Obsah

Java for Shibboleth IdP

This page contains a guide how to install Java (Oracle JDK) with Java Cryptography Extension (Unlimited Strength Jurisdiction Policy Files) in a linux distribution Debian 8 (Jessie) for Shibboleth IdP 3. After successfull installation, the next step is to install Jetty.


Oracle JDK

Although there is a possibility to install Java using distribution's package management system, for example OpenJDK, we recommend what Shibboleth consortium does – using Java developed by Oracle. From time to time, there is a bug caused by OpenJDK and if we get in troubles, we might be asked to reproduce our problem using Oracle JDK when asking help.

After downloading Oracle JDK source codes, the archive has to be put into /usr/src directory and installed using the following commands:

# Creating a directory for source codes
mkdir -p /opt/src
 
#
# Download source codes manually -- you need to accept the Oracle's license agreement
#
 
# Verifying SHA256 checksums
cd /opt/src
shasum -a256 jdk-8u111-linux-x64.tar.gz && echo 187eda2235f812ddb35c352b5f9aa6c5b184d611c2c9d0393afb8031d8198974
 
# Extracting and installation
cd /opt
tar --no-same-owner -xzf src/jdk-8u111-linux-x64.tar.gz
update-alternatives --install /usr/bin/java java /opt/jdk1.8.0_111/bin/java 150
update-alternatives --install /usr/bin/javac javac /opt/jdk1.8.0_111/bin/javac 150
echo export JAVA_HOME=/opt/jdk1.8.0_111 >> ~/.bashrc

Verifying that Oracle JDK has been installed correctly.

# Displaying the current Java version
update-alternatives --display java

The following output should be shown.

# Expected terminal output
java - auto mode
  link currently points to /opt/jdk1.8.0_111/bin/java
/opt/jdk1.8.0_111/bin/java - priority 150
Current 'best' version is '/opt/jdk1.8.0_111/bin/java'.

Checking the Java version using java command is also possible.

# The command to display Java version
java -version

The output should look like this.

# Displaying the current Java version
java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)

In the end, $JAVA_HOME environment variable should be verified if set correctly by reloading BASH configuration file and echoing $JAVA_HOME variable.

# Displaying the value of $JAVA_HOME variable
source ~/.bashrc && echo $JAVA_HOME
# The value of $JAVA_HOME variable
/opt/jdk1.8.0_111

Java Cryptography Extension (Unlimited Strength Jurisdiction Policy Files)

As soon as Oracle JDK is installed, it is necessary to install JCE US (Java Cryptography Extension Unlimited Strength) required for stronger encryption.

After downloading JCE source code and putting it into /opt/src directory, the installation process is completed using the following commands.

# Extracting JCE US archive
cd /opt
unzip -x src/jce_policy-8.zip

JCE US installation comprises of copying two JAR (Java ARchive) files into Oracle JDK.

# JCE US installation
cp UnlimitedJCEPolicyJDK8/US_export_policy.jar jdk1.8.0_111/jre/lib/security/
cp UnlimitedJCEPolicyJDK8/local_policy.jar jdk1.8.0_111/jre/lib/security/

The directory containing extracted JCE US can be deleted safely now.

# Deleting JCE US extracted archive
rm -rf UnlimitedJCEPolicyJDK8/

Now, after successfull Java and Java Cryptography Extension installation, the next step is installing Jetty.