskap av /var/run/jetty mappen. Vi har sett problem med att /var/run/jetty ägs av root istället för jetty.jetty. Kontrollera att det är korrekt
Code Block |
---|
|
ls -ld /var/run/jetty
drwxr-xr-x 2 jetty jetty 80 1 okt 21.51 /var/run/jetty/ |
Code Block |
---|
Avinstallera Java 8, installera Java 11
=======================================
sudo yum remove java-1.8.0-openjdk-headless java-1.8.0-openjdk
sudo yum install java-11-openjdk-headless java-11-openjdk
sudo alternatives --config java
There is 2 program that provides 'java'.
Selection Command
-----------------------------------------------
*+ 1 /usr/java/jre1.8.0_151/bin/java
2 java-11-openjdk.x86_64 (/usr/lib/jvm/java-11-openjdk-11.0.7.10-4.el7_8.x86_64/bin/java)
Enter to keep the current selection[+], or type selection number: 2
MySQL Connector & HikariCP
===============
Ladda ner mysql-connector-java-5.1.48-bin.tar.gz från https://downloads.mysql.com/archives/c-j/
wget https://repo1.maven.org/maven2/com/zaxxer/HikariCP/3.4.5/HikariCP-3.4.5.jar
Jetty 9.4
=========
Kolla senaste 9.4 på https://www.eclipse.org/jetty/download.html
wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.28.v20200408/jetty-distribution-9.4.28.v20200408.zip
wget https://build.shibboleth.net/nexus/service/local/repositories/releases/content/net/shibboleth/idp/idp-jetty-base/9.4.0/idp-jetty-base-9.4.0.tar.gz
unzip jetty-distribution-9.4.28.v20200408
cd jetty-distribution-9.4.28.v20200408
tar zxvf ../idp-jetty-base-9.4.0.tar.gz
Bygga om jetty-base med hjälp av https://wiki.shibboleth.net/confluence/display/IDP4/Jetty94
Lägga till start.d/start.ini
Uppdatera idp.ini:
jetty.sslContext.keyStorePath=../../shibboleth-idp/credentials/https.p12
jetty.sslContext.trustStorePath=../../shibboleth-idp/credentials/https.p12
passwords
jetty.ssl.port=7443
jetty.http.host=127.0.0.1
jetty.http.port=80
Uppdatera idp-backchannel.ini (om man använda)
idp.backchannel.port=8443
idp.backchannel.keyStorePath=../../shibboleth-idp/credentials/idp-backchannel.p12
passwords
Peka ut idp.war.path in idp.xml
<Set name="war"><SystemProperty name="idp.war.path" default="/opt/shibboleth/war/idp.war" /></Set>
cd ..
sudo chown -R jetty:jetty jetty-distribution-9.4.28.v20200408/
sudo rm jetty
sudo ln -s jetty-distribution-9.4.28.v20200408 jetty
Uppgradera Shibboleth
=====================
wget http://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-4.0.1.tar.gz
tar zxvf shibboleth-identity-provider-4.0.1.tar.gz
cp -r shibboleth-idp shibboleth-idp.orig
*städa i /opt/shibboleth-idp/edit-webapp/WEB-INF/lib* httpcore, httpclient, commons-dbcp2, commons-pool2
*cp in Hikari och MySQL*
rm shibboleth-identity-provider
ln -s shibboleth-identity-provider-4.0.1 shibboleth-identity-provider
cd shibboleth-identity-provider
bin/install.sh
2020-09-18
NEXT:
Check database is OK with new Hikari and MySQL
Check errors in idp-warn
Fix u2f
u2f fel:
2020-06-26 15:01:49,090 - ERROR [net.shibboleth.idp.authn:-2] - Uncaught runtime exception
org.springframework.binding.expression.EvaluationException: An ELException occurred getting the value for expression 'initializeU2fRequest' on context [class org.springframework.webflow.engine.impl.RequestControlContextImpl]
at org.springframework.binding.expression.spel.SpringELExpression.getValue(SpringELExpression.java:104)
Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1021E: A problem occurred whilst attempting to access the property 'initializeU2fRequest': 'Error creating bean with name 'initializeU2fRequest' defined in URL [jar:file:/opt/jetty-distribution-9.4.28.v20200408/jetty-base/tmp/jetty-0_0_0_0-7443-idp_war-_idp-any-10504452630070337846.dir/webinf/WEB-INF/lib/shibboleth-mfa-u2f-auth-1.1-SNAPSHOT.jar!/META-INF/net/shibboleth/idp/flows/authn/U2f/u2f-authn-beans.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [eu.stderr.shibboleth.idp.u2f.authn.impl.InitializeRequest]: Constructor threw exception; nested exception is org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy@6937f8bb' with class 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy' to class 'com.google.common.base.Function''
at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:209)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'initializeU2fRequest' defined in URL [jar:file:/opt/jetty-distribution-9.4.28.v20200408/jetty-base/tmp/jetty-0_0_0_0-7443-idp_war-_idp-any-10504452630070337846.dir/webinf/WEB-INF/lib/shibboleth-mfa-u2f-auth-1.1-SNAPSHOT.jar!/META-INF/net/shibboleth/idp/flows/authn/U2f/u2f-authn-beans.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [eu.stderr.shibboleth.idp.u2f.authn.impl.InitializeRequest]: Constructor threw exception; nested exception is org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy@6937f8bb' with class 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy' to class 'com.google.common.base.Function'
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1320)
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [eu.stderr.shibboleth.idp.u2f.authn.impl.InitializeRequest]: Constructor threw exception; nested exception is org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy@6937f8bb' with class 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy' to class 'com.google.common.base.Function'
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:216)
Caused by: org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy@6937f8bb' with class 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy' to class 'com.google.common.base.Function'
at org.codehaus.groovy.runtime.typehandling.DefaultTypeTransformation.continueCastOnSAM(DefaultTypeTransformation.java:405) |
...