Newbie IDP installation question

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Newbie IDP installation question

Sriram Karra
I am trying to install IDP on a Linux box (on GCP). Tomcat is up and running, and I have deployed the idp.war file. 

I was trying to do a status of the installation, and was expecting to see something like this: https://wiki.shibboleth.net/confluence/display/IDP30/Status, but I am not getting any reasonable output, or even errors. See output below. Any pointers in how to debug this further?

skarra@idp-shiboleth:/opt/shibboleth-idp$ sudo  -E ./bin/status.sh
(http://35.226.11.37:8080/idp/status) http://35.226.11.37:8080/idp/status

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [EXT] Newbie IDP installation question

Yeargan, Yancey
I would check the Tomcat logs  first. See if the Shibboleth application (war file) is even loading successfully. There may be a dependency that got missed or something else preventing the Shibboleth IDP from loading.

After you get Tomcat to load the application, then proceed with the following.


When starting out with the Shibboleth Identity Provider, I found it immensely helpful to increase the logging to debug level. I suggest starting with the following while learning ...

In file /opt/shibboleth-idp/conf/idp.properties, add the following …
idp.loglevel.idp=DEBUG

.. then check /opt/shibboleth-idp/idp-process.log for details. It's a bit overwhelming at first, but you'll grow accustomed to it over time.



Once the IDP is running, you may still get an access denied response when attempting to access the status page. The status page is restricted by IP address, and defaults to localhost only.

In file /opt/shibboleth-idp/conf/access-control.xml, check/update the following lines and add the IP network [in CIDR format] of the machine on which the web browser is running.

<entry key="AccessByIPAddress">
    <bean parent="shibboleth.IPRangeAccessControl"
        p:allowedRanges="#{ { '127.0.0.1/32' , '::1/128' } }" />
</entry>


Yancey Yeargan
IT Manager
IT Shared Services
________________________________
UNIVERSITY OF NORTH TEXAS SYSTEM
Office: 940.369.7521


On Dec 31, 2019, at 12:50 PM, Sriram Karra <[hidden email]> wrote:

I am trying to install IDP on a Linux box (on GCP). Tomcat is up and running, and I have deployed the idp.war file. 

I was trying to do a status of the installation, and was expecting to see something like this: https://wiki.shibboleth.net/confluence/display/IDP30/Status, but I am not getting any reasonable output, or even errors. See output below. Any pointers in how to debug this further?

skarra@idp-shiboleth:/opt/shibboleth-idp$ sudo  -E ./bin/status.sh
(http://35.226.11.37:8080/idp/status) http://35.226.11.37:8080/idp/status
--
For Consortium Member technical support, see https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.shibboleth.net%2Fconfluence%2Fx%2FcoFAAg&amp;data=02%7C01%7CYancey.Yeargan%40untsystem.edu%7Cf2da131c990f4dafc48308d78e2265ad%7C70de199207c6480fa318a1afcba03983%7C0%7C0%7C637134150708364161&amp;sdata=Z%2B%2BRfWvflEW%2FLNuLZkQiRRw0uEwIyCeAlIVK6Ce0RmA%3D&amp;reserved=0
To unsubscribe from this list send an email to [hidden email]


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [EXT] Newbie IDP installation question

Sriram Karra


On Wed, Jan 1, 2020 at 9:04 AM Yeargan, Yancey <[hidden email]> wrote:
I would check the Tomcat logs  first. See if the Shibboleth application (war file) is even loading successfully. There may be a dependency that got missed or something else preventing the Shibboleth IDP from loading.

After you get Tomcat to load the application, then proceed with the following.

Tomcat is not showing any problems with deployment. The manager-gui app lists the endpoint correctly, the tomcat logs (catalina.out) show deployment confirmation and no errors, I am able to deploy other sample tomcat webapps as well without issues.

But bin/status.sh returns nothing useful. One thing that did change in one of my attempts at reinstalling and starting from scratch - is the script started returning 'connection refused' instead of what I had sent in my previous email.

I tried similar install on a local MacbookPro as well (everything on localhost) with exact same results. At this point It certainly looks like I am getting something very basic wrong here...

Is there any way to increase the level of debubbing within runclass.sh / CLI?

-Sriram
 
When starting out with the Shibboleth Identity Provider, I found it immensely helpful to increase the logging to debug level. I suggest starting with the following while learning ...

In file /opt/shibboleth-idp/conf/idp.properties, add the following …
idp.loglevel.idp=DEBUG

.. then check /opt/shibboleth-idp/idp-process.log for details. It's a bit overwhelming at first, but you'll grow accustomed to it over time.



Once the IDP is running, you may still get an access denied response when attempting to access the status page. The status page is restricted by IP address, and defaults to localhost only.

In file /opt/shibboleth-idp/conf/access-control.xml, check/update the following lines and add the IP network [in CIDR format] of the machine on which the web browser is running.

<entry key="AccessByIPAddress">
    <bean parent="shibboleth.IPRangeAccessControl"
        p:allowedRanges="#{ { '127.0.0.1/32' , '::1/128' } }" />
</entry>


Yancey Yeargan
IT Manager
IT Shared Services
________________________________
UNIVERSITY OF NORTH TEXAS SYSTEM
Office: 940.369.7521


On Dec 31, 2019, at 12:50 PM, Sriram Karra <[hidden email]> wrote:

I am trying to install IDP on a Linux box (on GCP). Tomcat is up and running, and I have deployed the idp.war file. 

I was trying to do a status of the installation, and was expecting to see something like this: https://wiki.shibboleth.net/confluence/display/IDP30/Status, but I am not getting any reasonable output, or even errors. See output below. Any pointers in how to debug this further?

skarra@idp-shiboleth:/opt/shibboleth-idp$ sudo  -E ./bin/status.sh
(http://35.226.11.37:8080/idp/status) http://35.226.11.37:8080/idp/status
--
For Consortium Member technical support, see https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.shibboleth.net%2Fconfluence%2Fx%2FcoFAAg&amp;data=02%7C01%7CYancey.Yeargan%40untsystem.edu%7Cf2da131c990f4dafc48308d78e2265ad%7C70de199207c6480fa318a1afcba03983%7C0%7C0%7C637134150708364161&amp;sdata=Z%2B%2BRfWvflEW%2FLNuLZkQiRRw0uEwIyCeAlIVK6Ce0RmA%3D&amp;reserved=0
To unsubscribe from this list send an email to [hidden email]

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [EXT] Newbie IDP installation question

Mak, Steve

            skarra@idp-shiboleth:/opt/shibboleth-idp$ sudo  -E ./bin/status.sh

Try adding the --url parameter like this (including whatever proxy/ajp ports you're using:

 

bin/status.sh --url=http://localhost/idp

 

I use something like:

 

bin/status.sh –url=http://localhost:8009/idp

 

From: users <[hidden email]> on behalf of Sriram Karra <[hidden email]>
Reply-To: Shib Users <[hidden email]>
Date: Tuesday, January 7, 2020 at 13:42
To: Shib Users <[hidden email]>
Subject: Re: [EXT] Newbie IDP installation question

 

 

 

On Wed, Jan 1, 2020 at 9:04 AM Yeargan, Yancey <[hidden email]> wrote:

I would check the Tomcat logs  first. See if the Shibboleth application (war file) is even loading successfully. There may be a dependency that got missed or something else preventing the Shibboleth IDP from loading.

 

After you get Tomcat to load the application, then proceed with the following.

 

Tomcat is not showing any problems with deployment. The manager-gui app lists the endpoint correctly, the tomcat logs (catalina.out) show deployment confirmation and no errors, I am able to deploy other sample tomcat webapps as well without issues.

 

But bin/status.sh returns nothing useful. One thing that did change in one of my attempts at reinstalling and starting from scratch - is the script started returning 'connection refused' instead of what I had sent in my previous email.

 

I tried similar install on a local MacbookPro as well (everything on localhost) with exact same results. At this point It certainly looks like I am getting something very basic wrong here...

 

Is there any way to increase the level of debubbing within runclass.sh / CLI?

 

-Sriram

 

When starting out with the Shibboleth Identity Provider, I found it immensely helpful to increase the logging to debug level. I suggest starting with the following while learning ...

 

In file /opt/shibboleth-idp/conf/idp.properties, add the following …

idp.loglevel.idp=DEBUG

 

.. then check /opt/shibboleth-idp/idp-process.log for details. It's a bit overwhelming at first, but you'll grow accustomed to it over time.

 

 

 

Once the IDP is running, you may still get an access denied response when attempting to access the status page. The status page is restricted by IP address, and defaults to localhost only.

 

In file /opt/shibboleth-idp/conf/access-control.xml, check/update the following lines and add the IP network [in CIDR format] of the machine on which the web browser is running.

 

<entry key="AccessByIPAddress">
    <bean parent="shibboleth.IPRangeAccessControl"
        p:allowedRanges="#{ { '127.0.0.1/32' , '::1/128' } }" />
</entry>

 

 

Yancey Yeargan

IT Manager

IT Shared Services

________________________________

UNIVERSITY OF NORTH TEXAS SYSTEM

Office: 940.369.7521

 



On Dec 31, 2019, at 12:50 PM, Sriram Karra <[hidden email]> wrote:

 

I am trying to install IDP on a Linux box (on GCP). Tomcat is up and running, and I have deployed the idp.war file. 

 

I was trying to do a status of the installation, and was expecting to see something like this: https://wiki.shibboleth.net/confluence/display/IDP30/Status, but I am not getting any reasonable output, or even errors. See output below. Any pointers in how to debug this further?

 

skarra@idp-shiboleth:/opt/shibboleth-idp$ sudo  -E ./bin/status.sh
(http://35.226.11.37:8080/idp/status) http://35.226.11.37:8080/idp/status

--
For Consortium Member technical support, see https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.shibboleth.net%2Fconfluence%2Fx%2FcoFAAg&amp;data=02%7C01%7CYancey.Yeargan%40untsystem.edu%7Cf2da131c990f4dafc48308d78e2265ad%7C70de199207c6480fa318a1afcba03983%7C0%7C0%7C637134150708364161&amp;sdata=Z%2B%2BRfWvflEW%2FLNuLZkQiRRw0uEwIyCeAlIVK6Ce0RmA%3D&amp;reserved=0
To unsubscribe from this list send an email to [hidden email]

 

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [EXT] Newbie IDP installation question

Sriram Karra
On Tue, Jan 7, 2020 at 11:22 AM Mak, Steve <[hidden email]> wrote:

            skarra@idp-shiboleth:/opt/shibboleth-idp$ sudo  -E ./bin/status.sh

Try adding the --url parameter like this (including whatever proxy/ajp ports you're using:

 

bin/status.sh --url=http://localhost/idp

 

I use something like:

 

bin/status.sh –url=http://localhost:8009/idp


Here is what I get:

skarra@@idp-shiboleth:/opt/shibboleth-idp$ sudo -E ./bin/status.sh --url=http://localhost:8080/idp
(http://localhost:8080/idp/status) http://localhost:8080/idp/status
skarra@idp-shiboleth:/opt/shibboleth-idp$ echo $?
1

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]