Commit 122455ee authored by Michael Wagner's avatar Michael Wagner
Browse files

a bit more README.md documentation

parent a06e3920
......@@ -17,10 +17,8 @@ RUN echo "\n\nShibboleth Service Provider (SP) 3.2 Installation Guide\n"
RUN sudo apt install apache2 -y
RUN curl --fail --remote-name https://pkg.switch.ch/switchaai/debian/dists/buster/main/binary-all/misc/switchaai-apt-source_1.0.0_all.deb
RUN sudo apt install ./switchaai-apt-source_1.0.0_all.deb -y
RUN sudo apt update
RUN sudo apt install --install-recommends shibboleth -y
RUN echo sudo apt full-upgrade
RUN sudo apt autoremove
......
......@@ -144,9 +144,93 @@ config files for openBIS, moved into the pod in `Containerfile`
## 3.2 tutorial on how to get SSO - collection of tutorials
ETHzürich wrote [this guide](https://unlimited.ethz.ch/display/openBISDoc2010/Single+Sign+On+Authentication) on how to setup SSO with openBIS.
What will follow now is a collection of the different tutorials necessary to get SSO running with openBIS. (The following guide is for a Debian system, since that is what I was working with - if you have another operating system, check the official guide for the differences )
___
### Installing Shibboleth
What follows now is an explanation of the different lines of Containerfile and their corresponding steps:
- prerequisites
- shibboleth needs a folder under /run/
- Apache installed (https needed)
- no previous SP installation
- sudo (running as root), ntp (keeping your system time syncrhonized) & curl (downloading packages/certificates)
````commandline
RUN mkdir /run/shibboleth
RUN apt install sudo
RUN sudo apt-get install ntp -y
RUN sudo apt install curl -y
RUN sudo apt install apache2 -y
````
- curl Shibboleth & install it
- curl repo package, install package, install shibboleth:
````commandline
RUN curl --fail --remote-name https://pkg.switch.ch/switchaai/debian/dists/buster/main/binary-all/misc/switchaai-apt-source_1.0.0_all.deb
RUN sudo apt install ./switchaai-apt-source_1.0.0_all.deb -y
RUN sudo apt update
RUN sudo apt install --install-recommends shibboleth -y
RUN echo sudo apt full-upgrade
RUN sudo apt autoremove
````
- (optional) test your current configuration
````commandline
RUN sudo shibd -t
RUN sudo apache2ctl configtest
````
___
### Configuring Shibboleth
- you need to create SP keys for encryption and signing
````commandline
RUN shib-keygen -u _shibd -g _shibd -h cdi-sso.openbis.data.fau.de -y 10 -e https://cdi-sso.openbis.data.fau.de/shibboleth -n sp-encrypt -o /etc/shibboleth/
RUN shib-keygen -u _shibd -g _shibd -h cdi-sso.openbis.data.fau.de -y 10 -e https://cdi-sso.openbis.data.fau.de/shibboleth -n sp-signing -o /etc/shibboleth/
````
- you need to move the shibboleth config files into the pod
````commandline
COPY shibboleth-configuration-files/* /etc/shibboleth/
````
___
### Configuring openBIS
- copy `http.ini` to actual openBIS server dir
- delete these two files: `https.ini` & `ssl.ini` in `servers/openBIS-server/jetty/start.d/`
````commandline
RUN cp /home/openbis/openbis/servers/openBIS-server/jetty-dist/demo-base/start.d/http.ini /home/openbis/openbis/servers/openBIS-server/jetty/start.d/http.ini
RUN rm -f /home/openbis/openbis/servers/openBIS-server/jetty-dist/demo-base/start.d/https.ini
RUN rm -f /home/openbis/openbis/servers/openBIS-server/jetty-dist/demo-base/start.d/ssl.ini
````
- move the configuration files to the pod
- and make `InstanceProfile.js` writable
````commandline
RUN chmod +w /home/openbis/openbis/servers/core-plugins/eln-lims/1/as/webapps/eln-lims/html/etc/InstanceProfile.js
COPY ./openBIS_config/openBIS-server---service.properties /home/openbis/openbis/servers/openBIS-server/jetty/etc/service.properties
COPY ./openBIS_config/InstanceProfile.js /home/openbis/openbis/servers/core-plugins/eln-lims/1/as/webapps/eln-lims/html/etc/InstanceProfile.js
COPY ./openBIS_config/openbis.conf /etc/apache2/sites-available/
````
- enable openbis in the apache sites-enabled
- restart apache2 & shibboleth
````commandline
RUN sudo a2ensite openbis
RUN sudo apt-get -y install systemctl
RUN sudo systemctl reload apache2
RUN sudo systemctl reload shibd.service
````
# 4. notes and thougts
# 5. tips and tricks
# What I did:
I followed the [openBIS tutorial](https://unlimited.ethz.ch/display/openBISDoc2010/Single+Sign+On+Authentication) on setting up SSO.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment