AbfabInstall

Setup Abfab

Configure Apache HTTPD for mod_moonshot

This section presents the steps that are necessary in order to get authenticated using ABFAB federation protocol on Openstack.

1. Follow the steps outlined at: Running Keystone in HTTPD.

2. Click on the links below for instructions on how to install it. mod_moonshot (aka mod_auth_gssapi) is compatible with Apache HTTPD server v2.22, which can be installed on the following Linux flavours.

• Ubuntu 12.04
  • Install Moonshot Libraries
  • Install mod_moonshot

• Ubuntu 14.04
  • Install Moonshot Libraries
  • Install mod_moonshot

• Debian 7
  • Install Moonshot Libraries
  • Install mod_moonshot

• RedHat Enterprise Linux 6 / CentOS 6 / SE Linux 6
  • Install Moonshot Libraries
  • Install mod_moonshot

3. Configure mod_moonshot to connect to an ABFAB compatible server.

4. mod_moonshot also needs Shibboleth service configuration files located in /etc/shibboleth.

On RHEL, CentOS or SE Linux distributions, shibd is installed with moonshot libraries, so the files just need to be configured.

On Ubuntu 12.04 or 14.04, you need to install mod_shib installed, and disable it.

apt-get install mod_shib 
a2dismod shib2

5. In the keystone Apache site file, locate the virtual host entry and add the following entries for OpenID Connect:

<VirtualHost *:5000>
    ...
    <LocationMatch /v3/OS-FEDERATION/identity_providers/*?/protocols/abfab/auth>
        AuthType Negotiate
        Require valid-user
    </LocationMatch>
</VirtualHost>

6. Restart apache.

# service apache2 restart