[OOD-users] Adding Shibboleth Auth to OOD?

Nicklas, Jeremy jnicklas at osc.edu
Thu Nov 9 12:23:55 EST 2017 

Thanks Ric for responding to this.

As for post-install, I'd also like to add that in order integrate it with your Open OnDemand install you will need to follow the directions shown here:

https://osc.github.io/ood-documentation/master/infrastructure/ood-portal-generator/examples/add-shibboleth-authentication.html

In particular you will need to find that Apache config file generated by the Shibboleth install (the one Ric mentions) and uncomment or add the following line:

ShibCompatValidUser On

Then you will use ood-portal-generator to generate a new Apache "ood-portal.conf" file that uses Shibboleth authentication. I give an example ood-portal-generator "config.yml" file in the above documentation link.

You'd modify your "config.yml":

$ cd /path/to/ood-portal-generator
$ # edit the config.yml similar to the documentation link above

Then you'd build a new Apache "ood-portal.conf":

$ scl enable rh-ruby22 -- rake

Finally install it in the root location:

$ sudo scl enable rh-ruby22 -- rake install

Then restart your Apache server for changes to take effect:

$ sudo systemctl restart httpd24-httpd

--
Jeremy Nicklas
Web and Interface App Engineer
Ohio Supercomputer Center (OSC)
A member of the Ohio Technology Consortium
1224 Kinnear Road, Columbus, Ohio 43212
Office: (614) 292-6739 • Mobile: (614) 316-6428 • Fax: (614) 292-7168
jnicklas at osc.edu

Learn more about OSC at https://osc.edu

________________________________________
From: OOD-users [ood-users-bounces+jnicklas=osc.edu at lists.osc.edu] on behalf of Anderson, Richard O - (ric) [ric at email.arizona.edu]
Sent: Thursday, November 09, 2017 12:14 PM
To: Dmitri Chebotarov; ood-users at lists.osc.edu
Subject: Re: [OOD-users] Adding Shibboleth Auth to OOD?

Dmitri:
Shibboleth rpms (at least on RH7/CentOS7) install in /etc/httpd, and thus are invisible to httpd24-httpd.  What I did after installing httpd24-httpd, was
  # save anything that's there - nothing if you do this right after httpd24-httpd install and don't have standard httpd packages installed.
    mv /etc/httpd /etc/httpd.ORIG
 # Make /etc/httpd point to hrrpd24's incarnation…
    ln -s /opt/rh/httpd24/root/etc/httpd /etc/httpd
yum install shibboleth winds up putting shib.conf in /opt/rh/httpd24/root/etc/httpd/conf.d/shibd.conf where it's found and processed at the next httpd24-httpd restart.

Cheers,
Ric Anderson (U of AZ RT/HPC Systems team, ric at email.arizona.edu)
--

On 11/9/17, 9:31 AM, "Dmitri Chebotarov" <dchebota at gmu.edu> wrote:

    Hello

    I'm looking for any info about adding Shibboleth auth to OOD portal (dashboard). I followed https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLinuxRPMInstall, which doesn't seem to work in this case. Since OOD uses httpd24-httpd, do I need to do any special configuration on the server?

    I'm not able to get to /Shibboleth.sso on the server...

    Thank you,
    --
    Dmitri Chebotarov.
    George Mason University,
    4400 University Drive,
    Fairfax, VA, 22030
    GPG Public key# 5E19F14D: [https://goo.gl/SlE8tj]




_______________________________________________
OOD-users mailing list
OOD-users at lists.osc.edu
https://lists.osu.edu/mailman/listinfo/ood-users

More information about the OOD-users mailing list