Difference between revisions of "AbfabInstall"
(→Setup Abfab) |
(→Setup Abfab) |
||
| Line 3: | Line 3: | ||
=== Configure Apache HTTPD for mod_moonshot === | === Configure Apache HTTPD for mod_moonshot === | ||
| − | + | This section presents the steps that are necessary in order to get authenticated using ABFAB federation protocol on Openstack. | |
| + | 1. Follow the steps outlined at: [http://docs.openstack.org/developer/keystone/apache-httpd.html Running Keystone in HTTPD]. | ||
| + | |||
| + | 2. Click on the links below for instructions on how to install it. | ||
mod_moonshot (aka mod_auth_gssapi) is compatible with Apache HTTPD server v2.22, which can be installed on the following Linux flavours. | mod_moonshot (aka mod_auth_gssapi) is compatible with Apache HTTPD server v2.22, which can be installed on the following Linux flavours. | ||
| − | |||
| − | |||
* Ubuntu 12.04 | * Ubuntu 12.04 | ||
| Line 25: | Line 26: | ||
** [https://wiki.moonshot.ja.net/pages/viewpage.action?pageId=4030707 Install mod_moonshot] | ** [https://wiki.moonshot.ja.net/pages/viewpage.action?pageId=4030707 Install mod_moonshot] | ||
| − | Configure mod_moonshot to [https://wiki.moonshot.ja.net/display/Moonshot/Configure+a+Linux+Server+to+Connect+to+an+RP+Proxy connect to an ABFAB compatible server]. | + | 3. Configure mod_moonshot to [https://wiki.moonshot.ja.net/display/Moonshot/Configure+a+Linux+Server+to+Connect+to+an+RP+Proxy connect to an ABFAB compatible server]. |
| − | + | 4. mod_moonshot also needs Shibboleth service configuration files located in /etc/shibboleth. | |
On RHEL, CentOS or SE Linux distributions, shibd is installed with moonshot libraries, so the files just need to be configured. | On RHEL, CentOS or SE Linux distributions, shibd is installed with moonshot libraries, so the files just need to be configured. | ||
| Line 35: | Line 36: | ||
a2dismod shib2 | a2dismod shib2 | ||
| − | + | 5. In the keystone Apache site file, locate the virtual host entry and add the following entries for OpenID Connect: | |
| − | |||
| − | In the keystone Apache site file, locate the virtual host entry and add the following entries for OpenID Connect: | ||
<VirtualHost *:5000> | <VirtualHost *:5000> | ||
| Line 46: | Line 45: | ||
</LocationMatch> | </LocationMatch> | ||
</VirtualHost> | </VirtualHost> | ||
| + | |||
| + | 6. Restart apache. | ||
| + | |||
| + | # service apache2 restart | ||
Revision as of 16:43, 9 March 2015
Setup Abfab
Configure Apache HTTPD for mod_moonshot
This section presents the steps that are necessary in order to get authenticated using ABFAB federation protocol on Openstack.
1. Follow the steps outlined at: Running Keystone in HTTPD.
2. Click on the links below for instructions on how to install it. mod_moonshot (aka mod_auth_gssapi) is compatible with Apache HTTPD server v2.22, which can be installed on the following Linux flavours.
- Ubuntu 12.04
- Ubuntu 14.04
- RedHat Enterprise Linux 6 / CentOS 6 / SE Linux 6
3. Configure mod_moonshot to connect to an ABFAB compatible server.
4. mod_moonshot also needs Shibboleth service configuration files located in /etc/shibboleth.
On RHEL, CentOS or SE Linux distributions, shibd is installed with moonshot libraries, so the files just need to be configured.
On Ubuntu 12.04 or 14.04, you need to install mod_shib installed, and disable it.
apt-get install mod_shib a2dismod shib2
5. In the keystone Apache site file, locate the virtual host entry and add the following entries for OpenID Connect:
<VirtualHost *:5000>
...
<LocationMatch /v3/OS-FEDERATION/identity_providers/*?/protocols/abfab/auth>
AuthType Negotiate
Require valid-user
</LocationMatch>
</VirtualHost>
6. Restart apache.
# service apache2 restart
