Aktualizácia Shibboleth IdP

Tento návod vychádza z postupu na stránke: https://wiki.shibboleth.net/confluence/display/IDP4/Upgrading

Ako príklad je použitá inštalácia Shibboleth IdP verzie 4.0.1 na linuxovej distribúcii CentOS 8. Aktualizovať budeme na verziu Shibboleth IdP 4.1.0.

Pred aktualizáciou Shibboleth IdP môžeme primárne aktualizovať operačný systém:

dnf -y update

Stiahnutie najnovšej verzie softvéru Identity Provider:

- odkaz na stiahnutie najnovšej verzie softvéru nájdeme na stránke: http://shibboleth.net/downloads/identity-provider/latest/

- skopírovaný odkaz vložíme za príkaz wget

wget http://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-4.1.0.tar.gz

Rozbalíme stiahnutý archív:

tar -xzf shibboleth-identity-provider-4.1.0.tar.gz

Pred spustením procesu aktualizácie najskôr zálohujeme pôvodné súbory:

systemctl stop jetty
mkdir /backup
cp -r /opt/shibboleth-idp /backup/shibboleth-idp_$(date -I)
systemctl start jetty

Po zálohovaní súborov môžeme pokračovať aktualizáciou softvéru.

- premiestnime sa do rozbaleného adresára sofvéru:

cd shibboleth-identity-provider-4.1.0

- spustíme aktualizáciu, proces prebieha nasledovne:

./bin/install.sh
Buildfile: /root/shibboleth-identity-provider-4.1.0/bin/build.xml

install:
Source (Distribution) Directory (press <enter> to accept default): [/root/shibboleth-identity-provider-4.1.0] ?

Installation Directory: [/opt/shibboleth-idp] ?

INFO [net.shibboleth.idp.installer.V4Install:162] - Update from version 4.0.1 to version 4.1.0
INFO [net.shibboleth.idp.installer.BuildWar:103] - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 4.1.0
INFO [net.shibboleth.idp.installer.BuildWar:113] - Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
INFO [net.shibboleth.idp.installer.BuildWar:92] - Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
INFO [net.shibboleth.idp.installer.BuildWar:125] - Creating war file /opt/shibboleth-idp/war/idp.war

BUILD SUCCESSFUL
Total time: 30 seconds

Po dokončení, prípadne skontrolovaní potrebných zmien aktualizujeme WAR súbor a reštartujeme jetty:

/opt/shibboleth-idp/bin/build.sh

systemctl restart jetty

Príklad IdP Status https://idp.example.org/idp/status po aktualizácii z verzie 4.0.1 na verziu 4.1.0:

### Operating Environment Information
operating_system: Linux
operating_system_version: 4.18.0-240.22.1.el8_3.x86_64
operating_system_architecture: amd64
jdk_version: 11.0.11
available_cores: 6
used_memory: 413 MB
maximum_memory: 1432 MB

### Identity Provider Information
idp_version: 4.1.0
start_time: 2021-05-03T14:38:55.838Z
current_time: 2021-05-03T14:38:57.374392Z
uptime: PT1.536S

enabled modules: 
	idp.authn.Duo (Duo Authentication)
	idp.authn.External (External Authentication)
	idp.authn.Function (Function Authentication)
	idp.authn.IPAddress (IPAddress Authentication)
	idp.authn.MFA (MFA Authentication)
	idp.authn.Password (Password Authentication)
	idp.authn.RemoteUser (RemoteUser Authentication)
	idp.authn.RemoteUserInternal (RemoteUserInternal Authentication)
	idp.authn.SPNEGO (SPNEGO Authentication)
	idp.intercept.Consent (Consent Interceptors)
	idp.intercept.ContextCheck (Context Checking Interceptor)
	idp.intercept.ExpiringPassword (Expiring Password Interceptor)
	idp.intercept.Impersonate (Impersonation Interceptor)
	idp.profile.CAS (CAS Protocol Suppport)

installed plugins: 

service: shibboleth.LoggingService
last successful reload attempt: 2021-05-03T14:38:36.334864Z
last reload attempt: 2021-05-03T14:38:36.334864Z

service: shibboleth.AttributeFilterService
last successful reload attempt: 2021-05-03T14:38:41.898006Z
last reload attempt: 2021-05-03T14:38:41.898006Z

service: shibboleth.AttributeResolverService
last successful reload attempt: 2021-05-03T14:38:42.104482Z
last reload attempt: 2021-05-03T14:38:42.104482Z

	No Data Connector has ever failed

service: shibboleth.AttributeRegistryService
last successful reload attempt: 2021-05-03T14:38:40.369892Z
last reload attempt: 2021-05-03T14:38:40.369892Z

service: shibboleth.NameIdentifierGenerationService
last successful reload attempt: 2021-05-03T14:38:43.215843Z
last reload attempt: 2021-05-03T14:38:43.215843Z

service: shibboleth.RelyingPartyResolverService
last successful reload attempt: 2021-05-03T14:38:43.406375Z
last reload attempt: 2021-05-03T14:38:43.406375Z

service: shibboleth.MetadataResolverService
last successful reload attempt: 2021-05-03T14:38:40.835901Z
last reload attempt: 2021-05-03T14:38:40.835901Z

	metadata source: ShibbolethMetadata
	last refresh attempt: 2021-05-03T14:38:46.674542Z
	last successful refresh: 2021-05-03T14:38:46.674542Z
	last update: 2021-05-03T14:38:46.674542Z

	metadata source: safeid-metadata-test
	last refresh attempt: 2021-05-03T14:38:46.674542Z
	last successful refresh: 2021-05-03T14:38:46.674542Z
	last update: 2021-05-03T14:38:46.674542Z
	root validUntil: 2021-05-17T14:18:01Z

service: shibboleth.ReloadableAccessControlService
last successful reload attempt: 2021-05-03T14:38:44.054622Z
last reload attempt: 2021-05-03T14:38:44.054622Z

service: shibboleth.ReloadableCASServiceRegistry
last successful reload attempt: 2021-05-03T14:38:44.115776Z
last reload attempt: 2021-05-03T14:38:44.115776Z

service: shibboleth.ManagedBeanService
last successful reload attempt: 2021-05-03T14:38:44.185806Z
last reload attempt: 2021-05-03T14:38:44.185806Z
  • install/idp/idp/upgrade-idp
  • Posledná úprava: 02. 06. 2021 10:30