- You must be familiar with installing and configuring an Apache web server with SSL/TLS support.
- If you want to use Shibboleth, you must be familiar with installing and configuring Shibboleth Service Provider (SP) software.
: Once you have all the prerequisites on this page installed, installing the GridShib-CA is just a few minutes. Installing all the prerequisites can take a few hours (mostly waiting for stuff to build or self-test).
Privileges: It's assumed you have root access to the system in question. If you just want to use OpenId, you might be able to run the software in a web server running as you, but this is untested and undocumented.
- If you want to use the Shibboleth functionality of the GridShib-CA, you will need an account with a Shibboleth Identity Provider. If you're really familiar with installing Shibboleth SP software you presumably already have one, but in case not, you can use ProtectNetwork.
- If you want to use the OpenId functionality of the GridShib-CA, you will need an account with an OpenId Identity Provider. If you don't have one, you can obtain one at myOpenID.
Software: You should have a Unix/Linux system on which to install the GridShib CA, with the following software installed:
Apache HTTP Server (Tested with 2.0.54). You need to have HTTPS/SSL configured on the server (the best documentation for this seems to be the file README.QUICKSTART.SSL which should be included with your server.)
Shibboleth SP software
Perl (Version 5.8.5 or later should work, early versions might.)
Extra Perl modules. Install the following extra Perl modules via CPAN:
The following command line should handle the installation:
sudo cpan CGI::Session Config::General Crypt::OpenSSL::X509 Error \
Date::Parse IO::Socket::SSL Net::OpenID::Consumer Text::Template
Note that the Net::OpenID::Consumer module relies on Crypt::DH, which can take about an hour to install because of all of its tests.