The export-v3-config.sh script is a "best-efforts" script that attempts to gather important and useful information about your Shibboleth IdP Version 3 installation in preparation for migration to Shibboleth IdP Version 4.
TABLE OF CONTENTS
The script will attempt to perform the following tasks;
- Create a bootstrap-v4.ini file based in information in your IdPv3 repository
- Make a copy of all Bilateral services
- Copy the IdP certificates
- Copy the following configuration files
- Export data from the follwing tables in the local MariaDB
This script assumes the IdP you are exporting the information from was created using the older AAF IdP Installer (for version 3).
Download the script
The export-v3-config.sh script is part of the AAF IdPv4 Installer and MUST be downloaded to the repository area on your IdPv3 server using the following command;
Change /opt in the command below to the directory appropriate for your installation!
https://raw.githubusercontent.com/ausaccessfed/shibboleth-idp4-installer/\ master/export-v3-config.sh > /opt/shibboleth-idp-installer/repository/export-v3-config.sh
Running the script
The script MUST be run as root and executed from the repository directory on your IdPv3 server.
cd /opt/shibboleth-idp-installer/repository chmod +x export-v3-config.sh ./export-v3-config.sh
The script will create the directory V3-export in the parent directory if one does not already exist. If the directory already exists, the script is will stop and will not make any changes. If you wish to re-run the script, remove the V3-export directory first.
Copy the V3-export to your new V4 server
The V3-export directory should contain the following files;
| |--- credentials
| |--- filters
| |--- attribute-resolver.xml
| |--- metadata-providers.xml
| |--- relying-party.xml
| |--- services.xml|--- credentials
| |--- idp-backchannel.crt
| |--- idp-backchannel.p12
| |--- idp-encryption.crt
| |--- idp-encryption.key
| |--- idp-signing.crt
| |--- idp-signing.key
|--- mysql-dump.sql|--- passwords
| |--- aespt_salt
| |--- shib_idp_keystore
| |--- targeted_id_salt
| |--- intermediate.crt
| |--- server.crt
| |--- server.key
There are many way to copy files from one server to another, one of the simplest is to create a tarball file that includes all files and folders, copy the tarball from old server to new, then extract the files from the tarball.
cd /opt/shibboleth-idp-installer tar cvf V3-export.tar V3-export
Copy the from V3-export.tar to your new v4 server, then extract.
tar xvf V3-export.tar
The files will now be available to use on your new server in the V3-export directory.