Changes between Version 43 and Version 44 of InstallDiscoveryBrowse


Ignore:
Timestamp:
06/06/08 11:40:56 (11 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • InstallDiscoveryBrowse

    v43 v44  
    144144=== Security Configuration === 
    145145If the Browse interface is required, then security needs to be configured.  The steps are: 
    146  1. Single Sign On Service - this enables uses from other trusted sites to login at your Browse site with their home ID. 
    147  1. Gatekeeper - MOLES and CSML records available from the Browse interface can be secured with role based access control using the Gatekeeper. 
    148  1. WS-Security Settings - secures transactions between Browse and NDG security web services. 
    149  1. Apache Virtual Hosts - enables Browse to be exposed outside the site firewall and serves Browse over http and https for the Single Sign On Service. 
     146 a. Single Sign On Service - this enables uses from other trusted sites to login at your Browse site with their home ID. 
     147 a. Gatekeeper - MOLES and CSML records available from the Browse interface can be secured with role based access control using the Gatekeeper. 
     148 a. WS-Security Settings - secures transactions between Browse and NDG security web services. 
     149 a. Apache Virtual Hosts - enables Browse to be exposed outside the site firewall and serves Browse over http and https for the Single Sign On Service. 
    150150 
    151151Security settings are organised under the `[NDG_SECURITY.*]` sections of the `ndgDiscovery.config` file. 
    152152 
    153 ==== 1. Single Sign On Service ==== 
     153==== a. Single Sign On Service ==== 
    154154Settings are organised under the section `[NDG_SECURITY.ssoService]`.  Only the most important settings are described here.  The rest should be left as their default values. 
    155155 
     
    177177}}} 
    178178 
    179 ==== 2. Gatekeeper Settings ==== 
     179==== b. Gatekeeper Settings ==== 
    180180These are set in the section `[NDG_SECURITY.gatekeeper]`.  Settings starting with `pdp` should be left as their defaults. 
    181181 
     
    207207For help with set-up contact [mailto:P.J.Kershaw@rl.ac.uk Phil]. 
    208208 
    209 ==== 3. WS-Security Settings ==== 
     209==== c. WS-Security Settings ==== 
    210210Settings are contained in the section `[NDG_SECURITY.wssecurity]`. 
    211211 
     
    266266}}} 
    267267 
    268 ==== 4. Virtual Hosting of the Discovery Service over http and https ==== 
     268==== d. Virtual Hosting of the Discovery Service over http and https ==== 
    269269Paste, the Discovery application server runs over http but pages for Single Sign On require https for the secure transfer of user credentials.  One way to achieve this is to run `paste` on a port hidden inside the firewall exposing it to the outside using Virtual Hosting e.g. with Apache.  The service running on a particular port is exposed outside on 80 (http) and 443 (https): 
    270270 
     
    339339 
    340340 
    341 == Step 11: Start the services == 
     341== Step 9: Start the services == 
    342342Starting the server is a one line command: 
    343343{{{ 
     
    360360CSML services (WMS and WCS) are also available in this stack, but as they are still under development and nobody has any CSML they will be the subject of another wiki page. 
    361361 
    362 == Step 12: Add to boot == 
     362== Step 10: Add to boot == 
    363363This script can be put in /etc/init.d and will start your service on boot. Give it a suitable name, such as 'ndgservices'. 
    364364