It took me some messing around to get this working, so I thought I'd try documenting it, in case it helps someone else.
On my system, I already had Java jre1.6.0_05 (and jdk1.6.0_05). You can get the latest from java.sun.com.
On my system, I already had Java jre1.6.0_05 (and jdk1.6.0_05). You can get the latest from java.sun.com.
- Download tomcat 5.5.26. Get the windows installer version. Install with all defaults. I loaded the examples and documentation, and I set a very simple admin password. Mine runs on port 8080.
- Download shibboleth 2.0.0 idp src. Unzip into a directory which I will call SHIBSRC.
- In a command window, change directory to SHIBSRC/identityprovider.
- Try running ant.bat. If you don't have JAVA_HOME environment variable set, you'll need to do so. Press Windows-Break > Advanced > Environment Variables > New System Variable. JAVA_HOME and C:\Program Files\Java\jdk1.6.0_05 (for me).
- Ant should ask for various configuration information. For the path, I wasn't sure whether it would cope with spaces, and I suspect it won't, so I chose c:/shibboleth-idp-2.0.0 - perhaps not very scalable, but ok for a test. Supply a hostname, and a password, and the whole thing should be installed into the directory you chose.
- In a browser, navigate to http://localhost:8080 and you should see the tomcat home page. Click on Tomcat Manager to see a list of all the applications. You probably won't see "idp".
- Attempt to deploy the file C:\shibboleth-idp-2.0.0\war\idp.war. Use the "WAR file to deploy" section, navigate to that directory, double click on the file, and
click deploy.It fails withjava.lang.NoClassDefFoundError: org/apache/commons/io/output/DeferredFileOutputStream
and
java.lang.ClassNotFoundException: org.apache.commons.io.output.DeferredFileOutputStream - This seems to be a problem with the tomcat packaging to me. Download apache commons-io and unzip. Copy the file commons-io-1.4.jar file into tomcat's common/lib directory (ie. C:\Program Files\Apache Software Foundation\Tomcat 5.5\common\lib).
- Stop and start tomcat. Start > All programs > Apache Tomcat 5.5 > Monitor Tomcat. This will put a little apache feather icon in your system tray (right edge of
task bar). You can double click on it to get a window from which to stop and start tomcat (or do it with a right-click menu). - Try deploying the war file again. It now shows up in the list, but with "false" in the Running column.
- Try starting the application, by clicking Start on the right. After some time (about 15 seconds?) the browser returns. The application still isn't running, and there's a "Message" at the top saying:
FAIL - Application at context path /idp could not be started
- Recall that the IdP instructions (can't find this instruction any more!) require the installation of some XML libraries that are better than the default Sun ones (ie. they work). Look for the endorsed libraries in C:\shibboleth-idp-2.0.0\lib\endorsed and discover they're not there.
- Download the shib bin distribution and unzip it. Copy the four jar files (xalan and xerces ones) from SHIBBIN/endorsed to C:\Program Files\Apache Software Foundation\Tomcat 5.5\common\endorsed Stop and start tomcat, and check the manager http://localhost:8080/manager/html/list and find the idp is still not running.
- Look at the tomcat log files at C:\Program Files\Apache Software Foundation\Tomcat 5.5\logs. The largest one is stdout_yyyymmdd.log, so look in there. Discover several errors of the type
15:24:04.921 [http-8080-Processor25] ERROR o.s.web.context.ContextLoader - Context initialization failed
org.springframework.beans.factory.BeanDefinitionStoreException: IOException parsing XML document from URL [file://c:/shibboleth-idp-2.0.0/conf/internal.xml]; nested exception is java.net.UnknownHostException: c - The unknown host "c" is the c in "file://c:/...", which is in the web.xml file. The source for the web.xml file is SHIBSRC\identityprovider\resources\WEB-INF\web.xml. Add an extra slash at both occurrences in this line, so that it (line 15 for me) looks like this:
<param-value>file:///$IDP_HOME$/conf/internal.xml; file:///$IDP_HOME$/conf/service.xml;</param-value>
- Run ant.bat again in the command window (not a new installation). Use the tomcat manager to undeploy the old idp. If it doesn't undeploy, stop tomcat, delete idp.war and the idp directory from C:\Program Files\Apache Software Foundation\Tomcat 5.5\webapps and then start tomcat, and try deploying the new one. Now the app is running, and if you click on the \idp at the left of the row, you'll see a shibboleth page.
5 comments:
Hiya,
Many thanks for taking the time to blog on your Shib2 problem. I had the same problem and found your post via Google and it put me on the right track.
Many thanks again.
Cheers,
Steve
P.S. Using Tomcat 6 / Windows 2008, and all working.
Huge timeserver to have found this post. Thanks for blogging it !
Thanks for your specific. The shibboleth Idp deploy problem bother me for days until I read your blog. Nice work, nice post.
thanks for the blog.... i am stuck on the next stage .. how to integrate authentication system with this deployed idp...
will be happy if anyone can help
either we can use sql database of ldap server.
Thanks for this! You solved my problem in like 2 minutes!
Post a Comment