Upgrade Shibboleth Identity Provider-a na najnoviju verziju v4.x CentOS/Debian/Ubuntu¶
Kao primer upgrade postupka koristiće se upgrade Shibboleth Identity Provider-a verzije 4.1.5 na verziju 4.2.1
wget https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-4.2.1.tar.gz
Sadržaj tog direktorijuma bi bio:
[root@idp src]# ll
total 126144
drwxrwxr-x 10 jetty jetty 239 Mar 25 2021 jetty-distribution-9.4.39.v20210325
-rw-r--r-- 1 root root 18850755 Mar 25 2021 jetty-distribution-9.4.39.v20210325.tar.gz
lrwxrwxrwx 1 root root 35 Feb 7 22:16 jetty-src -> jetty-distribution-9.4.39.v20210325
drwxr-xr-x 13 501 wheel 176 Jan 19 2022 shibboleth-identity-provider-4.1.5
-rw-r--r-- 1 root root 54352638 Jan 19 2022 shibboleth-identity-provider-4.1.5.tar.gz
drwxr-xr-x 13 501 wheel 176 Apr 18 15:43 shibboleth-identity-provider-4.2.1
-rw-r--r-- 1 root root 55960112 Apr 18 16:48 shibboleth-identity-provider-4.2.1.tar.gz
Pokrenuti skriptu za instalaciju:
U procesu instalacije nove verzije biće ispisano sledeće obaveštenje:
Buildfile: /usr/local/src/shibboleth-identity-provider-4.2.1/bin/build.xml
install:
Source (Distribution) Directory (press <enter> to accept default): [/usr/local/src/shibboleth-identity-provider-4.2.1] ?Klik ENTER
Installation Directory: [/opt/shibboleth-idp] ?Klik ENTER
INFO - Including auto-located properties in /opt/shibboleth-idp/conf/admin/admin.properties
INFO - Including auto-located properties in /opt/shibboleth-idp/conf/authn/authn.properties
INFO - Including auto-located properties in /opt/shibboleth-idp/conf/c14n/subject-c14n.properties
INFO - Including auto-located properties in /opt/shibboleth-idp/conf/services.properties
INFO - Including auto-located properties in /opt/shibboleth-idp/conf/saml-nameid.properties
INFO - Including auto-located properties in /opt/shibboleth-idp/conf/ldap.properties
Update from version 4.1.5 to version 4.2.1
Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.2.1
Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
Creating war file /opt/shibboleth-idp/war/idp.war
BUILD SUCCESSFUL
Total time: 1 minute 12 seconds
Svi postojeći fajlovi ostaju sačuvani i netaknuti toku instalacije i konfiguracije nove verzije Shibboleth Identity Provider-a.
Postupak instalacije nove verzije Shibboleth Identity Provider-a kao rezultat kreira i dodatne fajlove koje je neophodno izmeniti i dodati u aktuelnu konfiguraciju.
Spisak novokreiranih fajlova:
[root@idp ~]# cd /opt/shibboleth-idp/
[root@idp shibboleth-idp]# find . -name "*idpnew*" -print
./conf/authn/password-authn-config.xml.idpnew
./conf/intercept/consent-intercept-config.xml.idpnew
./views/admin/hello.vm.idpnew
./views/intercept/attribute-release.vm.idpnew
./views/intercept/terms-of-use.vm.idpnew
./views/login.vm.idpnew
./views/login-error.vm.idpnew
Proveru o upgrade-u možete da proverite i pregledom fajla:
Novim fajlovima je neophodno zameniti postojeće istoimene fajlove.
Radi predostrožnosti preimenovati dodadašnje fajlove u staru verziju fajlova.
mv /opt/shibboleth-idp/conf/authn/password-authn-config.xml /opt/shibboleth-idp/conf/authn/password-authn-config_old.xml
mv /opt/shibboleth-idp/conf/intercept/consent-intercept-config.xml /opt/shibboleth-idp/conf/intercept/consent-intercept-config_old.xml
mv /opt/shibboleth-idp/views/intercept/attribute-release.vm /opt/shibboleth-idp/views/intercept/attribute-release_old.vm
Novim fajlovima izmeniti naziv tako da postanu originalni fajlovi:
cp /opt/shibboleth-idp/conf/authn/password-authn-config.xml.idpnew /opt/shibboleth-idp/conf/authn/password-authn-config.xml
cp /opt/shibboleth-idp/conf/intercept/consent-intercept-config.xml.idpnew /opt/shibboleth-idp/conf/intercept/consent-intercept-config.xml
Preuzeti preuređene verzije fajlova attribute-release.vm i login.vm:
Da bi se izmene primenile potrebno je izvršiti build war fajla i restartovati jetty proces:
Izveštaj
Dodati IZVEŠTAJ
Restart Jetty:
U slučaju greške proveriti logove:
Jetty logovi:¶
Shibboleth IdP logovi:¶
Audit Log:
Consent Log:
Warn Log:
Process Log: