Difference between revisions of "DILIGENT Gridsphere and Portal Security patch"

From Gcube Wiki
Jump to: navigation, search
(Download Diligent-Gridpsphere)
(Download VOMS servlet)
Line 76: Line 76:
 
You can find information [http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security6.html here] to obtain a trustStore. It must contain also the VOMS certificate you want to use. The default current scenario use the VOMS at grids03.eng.it, so you have to store it in your truststore.
 
You can find information [http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security6.html here] to obtain a trustStore. It must contain also the VOMS certificate you want to use. The default current scenario use the VOMS at grids03.eng.it, so you have to store it in your truststore.
  
'''TODO''': add keytool command example
+
The following commands can be useful to manage your trust store:
 +
* To import the VOMS certificate in your trustStore:
 +
<pre>
 +
keytool -import -alias [name] -file [path_to_VOMS_cert.pem]  -keystore [path_to_your_trustStore]
 +
</pre>
 +
for instance your VOMS could be grids03.eng.it.
 +
 
 +
* To list the certificates stored in your trustStore:
 +
<pre>
 +
keytool -list -v -keystore [your_trustStore]
 +
</pre>
  
 
==Edit PortalSecurity.properties==
 
==Edit PortalSecurity.properties==

Revision as of 14:21, 6 July 2007

This page contains a description of some needed steps in order to perform a new installation of DILIGENT Gridsphere Portal.


Configure properly your host

If you want to deploy the DILIGENT gridsphere portal there is a number of preliminary steps you have to perform. In particular the host has to be a DHN (follow this DHN installation to install a DHN). You also need to properly configure security for DILIGENT services. Please follow the How To Enable Security for more information.

Install Apache-tomcat 5.5.20

You can download from ETICS build report the required version of that web application container tomcat-5.5.20. Remember to correctly configure the container as Gridsphere user's guide suggests in Gridsphere user's guide.

Download Diligent-Gridpsphere

It is a gridsphere-2.2.7 portal patched with org.diligentproject.portal.security-patch, that introduce the diligent security mechanisms in the gridsphere portal. You can download it from ETICS build report diligent-gridsphere.

Your Tomcat 5.5.20 instance needs a particular configuration to run correctly the Diligent gridsphere portal: You have to set two environment variables:

* GLOBUS_LOCATION
* CATALINA_OPTS=-DGLOBUS_LOCATION=$GLOBUS_LOCATION

and edit the setclasspath.sh (or setclasspath.bat) of $CATALINA_HOME/bin as following:

# Set standard CLASSPATH
if [ "$1" = "debug" -o "$1" = "javac" ] ; then
  CLASSPATH="$CLASSPATH":"$JAVA_HOME"/lib/tools.jar
fi

Download VOMS servlet

The .war of the VOMSServlet is available at ENGrepository. After deploying the .war in a tomcat instance DIFFERENT from where you install Gridsphere Portal, you need to edit a web.xml file. In the web.xml file you have to specify a number of parameters. To obtain a pkcs12 certificate of your host, if you don't have one, you can use the following command:

openssl pkcs12 -export -in path_to_the_containercert.pem -inkey path_to_the_containerkey.pem -out file.p12

This is an example of web.xml file you have to edit:

     <!-- the host name of the VOMS Admin interface -->
     <init-param>
	<param-name>hostName</param-name>
	<param-value>https://grids03.eng.it:8443/voms/diligent/services/VOMSAdmin</param-value>
     </init-param>
     <!-- the pcks12 host certificate -->
     <init-param>
	<param-name>keyStore</param-name>
	<param-value>path_to_host.p12</param-value>
     </init-param>
     <!-- the default value is pcks12 -->
     <init-param>
	<param-name>keyStoreType</param-name>
	<param-value>PKCS12</param-value>
     </init-param>
     <!-- the password of the specified keyStore --> 
     <init-param>
	<param-name>keyStorePassword</param-name>
	<param-value>password</param-value>
     </init-param>
     <!-- the path to a trustStore --> 
     <init-param>
        <param-name>trustStore</param-name>
        <param-value>path_to_a_trustStore</param-value>
     </init-param>	
     <!-- the password of the specified keyStore --> 
     <init-param>
        <param-name>trustStorePassword</param-name>
        <param-value>tomcat</param-value>
     </init-param>				
     <!-- the default value -->
     <init-param>
         <param-name>trustStoreType</param-name>
         <param-value>JKS</param-value>
     </init-param>

You can find information here to obtain a trustStore. It must contain also the VOMS certificate you want to use. The default current scenario use the VOMS at grids03.eng.it, so you have to store it in your truststore.

The following commands can be useful to manage your trust store:

  • To import the VOMS certificate in your trustStore:
keytool -import -alias [name] -file [path_to_VOMS_cert.pem]  -keystore [path_to_your_trustStore]

for instance your VOMS could be grids03.eng.it.

  • To list the certificates stored in your trustStore:
keytool -list -v -keystore [your_trustStore]

Edit PortalSecurity.properties

In the .tgz of diligent-gridpshere you can find a new file called PortalSecurity.properties. You have to edit it before installing the portal in your machine. This operation is really important in order to have a correct installation.

In particular you have to specify a number of parameters belonging to MyProxy host you want to use:

E.g.:MYPROXY_HOST=grids04.eng.it
E.g.:MYPROXY_PORT=7512

and a dir in your filesystem suitable to store temporary generated proxy certificate

E.g.:PROXIES_DIR=/home/user/certs/

Then you have to specify a number of information needed to communicate with the VOMSServlet. This servlet represents a workaround due to communication problem within portal, VOMS host and the all DILIGENT infrastructure. At ENG we develop that servlet that you must deploy in the same Apache tomcat container where you deploy diligent-gridsphere. The following parameters are required:

SERVLET_HOST=localhost
SERVLET_PORT=port_of_your_container
SERVLET_PATH=the_/VOMSServlet/VOMSServlet
SERVLET_PROTOCOL=http