Skip to Content

Shibboleth 2 Service Provider compilation on Linux

Before you begin, your platform will need the Apache2 threaded developlment package installed, this package is usually titled apache2-threaded-dev (not apache2-prefork-dev). libssl-dev, libcurl3 and libcurl3-dev (with ssl not gnutls),

Create a folder that will contain the source code and dependend source libraries. For the purposes of this guide the target folder will be '/opt/shibboleth/src'

Execute the following commands
export MYBUILD=/opt/shibboleth/src

for f in $MYBUILD/*.tar.gz; do tar -zxvf $f -C $MYBUILD; done

Define the required environment variables below;

export SHIB_HOME=/opt/shibboleth/sp/
export XERCESCROOT=$MYBUILD/xerces-c-src_2_8_0/

Create the target directory:

mkdir $SHIB_HOME

Build Log4Shib:

cd $MYBUILD/log4shib-1.0.4/
./configure --disable-static --disable-doxygen --prefix=$SHIB_HOME
make install

Build XercesC:

cd $MYBUILD/xerces-c-src_2_8_0/src/xercesc/
./runConfigure -p linux -r pthread -P $SHIB_HOME
make install

Build XML-Security:

cd $MYBUILD/xml-security-c-1.5.1
./configure --without-xalan --prefix=$SHIB_HOME
make install

Build XML-Tooling:

cd $MYBUILD/xmltooling-1.3.3/
./configure --with-log4shib=$SHIB_HOME --prefix=$SHIB_HOME -C
make install

Build OpenSAML:

cd $MYBUILD/opensaml-2.3/
./configure --prefix=$SHIB_HOME --with-log4shib=$SHIB_HOME -C
make install

Build Shibboleth Service Provider:

cd $MYBUILD/shibboleth-2.3/
./configure --with-saml=$SHIB_HOME --enable-apache-22 --with-log4shib=$SHIB_HOME --prefix=$SHIB_HOME -C
make install
Once the build has been successful you will find the Apache-Shibboleth module ( -where x depends on the version of Shibboleth 2 you downloaded) is in the MYBUILD/lib/shibboleth directory. The Shibboleth daemon (shibd) will be in the MYBUILD directory. Create a symbolic link between the directory MYBUILD/etc/shibboleth and /etc/shibboleth You may proceed to follow the Shibboleth 2 Service Provider Installation Guide for Linux (skip the first section titled 'Shibboleth Install'), and add the following directive to your Apache configuration if your version of Apache doesn't use a2enmod
 LoadModule mod_shib /opt/shibboleth/lib/ 

Who is Edugate for?

Edugate provides a single access mechanism that can enable access to online resources supporting alliances, research collaboration, consortia and shared services. Now users can use the credentials issued by their institution to access Edugate enabled web-sites and benefit from a personalised and persistent experience, with privacy features that put the user in control.

Enable users to use the campus directory credential to access Edugate enabled web sites beyond the campus boundary from anywhere, whilst protecting the campus directory from unnecessary searches and the user credentials from use on web sites beyond your control. 

Your patrons are individuals, not IP Addresses!
Enable publishers to provide users with a consistent and personalised experience regardless of their location or the device they are using.
Improve the end-user experience by providing Single-Sign-On and reducing the frequency of prompts for campus credentials.
Connect your patrons to your subscribed resources, regardless of where the user performs their search.

Restrict access to your club or society web-site to valid campus users without needing the campus IT department to provide you with access to the entire campus user database.
For student unions, Edugate enables online elections that can authenticate all students currently enrolled without needing to expose campus credentials or personal information.

Example: UL Students Union

Provide your suppliers with a means to interact with all campus members. Whether its parking management, physical access management, catering or sports facilities, Edugate can provide a secure means to validate staff and student status. Access cards or tokens can be issued online in a self-service manner, removing the some, if not all, of the paperwork.

Example: Apcoa Parking Management

When establishing any online service that will be used by multiple institutions, Edugate will provide a means to authorise access to the service by user, role or institution without having to issue usernames/passwords or other credentials to the users of the service.
Most research projects are collaborations and when it comes to hosting collaborative tools or sharing documents and data, Edugate enables the hosting partner to seamlessly grant access to the project content.

Example: NDLR Repository
Example: HEAR and DARE

Campus IT managers and IT security officers are increasingly reluctant to synchronise user credentials or open up campus directory services to applications that are hosted in the cloud. Even locally hosted managed applications that require the campus credential to be processed by the application present a security risk. Edugate is built on the open SAML federated access standard that is used in the financial services, aerospace and governmant eID and provides Single-Sign-On without the risks.

Whether it's a central or local government service that needs to validate that a student is a current student, Edugate can open up the potential for numerous e-Government services for students (e.g. Grants and Tax Credits)

When offering a student discount online, relying on a campus email address leaves the offer open to abuse since many institutions offer 'email for life'. Edugate will allow you to know if a customer is a current student and which institution the customer is affiliated to.