Revision d2a9f85f docs/quick-install-admin-guide.rst
| b/docs/quick-install-admin-guide.rst | ||
|---|---|---|
| 185 | 185 |
ServerName node1.example.com |
| 186 | 186 |
|
| 187 | 187 |
RewriteEngine On |
| 188 |
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC]
|
|
| 189 |
RewriteRule ^(.*)$ - [F,L] |
|
| 188 | 190 |
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
|
| 189 | 191 |
</VirtualHost> |
| 190 | 192 |
|
| ... | ... | |
| 220 | 222 |
ProxyPassReverse / http://localhost:8080/ |
| 221 | 223 |
|
| 222 | 224 |
RewriteEngine On |
| 225 |
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC]
|
|
| 226 |
RewriteRule ^(.*)$ - [F,L] |
|
| 223 | 227 |
RewriteRule ^/login(.*) /im/login/redirect$1 [PT,NE] |
| 224 | 228 |
|
| 225 | 229 |
SSLEngine on |
| ... | ... | |
| 357 | 361 |
ServerName node2.example.com |
| 358 | 362 |
|
| 359 | 363 |
RewriteEngine On |
| 364 |
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC]
|
|
| 365 |
RewriteRule ^(.*)$ - [F,L] |
|
| 360 | 366 |
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
|
| 361 | 367 |
</VirtualHost> |
| 362 | 368 |
|
| ... | ... | |
| 443 | 449 |
django project. This corner case concerns only very advanced users that know |
| 444 | 450 |
what they are doing and want to experiment with synnefo. |
| 445 | 451 |
|
| 446 |
|
|
| 447 | 452 |
Configuration of Astakos |
| 448 | 453 |
======================== |
| 449 | 454 |
|
| ... | ... | |
| 529 | 534 |
For the ``ASTAKOS_RECAPTCHA_PUBLIC_KEY`` and ``ASTAKOS_RECAPTCHA_PRIVATE_KEY`` |
| 530 | 535 |
go to https://www.google.com/recaptcha/admin/create and create your own pair. |
| 531 | 536 |
|
| 537 |
Shibboleth Setup |
|
| 538 |
---------------- |
|
| 539 |
Optionally, Astakos can delegate user authentication to a Shibboleth federation. |
|
| 540 |
|
|
| 541 |
To setup shibboleth, install package:: |
|
| 542 |
|
|
| 543 |
apt-get install libapache2-mod-shib2 |
|
| 544 |
|
|
| 545 |
Change appropriately the configuration files in ``/etc/shibboleth``. |
|
| 546 |
|
|
| 547 |
Add in ``/etc/apache2/sites-available/synnefo-ssl``:: |
|
| 548 |
|
|
| 549 |
ShibConfig /etc/shibboleth/shibboleth2.xml |
|
| 550 |
Alias /shibboleth-sp /usr/share/shibboleth |
|
| 551 |
|
|
| 552 |
<Location /im/login/shibboleth> |
|
| 553 |
AuthType shibboleth |
|
| 554 |
ShibRequireSession On |
|
| 555 |
ShibUseHeaders On |
|
| 556 |
require valid-user |
|
| 557 |
</Location> |
|
| 558 |
|
|
| 559 |
and before the line containing:: |
|
| 560 |
|
|
| 561 |
ProxyPass / http://localhost:8080/ retry=0 |
|
| 562 |
|
|
| 563 |
add:: |
|
| 564 |
|
|
| 565 |
ProxyPass /Shibboleth.sso ! |
|
| 566 |
|
|
| 567 |
Then, enable the shibboleth module:: |
|
| 568 |
|
|
| 569 |
a2enmod shib2 |
|
| 570 |
|
|
| 571 |
After passing through the apache module, the following tokens should be available at the destination:: |
|
| 572 |
|
|
| 573 |
eppn # eduPersonPrincipalName |
|
| 574 |
Shib-InetOrgPerson-givenName |
|
| 575 |
Shib-Person-surname |
|
| 576 |
Shib-Person-commonName |
|
| 577 |
Shib-InetOrgPerson-displayName |
|
| 578 |
Shib-EP-Affiliation |
|
| 579 |
Shib-Session-ID |
|
| 580 |
|
|
| 581 |
Finally, add 'shibboleth' in ``ASTAKOS_IM_MODULES``. |
|
| 582 |
|
|
| 532 | 583 |
Servers Initialization |
| 533 | 584 |
---------------------- |
| 534 | 585 |
|
| ... | ... | |
| 556 | 607 |
|
| 557 | 608 |
# snf-manage migrate im |
| 558 | 609 |
|
| 610 |
Finally we load the pre-defined user groups |
|
| 611 |
|
|
| 612 |
.. code-block:: console |
|
| 613 |
|
|
| 614 |
# snf-manage loaddata groups |
|
| 615 |
|
|
| 559 | 616 |
You have now finished the Astakos setup. Let's test it now. |
| 560 | 617 |
|
| 561 | 618 |
|
Also available in: Unified diff