SOA3 HowTo

From D4Science Wiki
Revision as of 17:54, 6 March 2013 by Ciro.formisano (Talk | contribs) (Created page with "==Introduction== SOA3 (Service Oriented Authentication, Authorization and Accounting) is composed by four services: * Authentication Service * Authorization Service * User Manag...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Introduction

SOA3 (Service Oriented Authentication, Authorization and Accounting) is composed by four services:

  • Authentication Service
  • Authorization Service
  • User Management Service
  • Connector

The detailed architecture is described in SOA3 Architecture document: here a quick guide on the installation process will be provided.

Installation steps

The four services run on Apache Tomcat 7: they are four wars with three configuration files. In particular:

  • authService.war is the Authentication Service
  • The Authorization Service has not been completed yet
  • userService.war is the User Management Service
  • soa3Service is the Connector

The only requirement is Tomcat 7.

Configuration

Authentication and UserManagement

Authentication and User Management Services use a common configuration file:

$CATALINA_HOME/conf/soa3/soa3.properties.

The file contains the following properties:

  • LDAP_URL the url of the LDAP containing the users (default "ldap://127.0.0.1:1389")
  • LDAP_BASE the LDAP search base (default "o=mojo")
  • LDAP_USER_DN the administrator DN (default "cn=Directory Manager")
  • LDAP_PASSWORD the administrator account password (default "secret")

the properties above are used by both Authentication Service and User Management Service

The following properties are related to federated authentication and concerns the connection with Shibboleth

  • CA_CERT = CA Key or keystore folder for assertion validation (default /etc/grid-security/certificates)
  • ASSERTION_SIGNATURE_VALIDATION Assertion signature validation enabled (default true)
  • ASSERTION_TIME_VALIDATION Assertion time validation enabled (default true)
  • SAML_ASSERTION_SOURCE_URL SAML Source host (default http://localhost/Shibboleth.sso/GetAssertion)

Further information on Shibboleth deployment and configuration can be found in Shibboleth for IMarine


=Connector

The connector uses two configuration files:

  • connector.properties (mandatory)
  • services.properties (optional)