Changes between Version 13 and Version 14 of ESGF-Security


Ignore:
Timestamp:
Mar 13, 2013 1:51:10 PM (9 years ago)
Author:
vegasm
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • ESGF-Security

    v13 v14  
    1 = Adding ESGF-Security to THREDDS =
     1= Adding ESGF-Security to TDS =
    22
    33Before publishing test datasets, it is necessary to install some security components and filters to support ESGF-Security.
     
    1212Create a keystore file to store the server's private key and self-signed certificate by executing the following:
    1313
    14 '''Important: set your hostname as CN.''' (See error "Target is not trusted" [[http://esgf.org/wiki/Security/FAQ]]. For example, if you are deploying tomcat for testing in your own machine use CN=localhost.
     14'''Important: set your hostname as CN.''' (See error "Target is not trusted" [[http://esgf.org/wiki/Security/FAQ]]). For example, if you are deploying tomcat for testing in your own machine use CN=localhost.
    1515
    1616{{{
     
    3535{{{
    3636 rem Windows
    37  set "JAVA_OPTS=-Xmx2560m -Xms2560m -Ddebug=true -Djavax.net.ssl.trustStore=C:/apache-tomcat-6.0.36/config_files/esg-orp/esg-truststore.ts -Djavax.net.ssl.trustStorePassword=changeit"
     37 set "JAVA_OPTS=-Xmx2560m -Xms2560m -Ddebug=true -Djavax.net.ssl.trustStore=$CATALINA_HOME/config_files/esg-orp/esg-truststore.ts -Djavax.net.ssl.trustStorePassword=changeit"
    3838 echo %JAVA_OPTS%
    3939}}}
     
    5959ESG-ORP manages a list that is used to allow the idp's. It is called whitelist. The idp's are entities which provide an openid login and return a valid cookie. We will need two lists and you can download them from here [[attachment:esgf_idp.xml]] [[attachment:esgf_idp_static.xml]]. If your idp is not contained by ''esgf_idp_static.xml'' just add your idp to the file. It is recommended to save these files in '''WEB-INF/classes/esg/config''' to work properly in all environments because Windows paths are not considered by the momment.
    6060
    61 The file which reads the lists is located in WEB-INF/classes/esg/orp/orp/config/security-context-auth.xml
     61The whitelist files are read by '''WEB-INF/classes/esg/orp/orp/config/security-context-auth.xml'''
    6262Go to the line 84 and replace it with this line:
    6363{{{
     
    7373Firstable, copy the following jars onto the TDS WEB-INF/lib directory [[attachment:thredds_esg_security_libraries.zip​]].
    7474
    75 Then edit the file $CATALINA_HOME/webapps/thredds/WEB-INF/web.xml and
    76 
    77 Then edit the file $CATALINA_HOME/webapps/thredds/WEB-INF/web.xml and insert the XML snippet that configures the ESG access control filters to intercepts all requests sent to the TDS (see example below). You must configure the filter parameters to values that are specific to your system, specifically:
     75After that, edit the file $CATALINA_HOME/webapps/thredds/WEB-INF/web.xml and insert the XML snippet that configures the ESG access control filters to intercepts all requests sent to the TDS. You must configure the filter parameters to values that are specific to your system, specifically:
    7876
    7977{{{