Bradley Beddoes
Shaun Mangelsdorf

Applicable versions
Beta 2 (0.5, 0.5.2)

OSX Requirements for Apache SPEP

The following instructions were developed on an OSX 10.5 Intel platform, they should work on alternate OSX platforms as well. If you locate any discrepancies please let our users email list know so we can revise accordingly.


To make installation as easy as possible we have worked with packages from the macports project ( http://www.macports.org/ ), please follow this document for configuring your system before continuing. Additionally the macports guide is a useful resource to refer to when performing installs and updates documented below.

Once Macports is configured please install the following:

Note: For Intel Mac, there is a bug in Xerces 2.8.0. To correct this, edit the Portfile before installing. By default this file is at /opt/local/var/macports/sources/rsync.macports.org/release/ports/textproc/xercesc/Portfile

Add the following section:
pre-build {
        if {${os.endian} == {little}} {
                reinplace {s|ENDIANMODE_BIG|ENDIANMODE_LITTLE|} ${worksrcpath}/src/xercesc/util/Platforms/MacOS/MacOSDefs.hpp

After that, install as usual.

Choosing an Apache instance

You have two choices here, either the Apache instance that is supplied by Macports or the apache instance supplied by Apple. We recommend using the version supplied by Macports if you have a choice.

Using Macports Apache

For this we need to install the port apache2 2.2.8, this requires a correction to the port to alleviate a problem with Apache and OpenSSL on OSX. Please follow the below instructions which were taken from the bug report at ( http://trac.macports.org/ticket/13182 )

(1) If installed the apache2 port should first be uninstalled
(2) Extract the apache2 source:# port extract apache2
--->  Fetching apache2
--->  Verifying checksum(s) for apache2
--->  Extracting apache2
(3) Search (recursive grep) where in the source the option "-export-symbols-regex" is defined to confirm the problem that this ticket on Leopard exists:bash-3.2# grep -r "-export-symbols-regex" /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_www_apache2/
/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_www_apache2/work/httpd-2.2.6/configure:    test "x$silent" != "xyes" && echo "  setting MOD_SSL_LDADD to \"-export-symbols-regex ssl_module\"" 
/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_www_apache2/work/httpd-2.2.6/configure:    MOD_SSL_LDADD="-export-symbols-regex ssl_module" 
/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_www_apache2/work/httpd-2.2.6/configure:    apr_addto_bugger="-export-symbols-regex ssl_module" 
(4) Manually patch the apache2 Portfile (/opt/local/var/macports/sources/rsync.macports.org/release/ports/www/apache2/Portfile) with regard to the configure script in the section specific to Leopard (Darwin 9) by changing:platform darwin 9 {
        depends_build-append port:gawk
to:platform darwin 9 {
        depends_build-append port:gawk
        post-extract {
                reinplace "s|-export-symbols-regex ssl_module||g" ${worksrcpath}/configure
(5) Clean the apache2 port:# port clean apache2
(6) Build and *install* the apache2 port:$ sudo port -v install apache2
Tail of the expected output looks like this --->--->  Archive apache2-2.2.6_0.powerpc.tgz packaged
--->  Archive for apache2 2.2.6_0 packaged
--->  Installing apache2 2.2.6_0
--->  Activating apache2 2.2.6_0
--->  Cleaning apache2
--->  Removing workpath for apache2
(7) Read object information from mod_ssl with the otool tool, confirming that mod_ssl was built against the MacPort installation of OpneSSL (such as OpenSSL version 0.9.8g):$ cd /opt/local/apache2/modules
$ otool -L mod_ssl.so
Expect output quite similar to if not the same as --->mod_ssl.so:
    /opt/local/lib/libssl.0.9.8.dylib (compatibility version 0.9.8, current version 0.9.8)
    /opt/local/lib/libcrypto.0.9.8.dylib (compatibility version 0.9.8, current version 0.9.8)
    /opt/local/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.3)
    /usr/lib/libgcc_s.1.dylib (compatibility version 1.0.0, current version 1.0.0)
    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 111.0.0)
(8) Run apache2 and expect the once mod_ssl.so error regarding symbols to *vanish*:$ /opt/local/apache2/bin/apachectl start

Using Apple Apache

If your choosing to use the httpd binaries shipped by Apple then we require the removal of the universal binary components. This is due to a dependency we rely on (Xerces 2.x) not being compatible with Universal binaries. The next release (Xerces 3.x) will be compatible with Universal binary formats and we will revist this section then.

To make httpd compatible undertake the following: * use lipo to strip the httpd binary down to an i386-only binary (as root):
lipo /usr/sbin/httpd -thin i386 -output /usr/sbin/httpd.i386

Manual Dependencies

Unfortunately Macports does not contain support for two of our dependencies. This will need to be installed manually as follows.

Manual Downloads:

XSD 3.0 - www.codesynthesis.com

Download the 3.0 release tar from codesynthesis, untar and simply execute - sudo cp -r libxsd/xsd /opt/local/include

Apache XML Security C

Download an Apache XML security for C 1.4.x release from http://xml.apache.org/security/dist/c-library/ and undertake the following:
- Extract the tar file
- ./configure --prefix=/opt/local --with-xerces=/opt/local --with-openssl=/opt/local
- make
- sudo make install

Setting up the SPEP environment

Firstly ensure you have downloaded source tars for the current SPEP release, you can find details about the current release and links to files at [Downloads] under the heading Apache SPEP.
To create all the required binaries for OSX undertake the following (this section assumes you have a previous knowledge of the standard configure, make type tools, if not many excellent references exist online to assist here).

Before continuing be sure to export the following environment variable
export CPPFLAGS=-I/opt/local/include/apr-1


untar saml2-x.y.tar.gz; then:

# ./configure --prefix=/opt/local --with-xmlsec=/opt/local --with-openssl=/opt/local --with-boost=/opt/local --with-xsd=/opt/local
# make
# sudo make install


untar spep-x.y.tar.gz; then

# ./configure --prefix=/opt/local --with-xmlsec=/opt/local --with-openssl=/opt/local --with-boost=/opt/local --with-xsd=/opt/local --with-saml2cpp=/opt/local
# make
# sudo make install


untar spepd-x.y.tar.gz; then

# ./configure --prefix=/opt/local --with-xmlsec=/opt/local --with-openssl=/opt/local --with-boost=/opt/local --with-xsd=/opt/local --with-saml2cpp=/opt/local --with-spepcpp=/opt/local --with-boost-suffix=-mt
# make
# sudo make install


untar modspep-x.y.tar.gz; then:

* If you're using the Apple supplied httpd instance use the following configure command
# ./configure --prefix=/opt/local --with-xmlsec=/opt/local --with-openssl=/opt/local --with-boost=/opt/local --with-xsd=/opt/local --with-saml2cpp=/opt/local --with-spepcpp=/opt/local --with-boost-suffix=-mt --with-apache2=/usr --with-apreq=/opt/local --with-curl=/opt/local -with-icu=/opt/local CPPFLAGS="-I/usr/include/apr-1 -I/usr/include/apache2" 
* If you're using the Macports http instance use the following configure command
# ./configure --prefix=/opt/local --with-xmlsec=/opt/local --with-openssl=/opt/local --with-boost=/opt/local --with-xsd=/opt/local --with-saml2cpp=/opt/local --with-spepcpp=/opt/local --with-boost-suffix=-mt --with-apache2=/opt/local/apache2 --with-apreq=/opt/local --with-curl=/opt/local --with-icu=/opt/local 
# make
# sudo make install

Once completed those using Macports httpd should create a symlink as follows:

# cd /opt/local/apache2/modules
# ln -s /opt/local/lib/modspep.so .

Final tasks

The custom requirements for OSX are now completed. You can continue with the document Apache SPEP Installation Guide from the heading SPEP Registration as per normal SPEP deployment.

A final note for those wishing to deploy webobjects behind the Maports version of Apache httpd you can also now configure the WebObjects connector in the same way you would for the standard OS X httpd, please see the WebObjects connector documentation for more details.