Difference between revisions of "AbfabInstall"
(Created page with "== Setup Abfab == === Configure Apache HTTPD for mod_moonshot === Follow the steps outlined at: [http://docs.openstack.org/developer/keystone/apache-httpd.html Running Keyst...") |
m (Fungi moved page HP Help Desk Number 1(888) 990-8801 to AbfabInstall without leaving a redirect: revert) |
||
| (11 intermediate revisions by 3 users not shown) | |||
| Line 3: | Line 3: | ||
=== Configure Apache HTTPD for mod_moonshot === | === Configure Apache HTTPD for mod_moonshot === | ||
| + | This section presents the steps that are necessary in order to get authenticated using ABFAB federation protocol on Openstack. | ||
| + | |||
| + | ==== Run Keystone in HTTPD ==== | ||
Follow the steps outlined at: [http://docs.openstack.org/developer/keystone/apache-httpd.html Running Keystone in HTTPD]. | Follow the steps outlined at: [http://docs.openstack.org/developer/keystone/apache-httpd.html Running Keystone in HTTPD]. | ||
| − | + | ==== Install Moonshot Libraries and Moonshot Module for Apache ==== | |
| − | |||
Click on the links below for instructions on how to install it. | Click on the links below for instructions on how to install it. | ||
| + | mod_moonshot (aka mod_auth_gssapi) is compatible with Apache HTTPD server v2.22, which can be installed on the following Linux flavours. | ||
* Ubuntu 12.04 | * Ubuntu 12.04 | ||
| − | ** [https://wiki.moonshot.ja.net/display/Moonshot/Install+Moonshot+Libraries+on+Ubuntu+12.04+LTS Install | + | ** [https://wiki.moonshot.ja.net/display/Moonshot/Install+Moonshot+Libraries+on+Ubuntu+12.04+LTS Install Moonshot Libraries] |
** [https://wiki.moonshot.ja.net/display/Moonshot/Apache+HTTPD+on+Debian+7 Install mod_moonshot] | ** [https://wiki.moonshot.ja.net/display/Moonshot/Apache+HTTPD+on+Debian+7 Install mod_moonshot] | ||
* Ubuntu 14.04 | * Ubuntu 14.04 | ||
| − | ** [https://wiki.moonshot.ja.net/display/Moonshot/Install+Moonshot+Libraries+on+Ubuntu+14.04+LTS Install | + | ** [https://wiki.moonshot.ja.net/display/Moonshot/Install+Moonshot+Libraries+on+Ubuntu+14.04+LTS Install Moonshot Libraries] |
** [https://wiki.moonshot.ja.net/display/Moonshot/Apache+HTTPD+on+Debian+7 Install mod_moonshot] | ** [https://wiki.moonshot.ja.net/display/Moonshot/Apache+HTTPD+on+Debian+7 Install mod_moonshot] | ||
* Debian 7 | * Debian 7 | ||
| − | ** [https://wiki.moonshot.ja.net/display/Moonshot/Install+Moonshot+Libraries+on+Debian+7 Install | + | ** [https://wiki.moonshot.ja.net/display/Moonshot/Install+Moonshot+Libraries+on+Debian+7 Install Moonshot Libraries] |
** [https://wiki.moonshot.ja.net/display/Moonshot/Apache+HTTPD+on+Debian+7 Install mod_moonshot] | ** [https://wiki.moonshot.ja.net/display/Moonshot/Apache+HTTPD+on+Debian+7 Install mod_moonshot] | ||
* RedHat Enterprise Linux 6 / CentOS 6 / SE Linux 6 | * RedHat Enterprise Linux 6 / CentOS 6 / SE Linux 6 | ||
| − | ** [https://wiki.moonshot.ja.net/pages/viewpage.action?pageId=2687416 Install | + | ** [https://wiki.moonshot.ja.net/pages/viewpage.action?pageId=2687416 Install Moonshot Libraries] |
** [https://wiki.moonshot.ja.net/pages/viewpage.action?pageId=4030707 Install mod_moonshot] | ** [https://wiki.moonshot.ja.net/pages/viewpage.action?pageId=4030707 Install mod_moonshot] | ||
| + | |||
| + | ==== Configure mod_Moonshot ==== | ||
| + | |||
| + | Configure mod_moonshot to [https://wiki.moonshot.ja.net/display/Moonshot/Configure+a+Linux+Server+to+Connect+to+an+RP+Proxy connect to an ABFAB compatible server]. | ||
| + | |||
| + | ==== Configure Shibboleth ==== | ||
| + | |||
| + | mod_moonshot also needs Shibboleth service configuration files located in /etc/shibboleth. | ||
| + | |||
| + | On RHEL, CentOS or SE Linux distributions, shibd is installed with moonshot libraries, so the files just need to be configured. | ||
| + | |||
| + | On Ubuntu 12.04 or 14.04, you can install mod_shib installed, and disable it. | ||
| + | $ apt-get install mod_shib | ||
| + | $ a2dismod shib2 | ||
| + | Or you can optionally set up the /etc/shibboleth files manually. | ||
| + | |||
| + | For instructions on how to configure Shibboleth, follow the instructions of the section "Configuring shibboleth2.xml" in this [http://docs.openstack.org/developer/keystone/extensions/shibboleth.html link]. | ||
| + | |||
| + | ==== Configure Keystone ==== | ||
| + | |||
| + | In the keystone Apache site file, locate the virtual host entry and add the following entries for Abfab: | ||
| + | |||
| + | <VirtualHost *:5000> | ||
| + | ... | ||
| + | <LocationMatch /v3/OS-FEDERATION/identity_providers/*?/protocols/abfab/auth> | ||
| + | AuthType Negotiate | ||
| + | Require valid-user | ||
| + | </LocationMatch> | ||
| + | </VirtualHost> | ||
| + | |||
| + | <VirtualHost *:35357> | ||
| + | ... | ||
| + | <LocationMatch /v3/OS-FEDERATION/identity_providers/*?/protocols/abfab/auth> | ||
| + | AuthType Negotiate | ||
| + | Require valid-user | ||
| + | </LocationMatch> | ||
| + | </VirtualHost> | ||
| + | |||
| + | Notes | ||
| + | * <font face="courier>abfab</font> may be different in your deployment. | ||
| + | * Using a different wildcard instead of "*" (eg. "Abfab_*") will make only IdPs prefixed with "Abfab_" to authenticate using "abfab" protocol. | ||
| + | |||
| + | ==== Restart Apache ==== | ||
| + | |||
| + | $ service apache2 restart | ||
Latest revision as of 14:13, 5 August 2016
Contents
Setup Abfab
Configure Apache HTTPD for mod_moonshot
This section presents the steps that are necessary in order to get authenticated using ABFAB federation protocol on Openstack.
Run Keystone in HTTPD
Follow the steps outlined at: Running Keystone in HTTPD.
Install Moonshot Libraries and Moonshot Module for Apache
Click on the links below for instructions on how to install it. mod_moonshot (aka mod_auth_gssapi) is compatible with Apache HTTPD server v2.22, which can be installed on the following Linux flavours.
- Ubuntu 12.04
- Ubuntu 14.04
- RedHat Enterprise Linux 6 / CentOS 6 / SE Linux 6
Configure mod_Moonshot
Configure mod_moonshot to connect to an ABFAB compatible server.
Configure Shibboleth
mod_moonshot also needs Shibboleth service configuration files located in /etc/shibboleth.
On RHEL, CentOS or SE Linux distributions, shibd is installed with moonshot libraries, so the files just need to be configured.
On Ubuntu 12.04 or 14.04, you can install mod_shib installed, and disable it.
$ apt-get install mod_shib $ a2dismod shib2
Or you can optionally set up the /etc/shibboleth files manually.
For instructions on how to configure Shibboleth, follow the instructions of the section "Configuring shibboleth2.xml" in this link.
Configure Keystone
In the keystone Apache site file, locate the virtual host entry and add the following entries for Abfab:
<VirtualHost *:5000>
...
<LocationMatch /v3/OS-FEDERATION/identity_providers/*?/protocols/abfab/auth>
AuthType Negotiate
Require valid-user
</LocationMatch>
</VirtualHost>
<VirtualHost *:35357>
...
<LocationMatch /v3/OS-FEDERATION/identity_providers/*?/protocols/abfab/auth>
AuthType Negotiate
Require valid-user
</LocationMatch>
</VirtualHost>
Notes
- abfab may be different in your deployment.
- Using a different wildcard instead of "*" (eg. "Abfab_*") will make only IdPs prefixed with "Abfab_" to authenticate using "abfab" protocol.
Restart Apache
$ service apache2 restart
