Иди на текст

Upgrade Shibboleth Identity Provider-a na najnoviju verziju v4.x CentOS/Debian/Ubuntu

Kao primer upgrade postupka koristiće se upgrade Shibboleth Identity Provider-a verzije 4.x.x na verziju 4.3.1

Otići na sledeću putanju:

cd /usr/local/src

Trenutno stanje tog direktorijuma npr. bi bilo:

[root@idp shibboleth-idp]# cd /usr/local/src
[root@idp src]# ll
total 71896
drwxrwxr-x. 10 jetty jetty      239 Mar 25  2021 jetty-distribution-9.4.39.v20210325
-rw-r--r--.  1 root  root  18850755 Mar 25  2021 jetty-distribution-9.4.39.v20210325.tar.gz
lrwxrwxrwx.  1 root  root        35 Dec 22  2021 jetty-src -> jetty-distribution-9.4.39.v20210325
drwxr-xr-x. 13   501 games      176 Jul 27  2021 shibboleth-identity-provider-4.1.4
-rw-r--r--.  1 root  root  54765483 Jul 27  2021 shibboleth-identity-provider-4.1.4.tar.gz

Preuzeti odgovarajuću verziju Shibboleth Identity Provider-a (4.3.1):

wget https://shibboleth.net/downloads/identity-provider/latest4/shibboleth-identity-provider-4.3.1.tar.gz

tar -xzf shibboleth-identity-provider-4.3.1.tar.gz

Sada bi sadržaj tog direktorijuma npr. bio:

[root@idp src]# ll
total 130716
drwxrwxr-x. 10 jetty jetty      239 Mar 25  2021 jetty-distribution-9.4.39.v20210325
-rw-r--r--.  1 root  root  18850755 Mar 25  2021 jetty-distribution-9.4.39.v20210325.tar.gz
lrwxrwxrwx.  1 root  root        35 Dec 22  2021 jetty-src -> jetty-distribution-9.4.39.v20210325
drwxr-xr-x. 13   501 games      176 Jul 27  2021 shibboleth-identity-provider-4.1.4
-rw-r--r--.  1 root  root  54765483 Jul 27  2021 shibboleth-identity-provider-4.1.4.tar.gz
drwxr-xr-x  13   501 games      176 Mar 30  2023 shibboleth-identity-provider-4.3.1
-rw-r--r--   1 root  root  60230264 Mar 30  2023 shibboleth-identity-provider-4.3.1.tar.gz

Pokrenuti skriptu za instalaciju:

cd /usr/local/src/shibboleth-identity-provider-4.3.1/bin

bash install.sh -Didp.host.name=$(hostname -f) -Didp.keysize=3072
U procesu instalacije nove verzije biće ispisano sledeće obaveštenje: 
Buildfile: /usr/local/src/shibboleth-identity-provider-4.3.1/bin/build.xml

install:
Source (Distribution) Directory (press <enter> to accept default): [/usr/local/src/shibboleth-identity-provider-4.3.1] ?Klik ENTER

Installation Directory: [/opt/shibboleth-idp] ?Klik ENTER

Update from version 4.1.4 to version 4.3.1
Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.3.1
Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
Creating war file /opt/shibboleth-idp/war/idp.war

BUILD SUCCESSFUL
Total time: 17 seconds

Svi postojeći fajlovi ostaju sačuvani i netaknuti toku instalacije i konfiguracije nove verzije Shibboleth Identity Provider-a.

Postupak instalacije nove verzije Shibboleth Identity Provider-a kao rezultat kreira i dodatne fajlove koje je neophodno izmeniti i dodati u aktuelnu konfiguraciju.

Spisak novokreiranih fajlova:

[root@idp ~]# cd /opt/shibboleth-idp/
[root@idp shibboleth-idp]# find . -name "*idpnew*" -print
./conf/authn/password-authn-config.xml.idpnew
./conf/intercept/consent-intercept-config.xml.idpnew
./views/admin/hello.vm.idpnew
./views/intercept/attribute-release.vm.idpnew
./views/intercept/terms-of-use.vm.idpnew
./views/login.vm.idpnew
./views/login-error.vm.idpnew

Proveru o upgrade-u možete da proverite i pregledom fajla:

vim /opt/shibboleth-idp/dist/idp.installed.version

#Version file written at 2024-01-11T10:23:50.367943Z
#Thu Jan 11 11:23:50 CET 2024
idp.installed.version=4.3.1
idp.previous.installed.version=4.1.4

Novim fajlovima je neophodno zameniti postojeće istoimene fajlove.

Radi predostrožnosti preimenovati dodadašnje fajlove u staru verziju fajlova.

mv /opt/shibboleth-idp/conf/authn/password-authn-config.xml /opt/shibboleth-idp/conf/authn/password-authn-config_old.xml

mv /opt/shibboleth-idp/conf/intercept/consent-intercept-config.xml /opt/shibboleth-idp/conf/intercept/consent-intercept-config_old.xml

mv /opt/shibboleth-idp/views/admin/hello.vm /opt/shibboleth-idp/views/admin/hello_old.vm

mv /opt/shibboleth-idp/views/intercept/attribute-release.vm /opt/shibboleth-idp/views/intercept/attribute-release_old.vm

mv /opt/shibboleth-idp/views/intercept/terms-of-use.vm /opt/shibboleth-idp/views/intercept/terms-of-use_old.vm

mv /opt/shibboleth-idp/views/login.vm /opt/shibboleth-idp/views/login_old.vm

mv /opt/shibboleth-idp/views/login-error.vm /opt/shibboleth-idp/views/login-error_old.vm

Novim fajlovima izmeniti naziv tako da postanu originalni fajlovi:

cp /opt/shibboleth-idp/conf/authn/password-authn-config.xml.idpnew /opt/shibboleth-idp/conf/authn/password-authn-config.xml

cp /opt/shibboleth-idp/conf/intercept/consent-intercept-config.xml.idpnew /opt/shibboleth-idp/conf/intercept/consent-intercept-config.xml

cp /opt/shibboleth-idp/views/admin/hello.vm.idpnew /opt/shibboleth-idp/views/admin/hello.vm


cp /opt/shibboleth-idp/views/intercept/terms-of-use.vm.idpnew /opt/shibboleth-idp/views/intercept/terms-of-use.vm

cp /opt/shibboleth-idp/views/login-error.vm.idpnew /opt/shibboleth-idp/views/login-error.vm

Preuzeti preuređene verzije fajlova za 4.3.1: 

wget https://docs.amres.ac.rs/download/shibboleth/4.3.1/edit-webapp.tar.gz -O /opt/shibboleth-idp/edit-webapp.tar.gz ; rm -Ir /opt/shibboleth-idp/edit-webapp

tar -xzf /opt/shibboleth-idp/edit-webapp.tar.gz && rm -f /opt/shibboleth-idp/edit-webapp.tar.gz

mv /opt/shibboleth-idp/views/user-prefs.vm /opt/shibboleth-idp/views/user-prefs_default.vm ; wget https://docs.amres.ac.rs/download/shibboleth/4.3.1/user-prefs.vm -O /opt/shibboleth-idp/views/user-prefs.vm

mv /opt/shibboleth-idp/views/logout-propagate.vm /opt/shibboleth-idp/views/logout-propagate_default.vm ; wget https://docs.amres.ac.rs/download/shibboleth/4.3.1/logout-propagate.vm -O /opt/shibboleth-idp/views/logout-propagate.vm

mv /opt/shibboleth-idp/views/logout-complete.vm /opt/shibboleth-idp/views/logout-complete_default.vm ; wget https://docs.amres.ac.rs/download/shibboleth/4.3.1/logout-complete.vm -O /opt/shibboleth-idp/views/logout-complete.vm

mv /opt/shibboleth-idp/views/error.vm /opt/shibboleth-idp/views/error_default.vm ; wget https://docs.amres.ac.rs/download/shibboleth/4.3.1/error.vm -O /opt/shibboleth-idp/views/error.vm

mv /opt/shibboleth-idp/views/login.vm /opt/shibboleth-idp/views/login_default.vm ; wget https://docs.amres.ac.rs/download/shibboleth/4.3.1/login.vm -O /opt/shibboleth-idp/views/login.vm


mv /opt/shibboleth-idp/views/logout.vm /opt/shibboleth-idp/views/logout_default.vm ; wget https://docs.amres.ac.rs/download/shibboleth/4.3.1/logout.vm -O /opt/shibboleth-idp/views/logout.vm

mv /opt/shibboleth-idp/views/login-error.vm /opt/shibboleth-idp/views/login-error_default.vm ; wget https://docs.amres.ac.rs/download/shibboleth/4.3.1/login-error.vm -O /opt/shibboleth-idp/views/login-error.vm


mv /opt/shibboleth-idp/views/admin/hello.vm /opt/shibboleth-idp/views/admin/hello_default.vm ; wget https://docs.amres.ac.rs/download/shibboleth/4.3.1/hello.vm -O /opt/shibboleth-idp/views/admin/hello.vm

mv /opt/shibboleth-idp/views/client-storage/client-storage-read.vm /opt/shibboleth-idp/views/client-storage/client-storage-read_default.vm ; wget https://docs.amres.ac.rs/download/shibboleth/4.3.1/client-storage-read.vm -O /opt/shibboleth-idp/views/client-storage/client-storage-read.vm

mv /opt/shibboleth-idp/views/client-storage/client-storage-write.vm /opt/shibboleth-idp/views/client-storage/client-storage-write_default.vm ; wget https://docs.amres.ac.rs/download/shibboleth/4.3.1/client-storage-write.vm -O /opt/shibboleth-idp/views/client-storage/client-storage-write.vm


wget https://docs.amres.ac.rs/download/shibboleth/4.3.1/attribute-release.vm -O /opt/shibboleth-idp/views/intercept/attribute-release.vm

wget https://docs.amres.ac.rs/download/shibboleth/4.3.1/terms-of-use.vm -O /opt/shibboleth-idp/views/intercept/terms-of-use.vm

U okviru fajla /opt/shibboleth-idp/messages/messages.properties izmeniti parametre:

  • idp.css = /css/amres.css
  • idp.logo=/images/institucija_logo_sr.jpg

Da bi se izmene primenile potrebno je izvršiti build war fajla i restartovati jetty proces:

cd /opt/shibboleth-idp/bin ; ./build.sh

Restart Jetty procesa:

systemctl restart jetty.service

U slučaju greške proveriti logove:

Jetty logovi:

cd /opt/jetty/logs

ls -l *.stderrout.log

Shibboleth IdP logovi:

cd /opt/shibboleth-idp/logs

Audit Log: 

vim idp-audit.log

Consent Log: 

vim idp-consent-audit.log

Warn Log: 

tail -f idp-warn.log

Process Log: 

tail -f idp-process.log