Versions Compared

Old Version 7

changes.mady.by.user Paul Scott

Saved on

compared with

New Version 8

changes.mady.by.user Paul Scott

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
titleUppgradera Java version
collapsetrue
yum remove java-1.8.0-openjdk-headless java-1.8.0-openjdk
yum install java-11-openjdk-headless java-11-openjdk
alternatives --config java
There is 2 program that provides 'java'.

  Selection    Command
-----------------------------------------------
*+ 1           /usr/java/jre1.8.0_151/bin/java
   2           java-11-openjdk.x86_64 (/usr/lib/jvm/java-11-openjdk-11.0.7.10-4.el7_8.x86_64/bin/java)

Enter to keep the current selection[+], or type selection number: 2

Debian specifik

Avinstallera Java 8 och installera Java 11

...

Ladda ner den senaste version av Jetty 9.4. https://www.eclipse.org/jetty/download.html Vid skrivande stund, 9.4.31.v20200723

Code Block
languagebash
# cd /opt/
# wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.31.v20200723/jetty-distribution-9.4.31.v20200723.zip
# unzip jetty-distribution-9.4.31.v20200723

Ladda ner SWAMIDs jetty-base och packa upp. Ladda ner jetty-base-swamid.zip från HÄR

Code Block
languagebash
# cd jetty-distribution-9.4.31.v20200723
# unzip /path/to/jetty-base-swamid.zip

Uppdatera jetty-base saker.... TO BE COMPLETED.

Länka om jetty till rätt distributionsmapp

Code Block
languagebash
cd /opt
rm jetty
ln -s jetty-distribution-9.4.31.v20200723 jetty

Uppdatera /etc/default/jetty

...

Kontrollera Jetty start script

Code Block
languagebash
# cd /etc/init.d
# rm jetty
# ln -s /opt/jetty/bin/jetty.sh jetty

Länka om jetty till rätt distribution mapp. Först måste du se till att Jetty är avstängd. 

Code Block
languagebash
# service jetty stop
# cd /opt
# chown -R jetty.jetty jetty-distribution-9.4.31.v20200723
# rm jetty
# ln -s jetty-distribution-9.4.31.v20200723 jetty

Kontrollera ägarskap av /var/run/jetty mappen. Vi har sett problem med att /var/run/jetty ägs av root istället för jetty.jetty. Kontrollera att det är korrekt

Code Block
languagebash
# ls -ld /var/run/jetty
drwxr-xr-x 2 jetty jetty 80  1 okt 21.51 /var/run/jetty/

Shibboleth IdP v4.X

Ladda ner och packa upp den senaste version av IdP v4. Backa upp din shibboleth-idp

Code Block
languagebash
# cd /opt
# wget http://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-4.0.1.tar.gz
# tar zxvf shibboleth-identity-provider-4.0.1.tar.gz
# cp -r shibboleth-idp shibboleth-idp.orig

Vi har sett att det finns äldre versioner av httpcore, httpclient, commons-dbcp2, commons-pool2 under mapp /opt/shibboleth-idp/edit-webapp/WEB-INF/lib jämfört med de versioner som kommer med IdP v4. Om du har dessa jar-filer i /opt/shibboleth-idp/edit-webapp/WEB-INF/lib, tar bort dem. 

MySQL Connector och HikariCP jar-filer

Om du inkluderar andra JAR filer i /opt/shibboleth-idp/edit-webapp/WEB-INF/lib såsom MySQL connector, HikariCP så är det bra att uppgradera dem till senaste version. SWAMID operations har testat med mysql-connector-java-5.1.48-bin.jar och HikariCP-3.4.5.jar.

Kör uppgradering av Shibboleth:

Code Block
languagebash
# cd /opt
# rm shibboleth-identity-provider
# ln -s shibboleth-identity-provider-4.0.1 shibboleth-identity-provider
# cd shibboleth-identity-provider
# bin/install.sh

Starta Jetty 

Code Block
languagebash
# service jetty start

Kontrollera jetty loggar om någonting inte fungerar. Kontrollera sedan idp-process.log för att hitta eventuella problem med IdPn. Testa med https://release-check.swamid.seLadda 


Code Block
MySQL Connector & HikariCP
===============

Ladda ner mysql-connector-java-5.1.48-bin.tar.gz från https://downloads.mysql.com/archives/c-j/ 
wget https://repo1.maven.org/maven2/com/zaxxer/HikariCP/3.4.5/HikariCP-3.4.5.jar

Jetty 9.4
=========

Kolla senaste 9.4 på https://www.eclipse.org/jetty/download.html

wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.28.v20200408/jetty-distribution-9.4.28.v20200408.zip
wget https://build.shibboleth.net/nexus/service/local/repositories/releases/content/net/shibboleth/idp/idp-jetty-base/9.4.0/idp-jetty-base-9.4.0.tar.gz
cd jetty-distribution-9.4.28.v20200408
tar zxvf ../idp-jetty-base-9.4.0.tar.gz

Bygga om jetty-base med hjälp av https://wiki.shibboleth.net/confluence/display/IDP4/Jetty94

Lägga till start.d/start.ini
Uppdatera idp.ini:
	jetty.sslContext.keyStorePath=../../shibboleth-idp/credentials/https.p12
	jetty.sslContext.trustStorePath=../../shibboleth-idp/credentials/https.p12
	passwords
	jetty.ssl.port=7443
	jetty.http.host=127.0.0.1
	jetty.http.port=80

Uppdatera idp-backchannel.ini (om man använda) 
	
	idp.backchannel.port=8443
	idp.backchannel.keyStorePath=../../shibboleth-idp/credentials/idp-backchannel.p12
	passwords

Peka ut idp.war.path in idp.xml

	<Set name="war"><SystemProperty name="idp.war.path" default="/opt/shibboleth/war/idp.war" /></Set>

cd ..
sudo chown -R jetty:jetty jetty-distribution-9.4.28.v20200408/
sudo rm jetty
sudo ln -s jetty-distribution-9.4.28.v20200408 jetty

Uppgradera Shibboleth
=====================
wget http://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-4.0.1.tar.gz
tar zxvf shibboleth-identity-provider-4.0.1.tar.gz
cp -r shibboleth-idp shibboleth-idp.orig
*städa i /opt/shibboleth-idp/edit-webapp/WEB-INF/lib* httpcore, httpclient, commons-dbcp2, commons-pool2
*cp in Hikari och MySQL*
rm shibboleth-identity-provider
ln -s shibboleth-identity-provider-4.0.1 shibboleth-identity-provider
cd shibboleth-identity-provider
bin/install.sh

2020-09-18
NEXT: 
Check database is OK with new Hikari and MySQL
Check errors in idp-warn
Fix u2f


u2f fel:

2020-06-26 15:01:49,090 - ERROR [net.shibboleth.idp.authn:-2] - Uncaught runtime exception
org.springframework.binding.expression.EvaluationException: An ELException occurred getting the value for expression 'initializeU2fRequest' on context [class org.springframework.webflow.engine.impl.RequestControlContextImpl]
        at org.springframework.binding.expression.spel.SpringELExpression.getValue(SpringELExpression.java:104)
Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1021E: A problem occurred whilst attempting to access the property 'initializeU2fRequest': 'Error creating bean with name 'initializeU2fRequest' defined in URL [jar:file:/opt/jetty-distribution-9.4.28.v20200408/jetty-base/tmp/jetty-0_0_0_0-7443-idp_war-_idp-any-10504452630070337846.dir/webinf/WEB-INF/lib/shibboleth-mfa-u2f-auth-1.1-SNAPSHOT.jar!/META-INF/net/shibboleth/idp/flows/authn/U2f/u2f-authn-beans.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [eu.stderr.shibboleth.idp.u2f.authn.impl.InitializeRequest]: Constructor threw exception; nested exception is org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy@6937f8bb' with class 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy' to class 'com.google.common.base.Function''
        at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:209)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'initializeU2fRequest' defined in URL [jar:file:/opt/jetty-distribution-9.4.28.v20200408/jetty-base/tmp/jetty-0_0_0_0-7443-idp_war-_idp-any-10504452630070337846.dir/webinf/WEB-INF/lib/shibboleth-mfa-u2f-auth-1.1-SNAPSHOT.jar!/META-INF/net/shibboleth/idp/flows/authn/U2f/u2f-authn-beans.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [eu.stderr.shibboleth.idp.u2f.authn.impl.InitializeRequest]: Constructor threw exception; nested exception is org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy@6937f8bb' with class 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy' to class 'com.google.common.base.Function'
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1320)
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [eu.stderr.shibboleth.idp.u2f.authn.impl.InitializeRequest]: Constructor threw exception; nested exception is org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy@6937f8bb' with class 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy' to class 'com.google.common.base.Function'
        at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:216)
Caused by: org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy@6937f8bb' with class 'net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy' to class 'com.google.common.base.Function'
        at org.codehaus.groovy.runtime.typehandling.DefaultTypeTransformation.continueCastOnSAM(DefaultTypeTransformation.java:405)