Uppgraderingen till Shibboleth 4 är lite mer komplicerad än en vanlig punkt uppgradering. Här listar vi de steg som har testats och fungerar för SWAMID IdPer som tidigare installerats med hjälp av idp-installer.
Denna Dessa steg är testad på Centos 7 och Debian X.
Viktigt! Du ska uppgradera enbart från den senaste version av Shibboleth IdP v3 som är 3.4.6. Och du ska redan har uppdaterat dina konfigurationsfiler (särskillt attribute-resolver.xml och attribute-filter.xml) till att vara kompatibla med IdP v4 INNAN du påbörjar uppgradering.
Ta en backup eller snapshot innan du påbörjar uppgradering, testa helst på en test IdP innan du uppgradera din produktions IdP!
Centos specifik
Avinstallera Java 8 och installera Java 11. Kör följande som root.
...
| Code Block | ||
|---|---|---|
| ||
cd /opt
rm jetty
ln -s jetty-distribution-9.4.31.v20200723 jetty |
Uppdatera /etc/default/jetty
...
| Code Block | ||
|---|---|---|
| ||
ls -ld /var/run/jetty drwxr-xr-x 2 jetty jetty 80 1 okt 21.51 /var/run/jetty/ |
Shibboleth IdP v4.X
Ladda
| Code Block |
|---|
MySQL Connector & HikariCP
===============
Ladda ner mysql-connector-java-5.1.48-bin.tar.gz från https://downloads.mysql.com/archives/c-j/
wget https://repo1.maven.org/maven2/com/zaxxer/HikariCP/3.4.5/HikariCP-3.4.5.jar
Jetty 9.4
=========
Kolla senaste 9.4 på https://www.eclipse.org/jetty/download.html
wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.28.v20200408/jetty-distribution-9.4.28.v20200408.zip
wget https://build.shibboleth.net/nexus/service/local/repositories/releases/content/net/shibboleth/idp/idp-jetty-base/9.4.0/idp-jetty-base-9.4.0.tar.gz
cd jetty-distribution-9.4.28.v20200408
tar zxvf ../idp-jetty-base-9.4.0.tar.gz
Bygga om jetty-base med hjälp av https://wiki.shibboleth.net/confluence/display/IDP4/Jetty94
Lägga till start.d/start.ini
Uppdatera idp.ini:
jetty.sslContext.keyStorePath=../../shibboleth-idp/credentials/https.p12
jetty.sslContext.trustStorePath=../../shibboleth-idp/credentials/https.p12
passwords
jetty.ssl.port=7443
jetty.http.host=127.0.0.1
jetty.http.port=80
Uppdatera idp-backchannel.ini (om man använda)
idp.backchannel.port=8443
idp.backchannel.keyStorePath=../../shibboleth-idp/credentials/idp-backchannel.p12
passwords
Peka ut idp.war.path in idp.xml
<Set name="war"><SystemProperty name="idp.war.path" default="/opt/shibboleth/war/idp.war" /></Set>
cd ..
sudo chown -R jetty:jetty jetty-distribution-9.4.28.v20200408/
sudo rm jetty
sudo ln -s jetty-distribution-9.4.28.v20200408 jetty
Uppgradera Shibboleth
=====================
wget http://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-4.0.1.tar.gz
tar zxvf shibboleth-identity-provider-4.0.1.tar.gz
cp -r shibboleth-idp shibboleth-idp.orig
*städa i /opt/shibboleth-idp/edit-webapp/WEB-INF/lib* httpcore, httpclient, commons-dbcp2, commons-pool2
*cp in Hikari och MySQL*
rm shibboleth-identity-provider
ln -s shibboleth-identity-provider-4.0.1 shibboleth-identity-provider
cd shibboleth-identity-provider
bin/install.sh
2020-09-18
NEXT:
Check database is OK with new Hikari and MySQL
Check errors in idp-warn
Fix u2f
u2f fel:
2020-06-26 15:01:49,090 - ERROR [net.shibboleth.idp.authn:-2] - Uncaught runtime exception
org.springframework.binding.expression.EvaluationException: An ELException occurred getting the value for expression 'initializeU2fRequest' on context [class org.springframework.webflow.engine.impl.RequestControlContextImpl]
at org.springframework.binding.expression.spel.SpringELExpression.getValue(SpringELExpression.java:104)
Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1021E: A problem occurred whilst attempting to access the property 'initializeU2fRequest': 'Error creating bean with name 'initializeU2fRequest' defined in URL [jar:file:/opt/jetty-distribution-9.4.28.v20200408/jetty-base/tmp/jetty-0_0_0_0-7443-idp_war-_idp-any-10504452630070337846.dir/webinf/WEB-INF/lib/shibboleth-mfa-u2f-auth-1.1-SNAPSHOT.jar!/META-INF/net/shibboleth/idp/flows/authn/U2f/u2f-authn-beans.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [eu.stderr.shibboleth.idp.u2f.authn.impl.InitializeRequest]: Constructor threw exception; nested exception is org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy@6937f8bb' with class 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy' to class 'com.google.common.base.Function''
at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:209)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'initializeU2fRequest' defined in URL [jar:file:/opt/jetty-distribution-9.4.28.v20200408/jetty-base/tmp/jetty-0_0_0_0-7443-idp_war-_idp-any-10504452630070337846.dir/webinf/WEB-INF/lib/shibboleth-mfa-u2f-auth-1.1-SNAPSHOT.jar!/META-INF/net/shibboleth/idp/flows/authn/U2f/u2f-authn-beans.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [eu.stderr.shibboleth.idp.u2f.authn.impl.InitializeRequest]: Constructor threw exception; nested exception is org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy@6937f8bb' with class 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy' to class 'com.google.common.base.Function'
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1320)
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [eu.stderr.shibboleth.idp.u2f.authn.impl.InitializeRequest]: Constructor threw exception; nested exception is org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy@6937f8bb' with class 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy' to class 'com.google.common.base.Function'
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:216)
Caused by: org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy@6937f8bb' with class 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy' to class 'com.google.common.base.Function'
at org.codehaus.groovy.runtime.typehandling.DefaultTypeTransformation.continueCastOnSAM(DefaultTypeTransformation.java:405) |
...