Changes between Initial Version and Version 1 of RaSpSetup


Ignore:
Timestamp:
07/11/11 16:42:42 (13 years ago)
Author:
jpmitchell@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • RaSpSetup

    v1 v1  
     1== [[https://iam.alaska.edu/shib|Shibboleth]] / Setup Right Answers SP == 
     2 
     3This page documents the process of setting up the Shibboleth SP and integrating it with the Right Answers application. 
     4 
     51. Ensure the SP is installed. See [[https://iam.alaska.edu/shib/wiki/SpSetup|Shibboleth SP Setup]] for more information. 
     6 
     72. Ensure the Apache module mod_proxy_ajp is installed. If not contact sdtsos@alaska.edu and request it be installed. 
     8{{{ 
     9[sxjpm@osprey conf.d]$ ls -la /etc/httpd/modules/mod_proxy_ajp.so  
     10-rwxr-xr-x. 1 root root 39632 Apr  9 05:00 /etc/httpd/modules/mod_proxy_ajp.so 
     11}}} 
     12 
     133. Configure Apache to proxy to Tomcat via the AJP proxy for the base portal path. 
     14{{{ 
     15[sxjpm@osprey conf.d]$ pwd 
     16/etc/httpd/conf.d 
     17[sxjpm@osprey conf.d]$ vi proxy_ajp.conf 
     18... 
     19ProxyPass /portal/ ajp://localhost:8009/portal/ 
     20... 
     21:wq! 
     22}}} 
     23 
     244. Configure Apache to require Shibboleth authentication for the various portal paths. 
     25{{{ 
     26[sxjpm@osprey conf.d]$ pwd 
     27/etc/httpd/conf.d 
     28[sxjpm@osprey conf.d]$ vi shib.conf 
     29... 
     30<Location /portal/sa> 
     31  AuthType shibboleth 
     32  ShibRequestSetting requireSession 1 
     33  ShibUseHeaders On 
     34  require valid-user 
     35</Location> 
     36 
     37<Location /portal/ss> 
     38  AuthType shibboleth 
     39  ShibRequestSetting requireSession 1 
     40  ShibUseHeaders On 
     41  require valid-user 
     42</Location> 
     43 
     44<Location /portal/admin> 
     45  AuthType shibboleth 
     46  ShibRequestSetting requireSession 1 
     47  ShibUseHeaders On 
     48  require valid-user 
     49</Location> 
     50... 
     51:wq! 
     52}}} 
     53 
     545. Configure Tomcat to listen on an AJP port. It is important to ensure no other means of communicating with Tomcat are available to ensure all traffic is pushed through the Apache AJP proxy. Otherwise the application could be accessed without authentication/authorization. 
     55{{{ 
     56[sxjpm@osprey conf]$ pwd 
     57/usr/share/tomcat6/conf 
     58[sxjpm@osprey conf]$ vi server.xml 
     59... 
     60    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> 
     61... 
     62:wq! 
     63}}} 
     64 
     65