[OOD-users] Adding Shibboleth Auth to OOD?
Dmitri Chebotarov
dchebota at gmu.edu
Fri Nov 10 16:24:45 EST 2017
Hello
Thank you for your help - I'm making progress here.
Got Shibboleth working server-side and waiting for the SP's Metadata to be imported into our IdP. Will be able to test logins after that...
Thank you,
--
Dmitri Chebotarov.
George Mason University,
4400 University Drive,
Fairfax, VA, 22030
GPG Public key# 5E19F14D: [https://goo.gl/SlE8tj]
________________________________________
From: Nicklas, Jeremy <jnicklas at osc.edu>
Sent: Thursday, November 9, 2017 12:23:55 PM
To: User support maiing list for Open OnDemand; Dmitri Chebotarov
Subject: RE: [OOD-users] Adding Shibboleth Auth to OOD?
Thanks Ric for responding to this.
As for post-install, I'd also like to add that in order integrate it with your Open OnDemand install you will need to follow the directions shown here:
https://osc.github.io/ood-documentation/master/infrastructure/ood-portal-generator/examples/add-shibboleth-authentication.html
In particular you will need to find that Apache config file generated by the Shibboleth install (the one Ric mentions) and uncomment or add the following line:
ShibCompatValidUser On
Then you will use ood-portal-generator to generate a new Apache "ood-portal.conf" file that uses Shibboleth authentication. I give an example ood-portal-generator "config.yml" file in the above documentation link.
You'd modify your "config.yml":
$ cd /path/to/ood-portal-generator
$ # edit the config.yml similar to the documentation link above
Then you'd build a new Apache "ood-portal.conf":
$ scl enable rh-ruby22 -- rake
Finally install it in the root location:
$ sudo scl enable rh-ruby22 -- rake install
Then restart your Apache server for changes to take effect:
$ sudo systemctl restart httpd24-httpd
--
Jeremy Nicklas
Web and Interface App Engineer
Ohio Supercomputer Center (OSC)
A member of the Ohio Technology Consortium
1224 Kinnear Road, Columbus, Ohio 43212
Office: (614) 292-6739 • Mobile: (614) 316-6428 • Fax: (614) 292-7168
jnicklas at osc.edu
Learn more about OSC at https://osc.edu
________________________________________
From: OOD-users [ood-users-bounces+jnicklas=osc.edu at lists.osc.edu] on behalf of Anderson, Richard O - (ric) [ric at email.arizona.edu]
Sent: Thursday, November 09, 2017 12:14 PM
To: Dmitri Chebotarov; ood-users at lists.osc.edu
Subject: Re: [OOD-users] Adding Shibboleth Auth to OOD?
Dmitri:
Shibboleth rpms (at least on RH7/CentOS7) install in /etc/httpd, and thus are invisible to httpd24-httpd. What I did after installing httpd24-httpd, was
# save anything that's there - nothing if you do this right after httpd24-httpd install and don't have standard httpd packages installed.
mv /etc/httpd /etc/httpd.ORIG
# Make /etc/httpd point to hrrpd24's incarnation…
ln -s /opt/rh/httpd24/root/etc/httpd /etc/httpd
yum install shibboleth winds up putting shib.conf in /opt/rh/httpd24/root/etc/httpd/conf.d/shibd.conf where it's found and processed at the next httpd24-httpd restart.
Cheers,
Ric Anderson (U of AZ RT/HPC Systems team, ric at email.arizona.edu)
--
On 11/9/17, 9:31 AM, "Dmitri Chebotarov" <dchebota at gmu.edu> wrote:
Hello
I'm looking for any info about adding Shibboleth auth to OOD portal (dashboard). I followed https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLinuxRPMInstall, which doesn't seem to work in this case. Since OOD uses httpd24-httpd, do I need to do any special configuration on the server?
I'm not able to get to /Shibboleth.sso on the server...
Thank you,
--
Dmitri Chebotarov.
George Mason University,
4400 University Drive,
Fairfax, VA, 22030
GPG Public key# 5E19F14D: [https://goo.gl/SlE8tj]
_______________________________________________
OOD-users mailing list
OOD-users at lists.osc.edu
https://lists.osu.edu/mailman/listinfo/ood-users
More information about the OOD-users
mailing list