Currently we do not offer custom installation and configuration documentation for the Shibboleth IDP v4 software – the upstream documentation covers everything and in more detail than we ever could.
Existing IDPv3 installation
In case you're already running a Shibboleth IDPv3 in eduID.at you must upgrade to IDPv4 by installing the v4 software over your v3 software.
The upgrade instructions of the Shibboleth IDPv4 software make it very clear that this is the only supported way to get from IDPv3 to v4.
That also entails first upgrading your IDPv3 to the latest/last IDPv3 release and cleaning up/modernising your configuration so that no "DEPRECATED
" messages are shown in your IDP's log files.
Make sure to review the relevant documentation before doing so, particularly:
- System Requirements (Java 11 and Tomcat 9 as supplied by Debian 10 are still OK)
- Upgrading
- Release Notes (Esp. the warning in section "Attribute-Related Changes" about duplicate attributes)
- Installation
You're free to rebuild your IDP server from scratch (as always using the current Debian "stable" version) but instead of also installing a "clean" version of IDPv4 you must first copy over your IDPv3 installation (/opt/shibboleth-idp
) to the new server and only then install IDPv4 to the same location. (Of course you may copy more stuff over, such as your Tomcat configuration and TLS keystore, etc.)
Completely new IDP installation
In case you have not been running a Shibboleth IDP in eduID.at so far you can install a "fresh" instance of IDPv4. We do not provide specific (copy/paste-able) instructions on how to do that at this time.
One way to make up for this would be for you to install the latest/last IDPv3 release according to our instructions and then upgrade that to v4 following the upstream documentation and the above hints.