IdP Install Guide 2.4.4

This is a temporary page to guide IdP administrators through the process of installing 2.4.4, or upgrading from an earlier 2.4.x release.

If you are upgrading from a previous version, please make a backup of your existing IdP installation and install the 2.4.4 release into a clean directory. Configuration files from previous 2.4.x versions can be copied for use with with 2.4.4 (but please note the configuration change below).

The installation of version 2.4.4 can be achieved using the IdP Install Guide for version 2.4.0 with two differences which should be noted before proceeding:

  1. Shibboleth IdP no longer requires endorsed libraries to be installed into Tomcat
     
  2. The metadata trust engine should now be configured as follows:
        <!-- Trust engine used to evaluate the signature on loaded AAF metadata. -->
    
        <security:TrustEngine xsi:type="security:StaticExplicitKeySignature"
                          id="shibboleth.MetadataTrustEngine">
          <security:Credential xsi:type="X509Filesystem" xmlns="urn:mace:shibboleth:2.0:security"
                      id="AAFCredentials">
            <security:Certificate>/opt/shibboleth-idp/credentials/aaf-metadata-cert.pem</security:Certificate>
          </security:Credential>
        </security:TrustEngine>
    

    This configuration replaces the TrustEngine block previously configured during the "Basic Shibboleth Installation - Load the Federation Metadata" section of our guide.

Comments