## Upgrade java to java 17

## Upgrade jetty to jetty 10

Get latest stable version of jetty 10 from https://eclipse.dev/jetty/download.php and get java-idp-jetty-base from shibboleth.
```
# cd /opt
# wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/10.0.20/jetty-home-10.0.20.tar.gz
# git clone https://git.shibboleth.net/git/java-idp-jetty-base
# cd java-idp-jetty-base
# git checkout 10
# cp -r src/main/resources/jetty-base /opt/jetty-base-10
```
### Add modules needed

```
# cd /opt/jetty-base-10
# java -jar /opt/jetty-home-10.0.20/start.jar --add-module=logging-logback --add-module=http --add-module=https --add-module=deploy --add-module=annotations --add-module=console-capture --add-module=jsp --add-module=jstl --add-module=plus --add-module=requestlog --add-module=resources --add-module=server --add-module=servlets
# cd /opt/jetty-base-10/start.d
```
### Edit idp.ini and set correct certificates etc. 

In /etc/shibboleth-idp/conf/globals.xml change class to org.apache.commons.dbcp2.BasicDataSource and p:driverClassName to com.mysql.cj.jdbc.Driver  in bean id MyGlobalDataSource. In bean id shibboleth.JPAStorageService.DataSource change p:driverClassName to com.mysql.cj.jdbc.Driver.
In bean id MyGlobalDataSource remove p:maxWait="15000".
In saml-nameid.xml change class to org.apache.commons.dbcp2.BasicDataSource and p:driverClassName to com.mysql.cj.jdbc.Driver in bean id MyDataSource.

### Now we must get compatible classes (for java 17 and jetty 10) and build them into idp.war. mysql-connect-java.jar we get from https://mvnrepository.com/artifact/com.mysql/mysql-connector-j/8.3.0.
```
# cd /opt/shibboleth/edit-webapp/WEB-INF/lib
# wget https://repo1.maven.org/maven2/com/mysql/mysql-connector-j/8.3.0/mysql-connector-j-8.3.0.jar
# /opt/shibboleth-idp/bin/build.sh
```

### Run from systemd

Create file /etc/systemd/system/jetty.service with the following content:

```
[Unit]
Description=Jetty Web Application Server
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/opt/jetty-base/jetty.pid
ExecStart=/etc/init.d/jetty start
ExecStop=/etc/init.d/jetty stop
ExecReload=/etc/init.d/jetty restart
User=jetty
Group=jetty

[Install]
WantedBy=multi-user.target
Referenser:
https://wiki.sunet.se/display/SWAMID/SWAMID+Webinar+11+april+-+Uppgradering+till+Shibboleth+IdP+v5
https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/2936012848/Jetty10
```

Create /etc/default/jetty with following content:
```
export JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64/
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export JAVA_OPTIONS="-Didp.home=/opt/shibboleth-idp"
export JETTY_BASE=/opt/jetty-base/
export JETTY_HOME=/opt/jetty
export JETTY_USER=jetty
export JETTY_START_LOG=/opt/jetty-base/logs/start.log
export JETTY_RUN=/opt/jetty-base
```

Make symbolic links:
```
# chown -R jetty.jetty /opt/jetty-home-10.0.20
# ln -s /opt/jetty-home-10.0.20 /opt/jetty
# chown -R /opt/jetty-base-10
# ln -s /opt/jetty-base-10 /opt/jetty-base
# chown -R jetty.jetty /opt/shibboleth-idp
```
Jetty start script to /etc/init.d:
```
# cp /opt/jetty/bin/jetty.sh /etc/init.d/jetty
```
Enable systemd jetty:
```
# systemctl enable jetty
# systemctl restart jetty
```

### Convert to JDBCStorageService

Install plugin net.shibboleth.plugin.storage.jdbc:
```
root@idpshibboleth:/opt/shibboleth-idp/bin# ./plugin.sh -I net.shibboleth.plugin.storage.jdbc
```
Byt collate till utf8_bin för att hantera case-sensitivity i StorageRecords-tabellen:
```
mysql> use shibboleth;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+----------------------+
| Tables_in_shibboleth |
+----------------------+
| StorageRecords       |
| shibpid              |
+----------------------+
2 rows in set (0.00 sec)

mysql> SET foreign_key_checks = 0;
Query OK, 0 rows affected (0.00 sec)

mysql> ALTER TABLE StorageRecords CONVERT TO CHARACTER SET utf8 COLLATE utf8_bin;
Query OK, 475 rows affected, 2 warnings (0.07 sec)
Records: 475  Duplicates: 0  Warnings: 2

mysql> ALTER TABLE shibpid CONVERT TO CHARACTER SET utf8 COLLATE utf8_bin;
Query OK, 773 rows affected, 2 warnings (0.09 sec)
Records: 773  Duplicates: 0  Warnings: 2
```
In global.xml convert to JDBCStorageService:  
Remove bean id="shibboleth.JDBCStorageService.EntityManagerFactory" and bean id="shibboleth.JDBCStorageService.JDBCVendorAdapter".  
Change bean id shibboleth.JPAStorageService to:
```
<bean id="JDBCStorageService" parent="shibboleth.JDBCStorageService" p:dataSource-ref="MyGlobalDataSource"
p:cleanupInterval="%{idp.storage.cleanupInterval:PT10M}"/>
References:
https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/2936012848/Jetty10
https://wiki.sunet.se/display/SWAMID/Jetty+10
```
In idp.properties change to JDBCStorageService for StorageService:
```
idp.consent.StorageService = JDBCStorageService
```

### Upgrade to idp shibboleth 5.1.2 (in the same time to jetty 11)
```
# cd /opt 
/opt# wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/11.0.20/jetty-home-11.0.20.tar.gz
/opt# cd java-idp-jetty-base
/opt/java-idp-jetty-base# git checkout 11
/opt/java-idp-jetty-base# cp -r src/main/resources/jetty-base /opt/jetty-base-11
/opt/java-idp-jetty-base# cd /opt/jetty-base-11
/opt/jetty-base-11# cp /opt/jetty-base-10/credentials/* credentials/.
/opt/jetty-base-11# cd ..
/opt# chown -R jetty.jetty jetty-base-11 jetty-home-11.0.20
/opt# rm jetty; ln -s jetty-home-11.0.20 jetty
/opt# rm jetty-base; ln -s jetty-base-11 jetty-base
# cd /opt/
# cd /opt/jetty-base-11
# java -jar /opt/jetty-home-11.0.20/start.jar --add-module=logging-logback --add-module=http --add-module=https --add-module=deploy --add-module=annotations --add-module=console-capture --add-module=jsp --add-module=jstl --add-module=plus --add-module=requestlog --add-module=resources --add-module=server --add-module=servlets
# cd /opt/jetty-base-11/start.d
# cp /opt/jetty-base-10/start.d/idp.ini .
# cd /opt/jetty-base-11/credentials
# cp /opt/jetty-base-10/credentials/* .
/opt# wget https://shibboleth.net/downloads/identity-provider/latest5/shibboleth-identity-provider-5.1.2.tgz
/opt# tar xvzf shibboleth-identity-provider-5.1.2.tgz
/opt# cd shibboleth-identity-provider-5.1.2
/opt# mv shibboleth-idp/system shibboleth-idp/system.bak
/opt/shibboleth-identity-provider-5.1.2# ./bin/install.sh
Installation Directory: [/opt/shibboleth-idp] ? 

INFO  - Update from version 4.3.3 to version 5.1.2
WARN  - Installed Plugin net.shibboleth.oidc.common version 2.1.0 is not supported with IdP Version 5.1.2, continuing.
WARN  - Installed Plugin net.shibboleth.plugin.storage.jdbc version 1.0.4 is not supported with IdP Version 5.1.2, continuing.
WARN  - Installed Plugin net.shibboleth.idp.plugin.nashorn version 1.1.0 is not supported with IdP Version 5.1.2, continuing.
WARN  - Installed Plugin net.shibboleth.idp.plugin.oidc.op version 3.3.0 is not supported with IdP Version 5.1.2, continuing.
INFO  - Rebuilding /opt/shibboleth-idp/war/idp.war, Version 5.1.2
INFO  - Initial populate from /opt/shibboleth-idp/dist/webapp to /opt/shibboleth-idp/webpapp.tmp
INFO  - Overlay from /opt/shibboleth-idp/dist/plugin-webapp to /opt/shibboleth-idp/webpapp.tmp
INFO  - Overlay from /opt/shibboleth-idp/edit-webapp to /opt/shibboleth-idp/webpapp.tmp
INFO  - Creating war file /opt/shibboleth-idp/war/idp.war
root@testidpshibboleth:/opt/shibboleth-identity-provider-5.1.2# systemctl restart jetty

```
The warnings above give that you must remove the modules net.shibboleth.oidc.common, net.shibboleth.plugin.storage.jdbc and net.shibboleth.idp.plugin.oidc.op.
```
/opt/shibboleth-idp# ./bin/plugin.sh -r <module>
```
Then you have to reinstall the modules again as they when you install them the lastes releases will be downloaded that is supported by idp 5.1.2:
```
/opt/shibboleth-idp# ./bin/plugin.sh -I <module>
```
The https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/3139993601/Moving+to+Suppliers+for+accessing+HttpServlet+Objects was also encountered in c14n/subject-c14n.xml

Remove everything that has to do with oidc for now as it's not needed right now (couldn't get it to work either so waiting with that): Check credentials.xml, relying-party.xml, services.xml...

In the metadata of slack you have to comment away ```<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>```

favicon.ico: 
```
cp /opt/jetty-base-10/static/favicon.ico /opt/jetty-base-11/static/.
```
### References

https://wiki.sunet.se/display/SWAMID/SWAMID+Webinar+11+april+-+Uppgradering+till+Shibboleth+IdP+v5  
https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/2936012848/Jetty10   
https://wiki.sunet.se/display/SWAMID/Jetty+10  
https://shibboleth.atlassian.net/wiki/spaces/IDPPLUGINS/pages/2989096970/JDBCStorageService#Example-conversion-from-JPAStorageService  

TBC