DILIGENT Gridsphere and Portal Security patch

From Gcube Wiki
Revision as of 09:37, 20 June 2007 by Andreaturli (Talk | contribs) (Edit PortalSecurity.properties)

Jump to: navigation, search

This page contains a description of some needed steps in order to perform a new installation of DILIGENT Gridsphere Portal.


Configure properly your host

If you want to deploy the DILIGENT gridsphere portal you need to properly configure security for DILIGENT services please follow the How To Enable Security page.

Install Apache-tomcat 5.5.20

You can download from ETICS build report the required version of that web application container tomcat-5.5.20. Remember to correctly configure the container as Gridsphere user's guide suggests in Gridsphere user's guide.

Download Diligent-Gridpsphere

It is a gridsphere-2.2.7 portal patched with org.diligentproject.portal.security-patch, that introduce the diligent security mechanisms in the gridsphere portal. You can download it from ETICS build report diligent-gridsphere.

Download VOMS servlet

The .war of the VOMSServlet is available at ENGrepository. After deploying the .war in your container, edit the associated web.xml file in which you have to specify a number of parameters:

     <!-- the host name of the VOMS Admin interface -->
     <init-param>
	<param-name>hostName</param-name>
	<param-value>https://grids03.eng.it:8443/voms/diligent/services/VOMSAdmin</param-value>
     </init-param>
     <!-- the pcks12 host certificate -->
     <init-param>
	<param-name>keyStore</param-name>
	<param-value>path_to_host.p12</param-value>
     </init-param>
     <!-- the default value is pcks12 -->
     <init-param>
	<param-name>keyStoreType</param-name>
	<param-value>PKCS12</param-value>
     </init-param>
     <!-- the password of the specified keyStore --> 
     <init-param>
	<param-name>keyStorePassword</param-name>
	<param-value>password</param-value>
     </init-param>
     <!-- the path to a trustStore --> 
     <init-param>
        <param-name>trustStore</param-name>
        <param-value>path_to_a_trustStore</param-value>
     </init-param>	
     <!-- the password of the specified keyStore --> 
     <init-param>
        <param-name>trustStorePassword</param-name>
        <param-value>tomcat</param-value>
     </init-param>				
     <!-- the default value -->
     <init-param>
         <param-name>trustStoreType</param-name>
         <param-value>JKS</param-value>
     </init-param>

To obtain a pkcs12 certificate of your host you can use the following command

openssl pkcs12 -export -in path_to_the_containercert.pem -inkey path_to_the_containerkey.pem

You can find information here to obtain a trustStore. It must contain also the VOMS certificate you want to use. The default current scenario use the VOMS at grids03.eng.it.

Edit PortalSecurity.properties

In the .tgz of diligent-gridpshere you can find a new file called PortalSecurity.properties. You have to edit it before installing the portal in your machine. This operation is really important in order to have a correct installation.

In particular you have to specify a number of parameters belonging to MyProxy host you want to use:

E.g.:MYPROXY_HOST=grids04.eng.it
E.g.:MYPROXY_PORT=7512

and a dir in your filesystem suitable to store temporary generated proxy certificate

E.g.:PROXIES_DIR=/home/user/certs/

Then you have to specify a number of information needed to communicate with the VOMSServlet. This servlet represents a workaround due to communication problem within portal, VOMS host and the all DILIGENT infrastructure. At ENG we develop that servlet that you must deploy in the same Apache tomcat container where you deploy diligent-gridsphere. The following parameters are required:

SERVLET_HOST=localhost
SERVLET_PORT=port_of_your_container
SERVLET_PATH=the_/VOMSServlet/VOMSServlet
SERVLET_PROTOCOL=http