Changes between Version 5 and Version 6 of ESGF-Security


Ignore:
Timestamp:
Mar 6, 2013 11:27:44 AM (9 years ago)
Author:
vegasm
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ESGF-Security

    v5 v6  
    4040
    4141
    42 ESG-ORP manages a whitelist. This list is used by the app to allow the idp's. The idp's are entities which provide an openid login and return a valid cookie. We will need two lists and you can download them from here
    43 To work properly, ESG-ORP needs some configuration changes.
     42Edit WEB-INF/classes/esg-orp.properties to configure ESG-ORP to sign the cookies:
     43{{{
     44#location of keystore used to sign the authentication cookie
     45keystoreFile=C:/apache-tomcat-6.0.36/config_files/esg-orp/.keystore
    4446
    45 Edit line 84 of /WEB-INF/classes/esg/orp/orp/config/security-context-auth.xml
     47#password used to read the keystore
     48keystorePassword=changeit
     49
     50#alias of keystore entry used to sign the authentication cookie
     51keystoreAlias=tomcat
     52}}}
     53
     54ESG-ORP manages a whitelist. This list is used by the app to allow the idp's. The idp's are entities which provide an openid login and return a valid cookie. We will need two lists and you can download them from here attachment:esgf_idp.xml attachment:esgf_idp_static.xml. If your idp is not contained by ''esgf_idp_static.xml'' just add your idp to the file. These files have to be saved in '''WEB-INF/classes/esg/config''' due to an apps bug. The app only accepts Linux paths or relative paths. Windows paths are not considered by the momment.
     55
     56The file which reads the lists is located in WEB-INF/classes/esg/orp/orp/config/security-context-auth.xml
     57Go to the line 84 and replace it with this line:
    4658{{{
    4759<property name="idpWhiteListFile" value="esg/config/esgf_idp.xml, esg/config/esgf_idp_static.xml" />
    4860}}}
    4961
     62=== Test ESG-ORP ===
     63
     64Open your browser and type this url: http://localhost:8080/OpenidRelyingParty . You should be redirected to an HTTPS page where you are prompted to enter your openid.
    5065
    5166
    52 
    53  
    54 
    55 Configure ORP to sign the cookies with our keystore
    56 
    57 Edit the file WEB-INF/classes/esg/orp/orp/config/appli
    58 
    59 For further information visit: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Configuration
     67References:
     68http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Configuration
     69https://oodt.jpl.nasa.gov/wiki/display/CLIMATE/Part+2+-+Deploy+an+ESG+Openid+Relying+Party
     70http://esgf.org/wiki/ESGF_IdPs
     71http://www.madboa.com/geek/openssl/#verify-standard
     72http://esgf.org/esg-certs/#ESG_Federation_Trust_Roots
     73http://www.techbrainwave.com/?p=953
     74https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html