Uppgraderingen till Shibboleth 4 är lite mer komplicerad än en vanlig punkt uppgradering. Här listar vi de steg som har testats och fungerar för SWAMID IdPer som tidigare installerats med hjälp av idp-installer.
Denna Dessa steg är testad på Centos 7 och Debian X.
Viktigt! Du ska uppgradera enbart från den senaste version av Shibboleth IdP v3 som är 3.4.6. Och du ska redan har uppdaterat dina konfigurationsfiler (särskillt attribute-resolver.xml och attribute-filter.xml) till att vara kompatibla med IdP v4 INNAN du påbörjar uppgradering.
Ta en backup eller snapshot innan du påbörjar uppgradering, testa helst på en test IdP innan du uppgradera din produktions IdP!
Centos specifik
Avinstallera Java 8 och installera Java 11. Kör följande som root.
...
Code Block | ||
---|---|---|
| ||
cd /opt
rm jetty
ln -s jetty-distribution-9.4.31.v20200723 jetty |
Uppdatera /etc/default/jetty
...
Code Block | ||
---|---|---|
| ||
ls -ld /var/run/jetty drwxr-xr-x 2 jetty jetty 80 1 okt 21.51 /var/run/jetty/ |
Shibboleth IdP v4.X
Ladda
Code Block |
---|
MySQL Connector & HikariCP =============== Ladda ner mysql-connector-java-5.1.48-bin.tar.gz från https://downloads.mysql.com/archives/c-j/ wget https://repo1.maven.org/maven2/com/zaxxer/HikariCP/3.4.5/HikariCP-3.4.5.jar Jetty 9.4 ========= Kolla senaste 9.4 på https://www.eclipse.org/jetty/download.html wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.28.v20200408/jetty-distribution-9.4.28.v20200408.zip wget https://build.shibboleth.net/nexus/service/local/repositories/releases/content/net/shibboleth/idp/idp-jetty-base/9.4.0/idp-jetty-base-9.4.0.tar.gz cd jetty-distribution-9.4.28.v20200408 tar zxvf ../idp-jetty-base-9.4.0.tar.gz Bygga om jetty-base med hjälp av https://wiki.shibboleth.net/confluence/display/IDP4/Jetty94 Lägga till start.d/start.ini Uppdatera idp.ini: jetty.sslContext.keyStorePath=../../shibboleth-idp/credentials/https.p12 jetty.sslContext.trustStorePath=../../shibboleth-idp/credentials/https.p12 passwords jetty.ssl.port=7443 jetty.http.host=127.0.0.1 jetty.http.port=80 Uppdatera idp-backchannel.ini (om man använda) idp.backchannel.port=8443 idp.backchannel.keyStorePath=../../shibboleth-idp/credentials/idp-backchannel.p12 passwords Peka ut idp.war.path in idp.xml <Set name="war"><SystemProperty name="idp.war.path" default="/opt/shibboleth/war/idp.war" /></Set> cd .. sudo chown -R jetty:jetty jetty-distribution-9.4.28.v20200408/ sudo rm jetty sudo ln -s jetty-distribution-9.4.28.v20200408 jetty Uppgradera Shibboleth ===================== wget http://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-4.0.1.tar.gz tar zxvf shibboleth-identity-provider-4.0.1.tar.gz cp -r shibboleth-idp shibboleth-idp.orig *städa i /opt/shibboleth-idp/edit-webapp/WEB-INF/lib* httpcore, httpclient, commons-dbcp2, commons-pool2 *cp in Hikari och MySQL* rm shibboleth-identity-provider ln -s shibboleth-identity-provider-4.0.1 shibboleth-identity-provider cd shibboleth-identity-provider bin/install.sh 2020-09-18 NEXT: Check database is OK with new Hikari and MySQL Check errors in idp-warn Fix u2f u2f fel: 2020-06-26 15:01:49,090 - ERROR [net.shibboleth.idp.authn:-2] - Uncaught runtime exception org.springframework.binding.expression.EvaluationException: An ELException occurred getting the value for expression 'initializeU2fRequest' on context [class org.springframework.webflow.engine.impl.RequestControlContextImpl] at org.springframework.binding.expression.spel.SpringELExpression.getValue(SpringELExpression.java:104) Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1021E: A problem occurred whilst attempting to access the property 'initializeU2fRequest': 'Error creating bean with name 'initializeU2fRequest' defined in URL [jar:file:/opt/jetty-distribution-9.4.28.v20200408/jetty-base/tmp/jetty-0_0_0_0-7443-idp_war-_idp-any-10504452630070337846.dir/webinf/WEB-INF/lib/shibboleth-mfa-u2f-auth-1.1-SNAPSHOT.jar!/META-INF/net/shibboleth/idp/flows/authn/U2f/u2f-authn-beans.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [eu.stderr.shibboleth.idp.u2f.authn.impl.InitializeRequest]: Constructor threw exception; nested exception is org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy@6937f8bb' with class 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy' to class 'com.google.common.base.Function'' at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:209) Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'initializeU2fRequest' defined in URL [jar:file:/opt/jetty-distribution-9.4.28.v20200408/jetty-base/tmp/jetty-0_0_0_0-7443-idp_war-_idp-any-10504452630070337846.dir/webinf/WEB-INF/lib/shibboleth-mfa-u2f-auth-1.1-SNAPSHOT.jar!/META-INF/net/shibboleth/idp/flows/authn/U2f/u2f-authn-beans.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [eu.stderr.shibboleth.idp.u2f.authn.impl.InitializeRequest]: Constructor threw exception; nested exception is org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy@6937f8bb' with class 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy' to class 'com.google.common.base.Function' at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1320) Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [eu.stderr.shibboleth.idp.u2f.authn.impl.InitializeRequest]: Constructor threw exception; nested exception is org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy@6937f8bb' with class 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy' to class 'com.google.common.base.Function' at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:216) Caused by: org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy@6937f8bb' with class 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy' to class 'com.google.common.base.Function' at org.codehaus.groovy.runtime.typehandling.DefaultTypeTransformation.continueCastOnSAM(DefaultTypeTransformation.java:405) |
...