Changes between Version 2 and Version 3 of GrouperUIInstall


Ignore:
Timestamp:
06/15/13 09:21:24 (11 years ago)
Author:
uaguest_SPatel1@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • GrouperUIInstall

    v2 v3  
    1011012.  In the /etc/shibboleth/shibboleth2.xml file: 
    102102 
    103 a) Set the entityID of the SP.  And add "bannerid" to the front of the REMOTE_USER values.  This is done so that REMOTE_USER gets set as the authenticated users' BannerID, which then gets passed to Tomcat and available for the Grouper UI.  Authentication in the Grouper UI will work if REMOTE_USER is either the subject id (which is the case here) or a subject identifier. 
     103a. Set the entityID of the SP.  And add "bannerid" to the front of the REMOTE_USER values.  This is done so that REMOTE_USER gets set as the authenticated users' BannerID, which then gets passed to Tomcat and available for the Grouper UI.  Authentication in the Grouper UI will work if REMOTE_USER is either the subject id (which is the case here) or a subject identifier. 
    104104 
    105105{{{ 
     
    110110 
    111111 
    112 b) Add the reference to the metadata file.  Replace the following: 
     112b. Add the reference to the metadata file.  Replace the following: 
    113113 
    114114{{{ 
     
    126126 
    127127 
    128 c) Add the entityID of the IdP.  Replace the following: 
     128c. Add the entityID of the IdP.  Replace the following: 
    129129 
    130130{{{ 
     
    160160                                                           [  OK  ] 
    161161}}} 
     162 
     163 
     164 
     165== Configure Apache == 
     166 
     1671.  Configure mod_proxy_ajp. Add the file /etc/httpd/conf.d/proxy_ajp.conf with the contents: 
     168 
     169{{{ 
     170LoadModule proxy_module modules/mod_proxy.so 
     171LoadModule proxy_ajp_module modules/mod_proxy_ajp.so 
     172 
     173ProxyPass /grouper/ ajp://localhost:8009/grouper/ 
     174}}} 
     175 
     1762.  Add the following to the end of /etc/httpd/conf.d/shib.conf to require Shibboleth 
     177 
     178{{{ 
     179<Location /> 
     180  AuthType shibboleth 
     181  ShibRequestSetting requireSession 1 
     182  require valid-user 
     183</Location> 
     184}}} 
     185 
     1863.  Restart Apache 
     187 
     188{{{ 
     189[root@grinnell conf.d]# /etc/init.d/httpd restart 
     190Stopping httpd:                                            [  OK  ] 
     191Starting httpd:                                            [  OK  ] 
     192[root@grinnell conf.d]# 
     193}}} 
     194 
     195 
     196 
     197== Configure Tomcat == 
     198 
     1991.  In the file /etc/tomcat6/server.xml, make sure the AJP connector listening on port 8009 is not commented out and make sure request.tomcatAuthentication is set to false. 
     200 
     201{{{ 
     202    <!-- Define an AJP 1.3 Connector on port 8009 --> 
     203    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" request.tomcatAuthentication="false" /> 
     204}}} 
     205 
     2062.  Restart Tomcat 
     207 
     208{{{ 
     209[root@grinnell tomcat6]# /etc/init.d/tomcat6 stop 
     210Stopping tomcat6:                                          [  OK  ] 
     211[root@grinnell tomcat6]# ps -ef | grep -i tomcat 
     212root     18377  7627  0 09:21 pts/3    00:00:00 grep -i tomcat 
     213[root@grinnell tomcat6]# /etc/init.d/tomcat6 start 
     214Starting tomcat6:                                          [  OK  ] 
     215}}}