- A fresh, minimal (e.g. netinst.iso) install of Debian 12 ("Bookworm") with no "tasks" except
openssh-server- Unfortunately Ubuntu 24.04 LTS ("Noble Numbat") Server works the same as Debian 12 for the purpose of this guidecan no longer be recommended, see the warning on the page Shibboleth IDP 5.
- Accessed via SSH or the console (no GUI/X11/wayland required and certainly not recommended),
- Correct server time configuration using NTP (e.g. using
systemd-timesyncd or ntpd) - Packet filters or firewall rules in place, e.g.:
- With outgoing(ports TCP/80 and TCP/443) network access:
- Port 80 for Debian APT updates, i.e., for downloading signed software packages
- Port 80 and 443 for downloading cryptographically signed eduID.at Metadata documents.
- Port 443 is also needed for downloads of the Shibboleth IDP software or additional modules
- With local authentication the IDP will likely also need to connect to your LDAP Directory Servers for authentication and attribute lookup,
- either on the standard port TCP/389 for LDAP(+STARTTLS),
- or on port TCP/636 for LDAPS (which which no formal specification exists),
- or maybe on the "global catalog" port of your Microsoft Active Directory (only if it's necessary you access that).
- For access to NTP services you also need outgoing connectivity to the configured NTP servers (e.g. ACOnet's)
- And incoming HTTPS access on port TCP/443 only. Noone needs to access your IDP by manually entering its URL, so no need to even have the IDP listening on TCP/80 publically, and therefore also no need for a redirect from TCP/80 to TCP/443.
- Also, if the server is managed via SSH you'll need to allow access to port TCP/22, though only from a secured management network.
- All commands in this guide to be issued by user
root (uid=0) so sudo -s first as needed. - The shell used is
/bin/bash (you can get fancy with fish/zsh/etc. after finishing the install/configuration if you want) - Use of systemd for service management, in order to use the amended service unit contained in this documentation.
|
