Administration
WebSSO 1.2 Users Guide
[ caGrid 1.3 Documentation | WebSSO 1.2 Documentation | WebSSO 1.2 Users Guide ]
Web Single Sign On (WebSSO) Server Installation and Configuration
The Web Single Sign On (WebSSO) is distributed both as a standalone project and a component other projects (such as caGrid). Each distribution contains a websso directory, herein referred to as WEBSSO_LOCATION. To install and configure the WEBSSO, please follow the steps below.
Step 1: Install Prerequisite Software
In order to install and run the WebSSO, the following pre-requisite software must be installed:
Step 2: Setup Environment Variables
- Create a GLOBUS_LOCATION environment variable and point it at the directory in which you installed Globus.
- Create a CATALINA_HOME environment variable and point it at the directory in which you installed Tomcat.
Step 3: Obtain a Host Credential
The WebSSO must run as a secure service, so the hosting container must run with a host credential. A host credential consist of an X.509 certificate and private key. Dorian provides the ability to issue and manage host credentials. There are many methods of retrieving host credentials, including:
- Requesting a credential from a known/trusted certificate authority (caGrid Certificate Authority). (RECOMMENDED APROACH)
- Standing up a [Dorian] service.
- Standing up a simple certificate authority.
Step 4: Configuring and Building WebSSO
If you have obtained a source release of the WebSSO, you will need to configure and build it. Type the following from a command prompt:
%> cd WEBSSO_LOCATION
%> ant configure-websso
Buildfile: build.xml
configure-websso:
[input] Enter the location of the host certificate (PEM format):
C:\Documents and Settings\Garmillas\.cagrid\certificates\NCI-GARMILLAS-1-cert.pem
[input] Enter the location of the host key (PEM format):
C:\Documents and Settings\Garmillas\.cagrid\certificates\NCI-GARMILLAS-1-key.pem
[input] Enter websso server host name:
NCI-GARMILLAS-1
[input] Enter websso server https port (int value):
8443
[input] Enter start auto sync gts (yes or no) : [no]
yes
%> cd WEBSSO_LOCATION %> ant all
Step 5: Configuring Tomcat
Since the WebSSO Server would be running using SSL we need to configure Tomcat to enable SSL. To do so complete the following:
%> cd WEBSSO_LOCATION %> ant create-tomcat-https-keystore Buildfile: build.xml create-tomcat-https-keystore: [java] Changes to environment variables are ignored when same JVM is used. [java] Enter a location and name for your keystore: C:\Documents and Settings\Garmillas\.cagrid\certificates\NCI-GARMILLAS-websso-keystore [java] Enter a password for your keystore: websso [java] Enter the location of the certificate (PEM format): C:\Documents and Settings\Garmillas\.cagrid\certificates\NCI-GARMILLAS-1-cert.pem [java] Enter the location of the private key (PEM format): C:\Documents and Settings\Garmillas\.cagrid\certificates\NCI-GARMILLAS-1-key.pem [java] Enter the current password of the private key: websso
%> cd WEBSSO_LOCATION %> ant insert-tomcat-secure-connector insert-tomcat-secure-connector: [input] Enter the location of the keystore: C:\Documents and Settings\Garmillas\.cagrid\certificates\NCI-GARMILLAS-websso-keystore [input] Enter store password: websso [input] Enter tomcat https port number: 8443
Step 6: Deploying WebSSO into Tomcat
%> cd WEBSSO_LOCATION %> ant deployTomcat