Shibboleth packages repository

To use Shibboleth with Nginx as reverse proxy for your application you need an Nginx shibboleth module and shibboleth build with FastCGI support. Both is not part of common Linux distributions but is available as source on GitHub. Here we provide this packages for you. They are build from original sources. To prevent name collision with official shibboleth package we renamed our build to shibboleth-fastcgi.

How to install

Run this commands to install shibboleth daemon and Nginx modules.

Installation on RedHat Linux 7

# Install Shibboleth's recommended Service Provider repo as per
# https://shibboleth.net/downloads/service-provider/RPMS/
cat <<-EOF > /etc/yum.repos.d/shibboleth.repo
[shibboleth]
name=Shibboleth (CentOS_7)
# Please report any problems to https://shibboleth.atlassian.net/jira
type=rpm-md
mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/CentOS_7
gpgcheck=1
gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
        https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
enabled=1
EOF

# Import Shibboleth's GPG keys
rpm --import https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
rpm --import https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key

# Install Shibboleth-nginx repository
cat <<-EOF > /etc/yum.repos.d/shibboleth-nginx.repo
[shibboleth-nginx]
name=Shibboleth Nginx packages - RHEL\$releasever
baseurl=https://elan-ev.github.io/shibboleth-nginx-repo/rhel/\$releasever/
gpgcheck=1
gpgkey=https://elan-ev.github.io/shibboleth-nginx-repo/gpgkey.asc
enabled=1
EOF

rpm --import https://elan-ev.github.io/shibboleth-nginx-repo/gpgkey.asc
# Install Shibboleth Service Provider daemon and Nginx
yum install -y epel-release
yum install -y shibboleth-fastcgi nginx nginx-mod-http-shibboleth

Installation on RedHat Linux 8

# Install Shibboleth's recommended Service Provider repo as per
# https://shibboleth.net/downloads/service-provider/RPMS/
cat <<-EOF > /etc/yum.repos.d/shibboleth.repo
[shibboleth]
name=Shibboleth (CentOS_8)
# Please report any problems to https://shibboleth.atlassian.net/jira
type=rpm-md
mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/CentOS_8
gpgcheck=1
gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
        https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
enabled=1
EOF

# Import Shibboleth's GPG keys
rpm --import https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
rpm --import https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key

# Install Shibboleth-nginx repository
cat <<-EOF > /etc/yum.repos.d/shibboleth-nginx.repo
[shibboleth-nginx]
name=Shibboleth Nginx packages - RHEL\$releasever
baseurl=https://elan-ev.github.io/shibboleth-nginx-repo/rhel/\$releasever/
gpgcheck=1
gpgkey=https://elan-ev.github.io/shibboleth-nginx-repo/gpgkey.asc
enabled=1
EOF

rpm --import https://elan-ev.github.io/shibboleth-nginx-repo/gpgkey.asc
# Install Shibboleth Service Provider daemon and Nginx
dnf install -y epel-release
dnf install -y shibboleth-fastcgi nginx nginx-mod-http-shibboleth

Installation on RedHat Linux 9

# Install Shibboleth's recommended Service Provider repo as per
# https://shibboleth.net/downloads/service-provider/RPMS/
cat <<-EOF > /etc/yum.repos.d/shibboleth.repo
[shibboleth]
name=Shibboleth (rockylinux9)
# Please report any problems to https://shibboleth.atlassian.net/jira
type=rpm-md
mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/rockylinux9
gpgcheck=1
gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
        https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
enabled=1
EOF

# Import Shibboleth's GPG keys
rpm --import https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
rpm --import https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key

# Install Shibboleth-nginx repository
cat <<-EOF > /etc/yum.repos.d/shibboleth-nginx.repo
[shibboleth-nginx]
name=Shibboleth Nginx packages - RHEL\$releasever
baseurl=https://elan-ev.github.io/shibboleth-nginx-repo/rhel/\$releasever/
gpgcheck=1
gpgkey=https://elan-ev.github.io/shibboleth-nginx-repo/gpgkey.asc
enabled=1
EOF

rpm --import https://elan-ev.github.io/shibboleth-nginx-repo/gpgkey.asc
# Install Shibboleth Service Provider daemon and Nginx
dnf install -y epel-release
dnf install -y shibboleth-fastcgi nginx nginx-mod-http-shibboleth

Installation on Debian Linux

Shibboleth service provider (SP) application is delivered by Debian itself. The missing Shibboleth Nginx module is provided by this repository. Following steps describes the installation on Debian Bookworm.

# Install Shibboleth Nginx module repository
apt install -y wget
wget -O /etc/apt/trusted.gpg.d/nginx-mod-shibboleth.asc https://elan-ev.github.io/shibboleth-nginx-repo/gpgkey.asc
cat <<-EOF > /etc/apt/sources.list.d/nginx-mod-shibboleth.list
deb https://elan-ev.github.io/shibboleth-nginx-repo/debian/bookworm bookworm non-free
EOF
apt update
# Install Shibboleth Nginx module
apt install -y nginx libnginx-mod-http-shibboleth

Installation on Ubuntu Linux

Shibboleth service provider (SP) application is delivered by Ubuntu itself. The missing Shibboleth Nginx module is provided by this repository. Following steps describes the installation on Ubuntu Jammy. But you can also install it on different Ubuntu versions replacing the codename.

# Install Shibboleth Nginx module repository
apt install -y wget
wget -O /etc/apt/trusted.gpg.d/nginx-mod-shibboleth.asc https://elan-ev.github.io/shibboleth-nginx-repo/gpgkey.asc
cat <<-EOF > /etc/apt/sources.list.d/nginx-mod-shibboleth.list
deb https://elan-ev.github.io/shibboleth-nginx-repo/ubuntu/jammy jammy multiverse
EOF
apt update
# Install Shibboleth Nginx module
apt install -y nginx libnginx-mod-http-shibboleth