DILIGENT Gridsphere and Portal Security patch

From Gcube Wiki
Revision as of 11:42, 6 July 2007 by Andreaturli (Talk | contribs) (Download Diligent-Gridpsphere)

Jump to: navigation, search

This page contains a description of some needed steps in order to perform a new installation of DILIGENT Gridsphere Portal.


Configure properly your host

If you want to deploy the DILIGENT gridsphere portal you need to properly configure security for DILIGENT services please follow the How To Enable Security page.

Install Apache-tomcat 5.5.20

You can download from ETICS build report the required version of that web application container tomcat-5.5.20. Remember to correctly configure the container as Gridsphere user's guide suggests in Gridsphere user's guide.

Download Diligent-Gridpsphere

It is a gridsphere-2.2.7 portal patched with org.diligentproject.portal.security-patch, that introduce the diligent security mechanisms in the gridsphere portal. You can download it from ETICS build report diligent-gridsphere.

TODO: include installation steps (refer to gridsphere site). We need

  • WS-CORE 4.0.4 and a DHN instance
  • copy dir $GLOBUS_LOCATION/lib in $CATALINA_HOME/webapps/gridsphere/WEB-INF/lib (to check)

Download VOMS servlet

The .war of the VOMSServlet is available at ENGrepository. After deploying the .war in your container, you need to edit a web.xml file. In the web.xml file you have to specify a number of parameters. To obtain a pkcs12 certificate of your host, if you don't have one, you can use the following command:

openssl pkcs12 -export -in path_to_the_containercert.pem -inkey path_to_the_containerkey.pem -out file.p12

This is an example of web.xml file you have to edit:

     <!-- the host name of the VOMS Admin interface -->
     <init-param>
	<param-name>hostName</param-name>
	<param-value>https://grids03.eng.it:8443/voms/diligent/services/VOMSAdmin</param-value>
     </init-param>
     <!-- the pcks12 host certificate -->
     <init-param>
	<param-name>keyStore</param-name>
	<param-value>path_to_host.p12</param-value>
     </init-param>
     <!-- the default value is pcks12 -->
     <init-param>
	<param-name>keyStoreType</param-name>
	<param-value>PKCS12</param-value>
     </init-param>
     <!-- the password of the specified keyStore --> 
     <init-param>
	<param-name>keyStorePassword</param-name>
	<param-value>password</param-value>
     </init-param>
     <!-- the path to a trustStore --> 
     <init-param>
        <param-name>trustStore</param-name>
        <param-value>path_to_a_trustStore</param-value>
     </init-param>	
     <!-- the password of the specified keyStore --> 
     <init-param>
        <param-name>trustStorePassword</param-name>
        <param-value>tomcat</param-value>
     </init-param>				
     <!-- the default value -->
     <init-param>
         <param-name>trustStoreType</param-name>
         <param-value>JKS</param-value>
     </init-param>

You can find information here to obtain a trustStore. It must contain also the VOMS certificate you want to use. The default current scenario use the VOMS at grids03.eng.it, so you have to store it in your truststore.

TODO: add keytool command example

Edit PortalSecurity.properties

In the .tgz of diligent-gridpshere you can find a new file called PortalSecurity.properties. You have to edit it before installing the portal in your machine. This operation is really important in order to have a correct installation.

In particular you have to specify a number of parameters belonging to MyProxy host you want to use:

E.g.:MYPROXY_HOST=grids04.eng.it
E.g.:MYPROXY_PORT=7512

and a dir in your filesystem suitable to store temporary generated proxy certificate

E.g.:PROXIES_DIR=/home/user/certs/

Then you have to specify a number of information needed to communicate with the VOMSServlet. This servlet represents a workaround due to communication problem within portal, VOMS host and the all DILIGENT infrastructure. At ENG we develop that servlet that you must deploy in the same Apache tomcat container where you deploy diligent-gridsphere. The following parameters are required:

SERVLET_HOST=localhost
SERVLET_PORT=port_of_your_container
SERVLET_PATH=the_/VOMSServlet/VOMSServlet
SERVLET_PROTOCOL=http