a bit more README.md documentation

122455ee · Michael Wagner · a06e3920 · 122455ee · 122455ee
Commit 122455ee authored Jul 20, 2022 by Michael Wagner
--- a/Containerfile
+++ b/Containerfile
@@ -17,10 +17,8 @@ RUN echo "\n\nShibboleth Service Provider (SP) 3.2 Installation Guide\n"
   RUN sudo apt install apache2 -y

   RUN curl --fail --remote-name https://pkg.switch.ch/switchaai/debian/dists/buster/main/binary-all/misc/switchaai-apt-source_1.0.0_all.deb
-
   RUN sudo apt install ./switchaai-apt-source_1.0.0_all.deb -y
   RUN sudo apt update
-
   RUN sudo apt install --install-recommends shibboleth -y
   RUN echo sudo apt full-upgrade
   RUN sudo apt autoremove

--- a/README.md
+++ b/README.md
@@ -144,9 +144,93 @@ config files for openBIS, moved into the pod in `Containerfile`


 ## 3.2 tutorial on how to get SSO - collection of tutorials
+ETHzürich wrote [this guide](https://unlimited.ethz.ch/display/openBISDoc2010/Single+Sign+On+Authentication) on how to setup SSO with openBIS. 
+What will follow now is a collection of the different tutorials necessary to get SSO running with openBIS. (The following guide is for a Debian system, since that is what I was working with - if you have another operating system, check the official guide for the differences )
+___
+### Installing Shibboleth
+
+What follows now is an explanation of the different lines of Containerfile and their corresponding steps:
+
+- prerequisites
+   - shibboleth needs a folder under /run/
+   - Apache installed (https needed)
+   - no previous SP installation
+   - sudo (running as root), ntp (keeping your system time syncrhonized) & curl (downloading packages/certificates) 
+
+````commandline
+   RUN mkdir /run/shibboleth
+   RUN apt install sudo
+   RUN sudo apt-get install ntp -y
+   RUN sudo apt install curl -y
+   RUN sudo apt install apache2 -y
+````
+
+- curl Shibboleth & install it
+  - curl repo package, install package, install shibboleth:
+````commandline
+   RUN curl --fail --remote-name https://pkg.switch.ch/switchaai/debian/dists/buster/main/binary-all/misc/switchaai-apt-source_1.0.0_all.deb
+   RUN sudo apt install ./switchaai-apt-source_1.0.0_all.deb -y
+   RUN sudo apt update
+   RUN sudo apt install --install-recommends shibboleth -y
+   RUN echo sudo apt full-upgrade
+   RUN sudo apt autoremove
+````
+
+- (optional) test your current configuration
+````commandline
+   RUN sudo shibd -t
+   RUN sudo apache2ctl configtest
+````
+
+
+
+___
+### Configuring Shibboleth
+
+- you need to create SP keys for encryption and signing
+````commandline
+    RUN shib-keygen -u _shibd -g _shibd -h cdi-sso.openbis.data.fau.de -y 10 -e https://cdi-sso.openbis.data.fau.de/shibboleth -n sp-encrypt -o /etc/shibboleth/
+    RUN shib-keygen -u _shibd -g _shibd -h cdi-sso.openbis.data.fau.de -y 10 -e https://cdi-sso.openbis.data.fau.de/shibboleth -n sp-signing -o /etc/shibboleth/
+````
+
+- you need to move the shibboleth config files into the pod
+````commandline
+    COPY shibboleth-configuration-files/* /etc/shibboleth/
+````
+___
+### Configuring openBIS
+
+- copy `http.ini` to actual openBIS server dir
+- delete these two files: `https.ini` & `ssl.ini` in `servers/openBIS-server/jetty/start.d/`
+
+````commandline
+    RUN cp /home/openbis/openbis/servers/openBIS-server/jetty-dist/demo-base/start.d/http.ini /home/openbis/openbis/servers/openBIS-server/jetty/start.d/http.ini
+    RUN rm -f /home/openbis/openbis/servers/openBIS-server/jetty-dist/demo-base/start.d/https.ini
+    RUN rm -f /home/openbis/openbis/servers/openBIS-server/jetty-dist/demo-base/start.d/ssl.ini
+````
+- move the configuration files to the pod
+- and make `InstanceProfile.js` writable
+````commandline
+
+    RUN chmod +w /home/openbis/openbis/servers/core-plugins/eln-lims/1/as/webapps/eln-lims/html/etc/InstanceProfile.js
+    COPY ./openBIS_config/openBIS-server---service.properties /home/openbis/openbis/servers/openBIS-server/jetty/etc/service.properties
+    COPY ./openBIS_config/InstanceProfile.js /home/openbis/openbis/servers/core-plugins/eln-lims/1/as/webapps/eln-lims/html/etc/InstanceProfile.js
+    COPY ./openBIS_config/openbis.conf /etc/apache2/sites-available/
+````    
+- enable openbis in the apache sites-enabled
+- restart apache2 & shibboleth
+````commandline
+    RUN sudo a2ensite openbis
+    RUN sudo apt-get -y install systemctl
+    RUN sudo systemctl reload apache2
+    RUN sudo systemctl reload shibd.service
+````
+

 # 4. notes and thougts

+# 5. tips and tricks
+

 # What I did:
 I followed the [openBIS tutorial](https://unlimited.ethz.ch/display/openBISDoc2010/Single+Sign+On+Authentication) on setting up SSO.