Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

Shibboleth Installation Guide for Apache on RHEL5

The purpose of this document is to instruct you on how to install Shibboleth on Red Hat Enterprise Linux (RHEL) 5 using Apache. Upon completion of this guide, you will have a functional installation of Shibboleth ready to be configured to federate with an IdP. If you need further assistance, refer to this page on the Shibboleth Wiki:


  • The Apache web server is installed.
  • The RHEL5 firewall is disabled or configured to work with Apache.


  1. Navigate into yumís repository directory:
    cd /etc/yum.repos.d
  2. Download the repository file:
    sudo wget
  3. Install Shibboleth:
    sudo yum install shibboleth
  4. Respond to any prompts that come up with y.
  5. You have successfully installed Shibboleth on your RHEL5 system.


Enabling SSL in Apache:


A valid security certificate and key to use with Apache

  1. Install the SSL module for Apache:
    sudo yum install mod_ssl
  2. Respond to any prompts with y.
  3. Copy your security certificate to Apacheís default certificate location:
    cp /path/to/your-certificate.crt /etc/pki/tls/certs/localhost.crt
  4. Copy your private key to Apacheís default private key location:
    cp /path/to/your-private.key /etc/pki/tls/private/localhost.key
  5. Uncomment the port 80 VirtualHost section in httpd.conf (in the /etc/httpd/conf directory) and change the dummy names inside to match your hostname. It is at the bottom of the file and starts with the following:
    <VirtualHost *:80>
  6. Uncomment the ServerName line in ssl.conf (in the /etc/httpd/conf.d directory) and change the dummy name to match your hostname. The line to change is:

Apache Configuration for Shibboleth:

  1. Set UseCanonicalName to on in httpd.conf. This is required by Shibboleth to prevent resource mapping errors. Afterwards the line should look as follows:
    UseCanonicalName on
  2. Restart Apache:
    service httpd restart
  3. Start the Shibboleth daemon:
    service shibd start

Shibboleth Configuration

  1. Request the SP bundle from Provide your serverís hostname.
  2. Navigate to your Shibboleth installation directory:
    cd /etc/shibboleth
  3. Download the zip file from the link that ISC provides. It will be named Example:
    sudo wget http://address-for-download/
  4. Extract the zip file:
  5. Copy or symbolically link the metadata for the Penn IdP to metadata.xml. Example:
    cp metadata.xml
  6. Restart shibboleth by entering the following command:
    service shibd restart

Redirecting to a secure connection

  1. Add lines invoking the rewrite engine to httpd.conf at the end of the port 80 VirtualHost. Add the lines in bold:
    	<VirtualHost *:80>
    		DocumentRoot /www/docs/
    		ErrorLog logs/
    		CustomLog logs/ common
    		RewriteEngine on
    		ReWriteCond %{SERVER_PORT} !^443$
    		RewriteRule ^(.*)
  2. Restart Apache:
    service httpd restart

Service Alerts

Notice: On Monday, August 24th at 6:30 AM until 6:40 AM, WebLogin will be undergoing routine maintenance. The actual outage is expected to be extremely brief within the reserved 10 minute window.

Information Systems and Computing
University of Pennsylvania
Comments & Questions

Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania