Ticket #787 (closed task: fixed)

Opened 12 years ago

Last modified 12 years ago

[S] HTTPS for Security WSs and firewall settings at all NDG sites

Reported by: pjkersha Owned by: pjkersha
Priority: required Milestone: PROD Final
Component: security Version:
Keywords: Security, web services, Apache, M2Crypto Cc: fvenuti, siva, mggr

Description

This issue affects BADC but could affect NOCS, PML and BODC also.

For alpha, we exposed security web services using Apache http proxy pass directives. Ports on glue running WSs were rerouted through port 80.

For Beta, we need services running https (Session Manager as bare minimum as this passes username+passwords in the connect() operation).

There are two alternatives:

  1. Open up a port on the firewall to enable web service running https through. In this case, HTTPS is applied at the service using M2Crypto.
  2. Use an Apache proxy pass directive to redirect the service through https on Apache web server. In this case, the web service runs locally over http before being exposed outside on https.

2) doesn't work at the moment (client requests break with an SSL error) but it's almost certainly the easiest way to get set-up because there's no need to change the firewall. A possible fix would be to write a python proxy script to forward requests from a uri on Apache to the security WS running locally. Something similar has been done for DEWS using a Java servlet.

Change History

comment:1 Changed 12 years ago by pjkersha

  • Status changed from new to assigned

comment:2 Changed 12 years ago by pjkersha

  • Status changed from assigned to closed
  • Resolution set to fixed

Fixed with upgrade to M2Crypto 0.18. M2Crypto client can talk to service redirected through https ProxyPass

Note: See TracTickets for help on using tickets.