The script is a "best-efforts" script that attempts to gather important and useful information about your Shibboleth IdP Version 3 installation in preparation for migration to Shibboleth IdP Version 4. 



The script will attempt to perform the following tasks;

  • Create a bootstrap-v4.ini file based in information in your IdPv3 repository
  • Make a copy of all Bilateral services
  • Copy the IdP certificates
  • Copy the following configuration files
    • attribute-resolver.xml
    • relying-party.xml
    • services.xml
    • metadata-providers.xml
  • Export data from the follwing tables in the local MariaDB 
    • StorageRecords
    • shibpid
    • tb_st

This script assumes the IdP you are exporting the information from was created using the older AAF IdP Installer (for version 3).

Download the script

The script is part of the AAF IdPv4 Installer and MUST be downloaded to the repository area on your IdPv3 server using the following command;

Change /opt in the command below to the directory appropriate for your installation!

master/ > /opt/shibboleth-idp-installer/repository/ 

Running the script

The script MUST be run as root and executed from the repository directory on your IdPv3 server.


cd /opt/shibboleth-idp-installer/repository 
chmod +x

The script will create the directory V3-export in the parent directory if one does not already exist. If the directory already exists, the script is will stop and will not make any changes. If you wish to re-run the script, remove the V3-export directory first.

Copy the V3-export to your new V4 server

The V3-export directory should contain the following files;

|--- bilateral
| |--- credentials
| |--- filters
| |---metadata
|--- bootstrap.ini
|--- config

|    |--- attribute-resolver.xml

|    |--- metadata-providers.xml

|    |--- relying-party.xml

|    |--- services.xml

|--- credentials

|    |--- idp-backchannel.crt

|    |--- idp-backchannel.p12

|    |--- idp-encryption.crt

|    |--- idp-encryption.key

|    |--- idp-signing.crt

|    |--- idp-signing.key

|--- mysql-dump.sql

|--- passwords

|    |--- aespt_salt

|    |--- shib_idp_keystore

|    |--- targeted_id_salt


|    |--- intermediate.crt

|    |--- server.crt

|    |--- server.key

There are many way to copy files from one server to another, one of the simplest is to create a tarball file that includes all files and folders, copy the tarball from old server to new, then extract the files from the tarball.

cd /opt/shibboleth-idp-installer
tar cvf V3-export.tar V3-export

Copy the from V3-export.tar to your new v4 server, then extract.

tar xvf V3-export.tar

 The files will now be available to use on your new server in the V3-export directory.