NativeSPMacInstall, homebrew

[Cantor, Scott]

On 4/2/14, 2:42 PM, "Philip Durbin" <philip_durbin at harvard.edu> wrote:

>I'm interested in adding Shibboleth SP to the Apache httpd that comes
>bundled with my Mac.

The macport is designed to handle that use case, it doesn't require using
the macport Apache server.

>I just found* a wiki page at
>https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPMacInstall
>that has some very helpful information but it looks like it hasn't
>been updated in four and half years.

It's still mostly accurate, although a lot of the problems with
architecture limitations are probably solved now. And the ports are all
universal, which probably postdates that information.

>Can anyone please give me a sense of running Shibboleth SP on Mac?
>Good idea? Bad idea? Easy? Hard?

I really can't say, I don't run Mac servers. The macport is very
automatic, so from a build perspective, it's fine, with the exception that
their boost port is atrocious, it takes hours to build.

Apple's Apache is definitely not on my list of fun options, their config
is pretty mangled and annoying to use, but that's personal preference.

>p.s. If someone is working on a homebrew recipe, please let me know!
>MacPorts is mentioned on that wiki page but these days use `brew
>install` whenever I can.

Well, you can do that if you prefer, but the supported approach is
definitely macports. I definitely will not be supporting anything else,
the port system has addressed the requirements that I have to be able to
support OS X.

> Interestingly, `brew search | grep shib`
>shows me log4shib:
>https://wiki.shibboleth.net/confluence/display/OpenSAML/log4shib

There are no official versions maintained by me for anything but macports.

>p.p.p.s. Weird that mod_ssl doesn't "just work" by default on Mac (
>http://blog.andyhunt.info/2011/11/26/apache-ssl-on-max-osx-lion-10-7/
>and http://superuser.com/q/73979/10881 ) ... I'm too used to Linux!

AFAIK, the only reason it doesn't is that they don't generate a dummy
keypair to use, and you could argue that's a better choice than giving
people one. It "just works" in the sense that if you configure it, it will
work, so I don't know what more is needed.

>Bonus question: Should I download a LAMP stack instead of using the
>bundled httpd on Mac?

I certainly have built Apache from source, but I don't believe the macport
of the SP itself will compile against that because macport can't locate
the right headers to use unless they're in the port tree or in the system
tree. It's possible to build only the SP from source, and use macports for
all libraries.

>* via http://www.jeesty.com/shibboleth which starts with "Setting up
>Shibboleth has been one of my worst experiences in recent memory." :(
>... on RHEL/CentOS it's so easy with yum! :)

The one opinion I share with that person is that boost takes too damn long
to install with macports. But the truth is that the cause of that is that
I/O on Darwin seems to be about as badly implemented as one could possibly
imagine. Somehow Windows manages to copy thousands of files in minutes,
but the Mac takes an hour.

-- Scott