Revision d2a9f85f docs/quick-install-admin-guide.rst
b/docs/quick-install-admin-guide.rst | ||
---|---|---|
185 | 185 |
ServerName node1.example.com |
186 | 186 |
|
187 | 187 |
RewriteEngine On |
188 |
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC] |
|
189 |
RewriteRule ^(.*)$ - [F,L] |
|
188 | 190 |
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} |
189 | 191 |
</VirtualHost> |
190 | 192 |
|
... | ... | |
220 | 222 |
ProxyPassReverse / http://localhost:8080/ |
221 | 223 |
|
222 | 224 |
RewriteEngine On |
225 |
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC] |
|
226 |
RewriteRule ^(.*)$ - [F,L] |
|
223 | 227 |
RewriteRule ^/login(.*) /im/login/redirect$1 [PT,NE] |
224 | 228 |
|
225 | 229 |
SSLEngine on |
... | ... | |
357 | 361 |
ServerName node2.example.com |
358 | 362 |
|
359 | 363 |
RewriteEngine On |
364 |
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC] |
|
365 |
RewriteRule ^(.*)$ - [F,L] |
|
360 | 366 |
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} |
361 | 367 |
</VirtualHost> |
362 | 368 |
|
... | ... | |
443 | 449 |
django project. This corner case concerns only very advanced users that know |
444 | 450 |
what they are doing and want to experiment with synnefo. |
445 | 451 |
|
446 |
|
|
447 | 452 |
Configuration of Astakos |
448 | 453 |
======================== |
449 | 454 |
|
... | ... | |
529 | 534 |
For the ``ASTAKOS_RECAPTCHA_PUBLIC_KEY`` and ``ASTAKOS_RECAPTCHA_PRIVATE_KEY`` |
530 | 535 |
go to https://www.google.com/recaptcha/admin/create and create your own pair. |
531 | 536 |
|
537 |
Shibboleth Setup |
|
538 |
---------------- |
|
539 |
Optionally, Astakos can delegate user authentication to a Shibboleth federation. |
|
540 |
|
|
541 |
To setup shibboleth, install package:: |
|
542 |
|
|
543 |
apt-get install libapache2-mod-shib2 |
|
544 |
|
|
545 |
Change appropriately the configuration files in ``/etc/shibboleth``. |
|
546 |
|
|
547 |
Add in ``/etc/apache2/sites-available/synnefo-ssl``:: |
|
548 |
|
|
549 |
ShibConfig /etc/shibboleth/shibboleth2.xml |
|
550 |
Alias /shibboleth-sp /usr/share/shibboleth |
|
551 |
|
|
552 |
<Location /im/login/shibboleth> |
|
553 |
AuthType shibboleth |
|
554 |
ShibRequireSession On |
|
555 |
ShibUseHeaders On |
|
556 |
require valid-user |
|
557 |
</Location> |
|
558 |
|
|
559 |
and before the line containing:: |
|
560 |
|
|
561 |
ProxyPass / http://localhost:8080/ retry=0 |
|
562 |
|
|
563 |
add:: |
|
564 |
|
|
565 |
ProxyPass /Shibboleth.sso ! |
|
566 |
|
|
567 |
Then, enable the shibboleth module:: |
|
568 |
|
|
569 |
a2enmod shib2 |
|
570 |
|
|
571 |
After passing through the apache module, the following tokens should be available at the destination:: |
|
572 |
|
|
573 |
eppn # eduPersonPrincipalName |
|
574 |
Shib-InetOrgPerson-givenName |
|
575 |
Shib-Person-surname |
|
576 |
Shib-Person-commonName |
|
577 |
Shib-InetOrgPerson-displayName |
|
578 |
Shib-EP-Affiliation |
|
579 |
Shib-Session-ID |
|
580 |
|
|
581 |
Finally, add 'shibboleth' in ``ASTAKOS_IM_MODULES``. |
|
582 |
|
|
532 | 583 |
Servers Initialization |
533 | 584 |
---------------------- |
534 | 585 |
|
... | ... | |
556 | 607 |
|
557 | 608 |
# snf-manage migrate im |
558 | 609 |
|
610 |
Finally we load the pre-defined user groups |
|
611 |
|
|
612 |
.. code-block:: console |
|
613 |
|
|
614 |
# snf-manage loaddata groups |
|
615 |
|
|
559 | 616 |
You have now finished the Astakos setup. Let's test it now. |
560 | 617 |
|
561 | 618 |
|
Also available in: Unified diff