There are no Tomcat packages available anymore for RHEL8 / CentOS 8 and RHEL 9.2 only introduced Tomcat 9. Current Shibboleth IDP v5 releases require Tomcat 10.1+, though.

Why this wiki currently provides no instructions for RHEL/CentOS/etc.

While one could forgo RPM/YUM completely and download/unpack the Tomcat (or Jetty) software outside of any package management and subscribe to Tomcat (or Jetty) announce mailing lists in order to learn about important bugs and security advisories and implement tooling and processes to make updating Tomcat (or Jetty) reliable and painless so you can do it every time an important bug needs patching... it doesn't make much sense to use an "enterprise" GNU/Linux distribution and then run manually installed, unsupported server software on that, for which no security notfications and no automatic updates are available – especially for the only server process on a machine that happens to be a security-relevant service handling passwords and Single Sign-On!

As such we do not encourage use of RHEL / CentOS / Rocky / Alma Linux as basis for a production Shibboleth IDP service: Either the ACOnet Team or the IDP deployer would have to become responsible for developing all system integration, maintenance and security update processes (outside of and in addition to those for the Operating System and the Java Virtual Machine) – which are core features provided by other GNU/Linux distributions such as Debian.

RHEL plus JBoss Web Server subscriptions

RedHat/IBM does seem to offer Tomcat 10 packages for RHEL subscribers, but apparently only for subscribers of the additional Red Hat JBoss Web Server 6 product.
If you have access to those subscriptions and software channels feel free to install Tomcat 10.1+ and RedHat/IBM's OpenJDK 17 from there and try to follow along in this documentation.

Note that you may still want to take care of improving the Tomcat systemd integration (as provided as part of our documentation for Tomcat 10 on Debian 12) in order to avoid the all-too-common systemd-house-of-horror for Tomcat packaging. You can use our documentation as a starting point for that.

  • No labels