Changes between Version 10 and Version 11 of Aaa


Ignore:
Timestamp:
Oct 11, 2010, 4:08:02 PM (14 years ago)
Author:
tim.bauge
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Aaa

    v10 v11  
     1= System Provider AAA Guide =
    12== AAA overview ==
    23Access control is an optional service on the SENSEI test platform. Each public interface in the system can be access controlled or not, at the owner's discretion.
     
    89
    910== Identity provider: STS ==
    10 A Security Token Service needs to be deployed for each security domain.
     11A Security Token Service needs to be deployed for each security domain. TRT has deployed an STS on the PETP which can be used by the platform users. Others can be deployed as required.
    1112=== Deployment ===
    12 The STS is provided as a web app, to be deployed in a servlet container. A number of configuration options need to be set before rebuilding to package into a deployable WAR file.
     13The STS is provided as a web app, to be deployed in a servlet container. A number of configuration options need to be set by editing property files in the WAR file before deployment.
     14==== Getting the STS WAR file ====
     15The STS WAR file can be downloaded from here: [wiki:trt-war AAA downloads page]
    1316==== Configure ====
    14 The configuration files are located in src/main/webapp/WEB-INF. The Spring Security and authentication filters are configured in applicationContext-security.xml. The rest of the code is configured in applicationContext.xml.
    15 However, many of the properties set in the Spring context can configured in the properties files located in src/main/resources.
    16 ===== Keystore =====
    17 The STS requires a JKS keystore that contains a private key. This is the key that will be used to sign all SAML objects such as assertions. A keystore can be generated using the Java Keytool. Instructions here: http://wiki.eclipse.org/Generating_a_Private_Key_and_a_Keystore
    18 The keystoreManager bean needs to be configured to use this keystore. This can be done by changing the following properties in metadata.properties:
     17The WAR file is an archive containing object code, presentation templates and configuration files. The downloaded WAR file should therefore be opened (e.g. using [http://www.7-zip.org/ 7-zip]) to access the configuration files located in ???/WEB-INF.
     18===== Setting up a keystore =====
     191. The STS requires a JKS keystore that contains a private key. This is the key that will be used to sign all SAML objects such as assertions. A keystore can be generated using the Java Keytool. Instructions [http://wiki.eclipse.org/Generating_a_Private_Key_and_a_Keystore here].
     201. The STS configuration must be changed to use the new keystore. This is done by changing the following properties in metadata.properties:
    1921||=Property=||=Description=||
    2022||keystore.file||Location of the keystore. Default is security/keystore.jks||