Иди на текст

Upgrade Shibboleth Identity Provider-a na najnoviju verziju v4.x CentOS/Debian/Ubuntu

Kao primer upgrade postupka koristiće se upgrade Shibboleth Identity Provider-a verzije 4.1.5 na verziju 4.2.1

cd /usr/local/src

wget https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-4.2.1.tar.gz

tar -xzf shibboleth-identity-provider-4.2.1.tar.gz

Sadržaj tog direktorijuma bi bio:

[root@idp src]# ll
total 126144
drwxrwxr-x 10 jetty jetty      239 Mar 25  2021 jetty-distribution-9.4.39.v20210325
-rw-r--r--  1 root  root  18850755 Mar 25  2021 jetty-distribution-9.4.39.v20210325.tar.gz
lrwxrwxrwx  1 root  root        35 Feb  7 22:16 jetty-src -> jetty-distribution-9.4.39.v20210325
drwxr-xr-x 13   501 wheel      176 Jan 19  2022 shibboleth-identity-provider-4.1.5
-rw-r--r--  1 root  root  54352638 Jan 19  2022 shibboleth-identity-provider-4.1.5.tar.gz
drwxr-xr-x 13   501 wheel      176 Apr 18 15:43 shibboleth-identity-provider-4.2.1
-rw-r--r--  1 root  root  55960112 Apr 18 16:48 shibboleth-identity-provider-4.2.1.tar.gz

Pokrenuti skriptu za instalaciju:

cd /usr/local/src/shibboleth-identity-provider-4.2.1/bin

bash install.sh -Didp.host.name=$(hostname -f) -Didp.keysize=3072
U procesu instalacije nove verzije biće ispisano sledeće obaveštenje: 
Buildfile: /usr/local/src/shibboleth-identity-provider-4.2.1/bin/build.xml

install:
Source (Distribution) Directory (press <enter> to accept default): [/usr/local/src/shibboleth-identity-provider-4.2.1] ?Klik ENTER

Installation Directory: [/opt/shibboleth-idp] ?Klik ENTER

INFO  - Including auto-located properties in /opt/shibboleth-idp/conf/admin/admin.properties
INFO  - Including auto-located properties in /opt/shibboleth-idp/conf/authn/authn.properties
INFO  - Including auto-located properties in /opt/shibboleth-idp/conf/c14n/subject-c14n.properties
INFO  - Including auto-located properties in /opt/shibboleth-idp/conf/services.properties
INFO  - Including auto-located properties in /opt/shibboleth-idp/conf/saml-nameid.properties
INFO  - Including auto-located properties in /opt/shibboleth-idp/conf/ldap.properties
Update from version 4.1.5 to version 4.2.1
Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.2.1
Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
Creating war file /opt/shibboleth-idp/war/idp.war

BUILD SUCCESSFUL
Total time: 1 minute 12 seconds

Svi postojeći fajlovi ostaju sačuvani i netaknuti toku instalacije i konfiguracije nove verzije Shibboleth Identity Provider-a.

Postupak instalacije nove verzije Shibboleth Identity Provider-a kao rezultat kreira i dodatne fajlove koje je neophodno izmeniti i dodati u aktuelnu konfiguraciju.

Spisak novokreiranih fajlova:

[root@idp ~]# cd /opt/shibboleth-idp/
[root@idp shibboleth-idp]# find . -name "*idpnew*" -print
./conf/authn/password-authn-config.xml.idpnew
./conf/intercept/consent-intercept-config.xml.idpnew
./views/admin/hello.vm.idpnew
./views/intercept/attribute-release.vm.idpnew
./views/intercept/terms-of-use.vm.idpnew
./views/login.vm.idpnew
./views/login-error.vm.idpnew

Proveru o upgrade-u možete da proverite i pregledom fajla:

vim /opt/shibboleth-idp/dist/idp.installed.version

#Version file written at 2022-08-05T09:52:50.024813Z
#Fri Aug 05 11:52:50 CEST 2022
idp.installed.version=4.2.1
idp.previous.installed.version=4.1.5

Novim fajlovima je neophodno zameniti postojeće istoimene fajlove.

Radi predostrožnosti preimenovati dodadašnje fajlove u staru verziju fajlova.

mv /opt/shibboleth-idp/conf/authn/password-authn-config.xml /opt/shibboleth-idp/conf/authn/password-authn-config_old.xml

mv /opt/shibboleth-idp/conf/intercept/consent-intercept-config.xml /opt/shibboleth-idp/conf/intercept/consent-intercept-config_old.xml

mv /opt/shibboleth-idp/views/admin/hello.vm /opt/shibboleth-idp/views/admin/hello_old.vm

mv /opt/shibboleth-idp/views/intercept/attribute-release.vm /opt/shibboleth-idp/views/intercept/attribute-release_old.vm

mv /opt/shibboleth-idp/views/intercept/terms-of-use.vm /opt/shibboleth-idp/views/intercept/terms-of-use_old.vm

mv /opt/shibboleth-idp/views/login.vm /opt/shibboleth-idp/views/login_old.vm

mv /opt/shibboleth-idp/views/login-error.vm /opt/shibboleth-idp/views/login-error_old.vm

Novim fajlovima izmeniti naziv tako da postanu originalni fajlovi:

cp /opt/shibboleth-idp/conf/authn/password-authn-config.xml.idpnew /opt/shibboleth-idp/conf/authn/password-authn-config.xml

cp /opt/shibboleth-idp/conf/intercept/consent-intercept-config.xml.idpnew /opt/shibboleth-idp/conf/intercept/consent-intercept-config.xml

cp /opt/shibboleth-idp/views/admin/hello.vm.idpnew /opt/shibboleth-idp/views/admin/hello.vm


cp /opt/shibboleth-idp/views/intercept/terms-of-use.vm.idpnew /opt/shibboleth-idp/views/intercept/terms-of-use.vm

cp /opt/shibboleth-idp/views/login-error.vm.idpnew /opt/shibboleth-idp/views/login-error.vm

Preuzeti preuređene verzije fajlova attribute-release.vm i login.vm: 

wget https://docs.amres.ac.rs/download/shibboleth/attribute-release.vm -O /opt/shibboleth-idp/views/intercept/attribute-release.vm

wget https://docs.amres.ac.rs/download/shibboleth/login.vm -O /opt/shibboleth-idp/views/intercept/login.vm

Da bi se izmene primenile potrebno je izvršiti build war fajla i restartovati jetty proces:

cd /opt/shibboleth-idp/bin ; ./build.sh

Izveštaj

Dodati IZVEŠTAJ

Restart Jetty:

systemctl restart jetty.service

U slučaju greške proveriti logove:

Jetty logovi:

cd /opt/jetty/logs

ls -l *.stderrout.log

Shibboleth IdP logovi:

cd /opt/shibboleth-idp/logs

Audit Log: 

vim idp-audit.log

Consent Log: 

vim idp-consent-audit.log

Warn Log: 

tail -f idp-warn.log

Process Log: 

tail -f idp-process.log