Shibboleth packages repository
To use Shibboleth with Nginx as reverse proxy for your application you need an Nginx shibboleth module and shibboleth build with FastCGI support. Both is not part of common Linux distributions but is available as source on GitHub. Here we provide this packages for you. They are build from original sources. To prevent name collision with official shibboleth package we renamed our build toshibboleth-fastcgi
.
How to install
Run this commands to install shibboleth daemon and Nginx modules.Installation on RedHat Linux 7
# Install Shibboleth's recommended Service Provider repo as per
# https://shibboleth.net/downloads/service-provider/RPMS/
cat <<-EOF > /etc/yum.repos.d/shibboleth.repo
[shibboleth]
name=Shibboleth (CentOS_7)
# Please report any problems to https://shibboleth.atlassian.net/jira
type=rpm-md
mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/CentOS_7
gpgcheck=1
gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
        https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
enabled=1
EOF
# Import Shibboleth's GPG keys
rpm --import https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
rpm --import https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
# Install Shibboleth-nginx repository
cat <<-EOF > /etc/yum.repos.d/shibboleth-nginx.repo
[shibboleth-nginx]
name=Shibboleth Nginx packages - RHEL\$releasever
baseurl=https://elan-ev.github.io/shibboleth-nginx-repo/rhel/\$releasever/
gpgcheck=1
gpgkey=https://elan-ev.github.io/shibboleth-nginx-repo/gpgkey.asc
enabled=1
EOF
rpm --import https://elan-ev.github.io/shibboleth-nginx-repo/gpgkey.asc
# Install Shibboleth Service Provider daemon and Nginx
yum install -y epel-release
yum install -y shibboleth-fastcgi nginx nginx-mod-http-shibboleth
Installation on RedHat Linux 8
# Install Shibboleth's recommended Service Provider repo as per
# https://shibboleth.net/downloads/service-provider/RPMS/
cat <<-EOF > /etc/yum.repos.d/shibboleth.repo
[shibboleth]
name=Shibboleth (CentOS_8)
# Please report any problems to https://shibboleth.atlassian.net/jira
type=rpm-md
mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/CentOS_8
gpgcheck=1
gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
        https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
enabled=1
EOF
# Import Shibboleth's GPG keys
rpm --import https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
rpm --import https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
# Install Shibboleth-nginx repository
cat <<-EOF > /etc/yum.repos.d/shibboleth-nginx.repo
[shibboleth-nginx]
name=Shibboleth Nginx packages - RHEL\$releasever
baseurl=https://elan-ev.github.io/shibboleth-nginx-repo/rhel/\$releasever/
gpgcheck=1
gpgkey=https://elan-ev.github.io/shibboleth-nginx-repo/gpgkey.asc
enabled=1
EOF
rpm --import https://elan-ev.github.io/shibboleth-nginx-repo/gpgkey.asc
# Install Shibboleth Service Provider daemon and Nginx
dnf install -y epel-release
dnf install -y shibboleth-fastcgi nginx nginx-mod-http-shibboleth
Installation on RedHat Linux 9
# Install Shibboleth's recommended Service Provider repo as per
# https://shibboleth.net/downloads/service-provider/RPMS/
cat <<-EOF > /etc/yum.repos.d/shibboleth.repo
[shibboleth]
name=Shibboleth (rockylinux9)
# Please report any problems to https://shibboleth.atlassian.net/jira
type=rpm-md
mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/rockylinux9
gpgcheck=1
gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
        https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
enabled=1
EOF
# Import Shibboleth's GPG keys
rpm --import https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
rpm --import https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
# Install Shibboleth-nginx repository
cat <<-EOF > /etc/yum.repos.d/shibboleth-nginx.repo
[shibboleth-nginx]
name=Shibboleth Nginx packages - RHEL\$releasever
baseurl=https://elan-ev.github.io/shibboleth-nginx-repo/rhel/\$releasever/
gpgcheck=1
gpgkey=https://elan-ev.github.io/shibboleth-nginx-repo/gpgkey.asc
enabled=1
EOF
rpm --import https://elan-ev.github.io/shibboleth-nginx-repo/gpgkey.asc
# Install Shibboleth Service Provider daemon and Nginx
dnf install -y epel-release
dnf install -y shibboleth-fastcgi nginx nginx-mod-http-shibboleth
Installation on Debian Linux
Shibboleth service provider (SP) application is delivered by Debian itself. The missing Shibboleth Nginx module is provided by this repository. Following steps describes the installation on Debian Bookworm.
# Install Shibboleth Nginx module repository
apt install -y wget
wget -O /etc/apt/trusted.gpg.d/nginx-mod-shibboleth.asc https://elan-ev.github.io/shibboleth-nginx-repo/gpgkey.asc
cat <<-EOF > /etc/apt/sources.list.d/nginx-mod-shibboleth.list
deb https://elan-ev.github.io/shibboleth-nginx-repo/debian/bookworm bookworm non-free
EOF
apt update
# Install Shibboleth Nginx module
apt install -y nginx libnginx-mod-http-shibboleth
Installation on Ubuntu Linux
Shibboleth service provider (SP) application is delivered by Ubuntu itself. The missing Shibboleth Nginx module is provided by this repository. Following steps describes the installation on Ubuntu Jammy. But you can also install it on different Ubuntu versions replacing the codename.
# Install Shibboleth Nginx module repository
apt install -y wget
wget -O /etc/apt/trusted.gpg.d/nginx-mod-shibboleth.asc https://elan-ev.github.io/shibboleth-nginx-repo/gpgkey.asc
cat <<-EOF > /etc/apt/sources.list.d/nginx-mod-shibboleth.list
deb https://elan-ev.github.io/shibboleth-nginx-repo/ubuntu/jammy jammy multiverse
EOF
apt update
# Install Shibboleth Nginx module
apt install -y nginx libnginx-mod-http-shibboleth