Before you run the Windows Quick Installer .msi file you should prepare your Windows server as follows.

  • If you already have Apache Tomcat installed then uninstall it if possible; the Quick Installer comes with a "captive" Tomcat built in.
  • Ensure you have the most recent 32-bit version of Java installed.
  • Set up a System environment variable called JAVA_HOME with the location of your JRE as its value. This will probably be either C:\Program Files\Java\jre6 or C:\Program Files (x86)\Java\jre6. You can do this from the Control Panel System applet, choosing Advanced system settings or the Advanced tab, and clicking the Environment variables button.
    Ensure that you set up a System variable in the lower panel of the Environment variables box.
  • Ensure you have the following information recorded accurately so you can enter it as input to the Quick Installer. All this information should be entered in lower case:
    1. Destination folder. This is the folder in which the Shibboleth IdP software will be installed. By default it is C:\Program Files\Internet2 or C:\Program Files (x86)\Internet2. Accept the default unless you have a particular requirement for it to be somewhere else.
    2. DNS name of host. This must be the fully qualified domain name (hostname) of the server, eg. idp.ed.ac.uk. It must be published in the public DNS, not just a local name.
    3. Ports. Use the default values (443 and 8443) unless you have a particular requirement to do otherwise.
    4. Active Directory domain name. This must be the Active Directory domain containing your organisation's user accounts.
    5. Scope. This is the scope that the IdP will assert. It will normally be your organisation's registered domain name, eg. for the University of Edinburgh it is ed.ac.uk.
    6. Active Directory server name. This must be the hostname or IP address of your Active Directory server. It can be a local name, as long as the IdP server is able to access it using that name.
    7. Active Directory port. If your users are all in one Active Directory OU then you can use port 389. If your users span more than one OU or more than one domain then use port 3268.
    8. Username and password. These are the credentials of an account that can be used to search the Active Directory. The username specified should not include the LDAP server hostname; the installer will take care of that.