# Changes between Version 13 and Version 14 of ESGF-Security

Ignore:
Timestamp:
Mar 13, 2013 1:51:10 PM (9 years ago)
Comment:

--

### Legend:

Unmodified
 v13 = Adding ESGF-Security to THREDDS = = Adding ESGF-Security to TDS = Before publishing test datasets, it is necessary to install some security components and filters to support ESGF-Security. Create a keystore file to store the server's private key and self-signed certificate by executing the following: '''Important: set your hostname as CN.''' (See error "Target is not trusted" [[http://esgf.org/wiki/Security/FAQ]]. For example, if you are deploying tomcat for testing in your own machine use CN=localhost. '''Important: set your hostname as CN.''' (See error "Target is not trusted" [[http://esgf.org/wiki/Security/FAQ]]). For example, if you are deploying tomcat for testing in your own machine use CN=localhost. {{{ {{{ rem Windows set "JAVA_OPTS=-Xmx2560m -Xms2560m -Ddebug=true -Djavax.net.ssl.trustStore=C:/apache-tomcat-6.0.36/config_files/esg-orp/esg-truststore.ts -Djavax.net.ssl.trustStorePassword=changeit" set "JAVA_OPTS=-Xmx2560m -Xms2560m -Ddebug=true -Djavax.net.ssl.trustStore=$CATALINA_HOME/config_files/esg-orp/esg-truststore.ts -Djavax.net.ssl.trustStorePassword=changeit" echo %JAVA_OPTS% }}} ESG-ORP manages a list that is used to allow the idp's. It is called whitelist. The idp's are entities which provide an openid login and return a valid cookie. We will need two lists and you can download them from here [[attachment:esgf_idp.xml]] [[attachment:esgf_idp_static.xml]]. If your idp is not contained by ''esgf_idp_static.xml'' just add your idp to the file. It is recommended to save these files in '''WEB-INF/classes/esg/config''' to work properly in all environments because Windows paths are not considered by the momment. The file which reads the lists is located in WEB-INF/classes/esg/orp/orp/config/security-context-auth.xml The whitelist files are read by '''WEB-INF/classes/esg/orp/orp/config/security-context-auth.xml''' Go to the line 84 and replace it with this line: {{{ Firstable, copy the following jars onto the TDS WEB-INF/lib directory [[attachment:thredds_esg_security_libraries.zip​]]. Then edit the file$CATALINA_HOME/webapps/thredds/WEB-INF/web.xml and Then edit the file $CATALINA_HOME/webapps/thredds/WEB-INF/web.xml and insert the XML snippet that configures the ESG access control filters to intercepts all requests sent to the TDS (see example below). You must configure the filter parameters to values that are specific to your system, specifically: After that, edit the file$CATALINA_HOME/webapps/thredds/WEB-INF/web.xml and insert the XML snippet that configures the ESG access control filters to intercepts all requests sent to the TDS. You must configure the filter parameters to values that are specific to your system, specifically: {{{