Page tree
Skip to end of metadata
Go to start of metadata

This page provides information about how to setup Identity Provider (IdP) Shibboleth version 3 by using an installer wizard.

Resource Required

dedicated CentOS 7 (virtual or physical), with the following minimum specifications:

  • 2 CPU
  • 4GB RAM
  • 10GB+ partition for OS

Additional Requirement

This server MUST NOT be used for any other purpose in the future.

You MUST be able to execute commands as root on the system without limitation

The server MUST be accessible from the public internet.

The static IP MUST have a publicly resolvable DNS entry. Typically of the form

The following ports and inbound/outbound connections MUST be allowed:


80Outbound HTTP connections
443Outbound HTTPS connections
80Inbound HTTP connections used within SAML flows
443Inbound HTTPS connections used within SAML flows
8443Backchannel, client verified TLS connections, used within SAML flows


An account which can bind to and run queries against your corporate directory service. You’ll require the following pieces of information from your directory administrator:

  1. IP Address / DNS entry for your LDAP server and connection port
  2. Base DN for user objects within your directory
  3. The Bind DN of the account you wish to connect to the directory with
  4. The password for the above account
  5. An LDAP filter attribute, often uid

Install Guide

Install EPEL Repository

Download the bootstrap script



Edit the bootstrap script


Run the script

Errors during installation


If an error occurs, the logs prior to installer termination MUST be reviewed to understand the underpinning cause.

Generally the installer SHOULD be executed once.

After the initial execution you’ll recieve an error if you try to run again.

You MUST NOT re-run if the installation process completed but you made a simple mistake. e.g.

  • Mistyped config in the MANDATORY SECTION
  • Mistyped config in the OPTIONAL SECTION

If you force to run again once initial installation has completed the action MAY be destructive.

In this scenario you should continue with federation registration as documented below and then make any configuration changes necessary as documented within the customisation stage following completion of the installation stage as documented below.


All modifiable configuration is located in the directory:

The structure of your configuration directory will look like the following:

If you made any changes to one of the file above, you need to run the following command:


If you make configuration changes directly within /opt/shibboleth/shibboleth-idp/etc/httpd or elsewhere your installation will become unsupported and you may have difficulties when upgrading.

Operation/Common Command

  • No labels