Difference between revisions of "AbfabInstall"
(→Setup Abfab) |
(→Configure Apache HTTPD for mod_moonshot) |
||
Line 32: | Line 32: | ||
On RHEL, CentOS or SE Linux distributions, shibd is installed with moonshot libraries, so the files just need to be configured. | On RHEL, CentOS or SE Linux distributions, shibd is installed with moonshot libraries, so the files just need to be configured. | ||
− | On Ubuntu 12.04 or 14.04, you | + | On Ubuntu 12.04 or 14.04, you can install mod_shib installed, and disable it. |
apt-get install mod_shib | apt-get install mod_shib | ||
a2dismod shib2 | a2dismod shib2 | ||
+ | Or you can optionally set up the /etc/shibboleth files manually. | ||
+ | |||
+ | For instructions on how to configure Shibboleth, follow the instructions of the section "Configuring shibboleth2.xml" in this [http://docs.openstack.org/developer/keystone/extensions/shibboleth.html link]. | ||
5. In the keystone Apache site file, locate the virtual host entry and add the following entries for OpenID Connect: | 5. In the keystone Apache site file, locate the virtual host entry and add the following entries for OpenID Connect: | ||
Line 40: | Line 43: | ||
<VirtualHost *:5000> | <VirtualHost *:5000> | ||
... | ... | ||
− | <LocationMatch /v3/OS-FEDERATION/identity_providers/*?/ | + | <LocationMatch /v3/OS-FEDERATION/identity_providers/*?/protjustocols/abfab/auth> |
AuthType Negotiate | AuthType Negotiate | ||
Require valid-user | Require valid-user | ||
</LocationMatch> | </LocationMatch> | ||
</VirtualHost> | </VirtualHost> | ||
+ | |||
+ | |||
6. Restart apache. | 6. Restart apache. | ||
# service apache2 restart | # service apache2 restart |
Revision as of 16:52, 9 March 2015
Setup Abfab
Configure Apache HTTPD for mod_moonshot
This section presents the steps that are necessary in order to get authenticated using ABFAB federation protocol on Openstack.
1. Follow the steps outlined at: Running Keystone in HTTPD.
2. Click on the links below for instructions on how to install it. mod_moonshot (aka mod_auth_gssapi) is compatible with Apache HTTPD server v2.22, which can be installed on the following Linux flavours.
- Ubuntu 12.04
- Ubuntu 14.04
- RedHat Enterprise Linux 6 / CentOS 6 / SE Linux 6
3. Configure mod_moonshot to connect to an ABFAB compatible server.
4. mod_moonshot also needs Shibboleth service configuration files located in /etc/shibboleth.
On RHEL, CentOS or SE Linux distributions, shibd is installed with moonshot libraries, so the files just need to be configured.
On Ubuntu 12.04 or 14.04, you can install mod_shib installed, and disable it.
apt-get install mod_shib a2dismod shib2
Or you can optionally set up the /etc/shibboleth files manually.
For instructions on how to configure Shibboleth, follow the instructions of the section "Configuring shibboleth2.xml" in this link.
5. In the keystone Apache site file, locate the virtual host entry and add the following entries for OpenID Connect:
<VirtualHost *:5000> ... <LocationMatch /v3/OS-FEDERATION/identity_providers/*?/protjustocols/abfab/auth> AuthType Negotiate Require valid-user </LocationMatch> </VirtualHost>
6. Restart apache.
# service apache2 restart