shibboleth

[phpwiki]
It is my pleasure to announce the first release of myVocs box, an integrated collaboration platform. myVocs box is a virtual machine that delivers the technologies that drive myVocs.org wrapped up in a
self-contained system that's ready for you to enjoy.

Please visit http://myvocs-box.myvocs.org for details on the three simple steps to download, run, and enjoy a collaboration platform of your own.

The technologies in this release of myVocs box include:

* A complete Shibboleth 1.3 identity system (IdP and SP)
* Simple collaboration group setup and management via Sympa
* Flexible resource integration powered by YubNub

[phpwiki]
Taking the time to read up on the GridShib CA and MyProxy CA was very useful. They and phpki ultimately all are backened by an openssl configuration so in a sense are compatible with each other. The decision to use one over the other seems to mainly be about where one stores a cert and how one can retreive it. The GridShib CA has a great way of creating certs that are truely private (client-based key) so I'm guessing there is not a key store in GridShib CA. MyProxy CA would seem to have a keystore since it's backended by Simple CA. This makes it like phpki except that the interface is command-line versus web.

As of this week, gridsphere V 2.1.4 and gridportlets are running. Tomcat version is 5.0.X. Apache version is 2.2.2

• gridportlet as SP must be apache protected ->
  
  
  
  • install and configure mod_jk 4.1.30 (as ajp1.3)
    
    
    • 
      Description of Connector Protocol
      
    • be sure mod_jk.so is installed (via RPM)
      
    • create mod_jk.conf in /etc/apache2 and Include in httpd.conf
      
      NOTE: skipped steps to secure WEB-INF Directory

  • Reconfigure gridsphere so that tomcat connector is used (5/10/06)

Creating a User Credential Inside MyProxy

myproxy-admin-adduser -c "Jill Gemmill" -l jgemmill-n -a


Retrieved using myproxy-logon and BlazerID password

A private key and a certificate request has been generated with the subject:

/O=Grid/OU=GlobusTest/OU=simpleCA-juster.lab.ac.uab.edu/OU=lab.ac.uab.edu/CN=Jill Gemmill

the myVocs demo went well and along with Jim's work, seems to make a very nice system environment. struck again how clearly bogger.com, technocati's and del.icio.us have the potential to become the major new applications of you desktop with these technologies. amazing to see the type of system experience that can be defined with so many interfaces available. interesting trend graphs to namespace creation and management.

am working on getting the demo in an on-line followable version and will add a link when I ha

seems that the problem to compiling shib with the embedded mysql server
is not in the shib configuration but in the mysql_config script
distributed with mysql. this script lists the libraries needed to link
the mysqld embedded server and seems to ommit "-lz" (the compression
library) for the libs needed to link the embedded server. adding this lib
to the shib ./configure script works around this problem. you can simply
do a:

LDLIBS=-lz ./configure ...

This seems to be a problem with the 4.1.10 mysql rpm from mysql.com and
doesn't fix itself even when I build the rpm locally.

doesn't look like its worth trying to get existing mysql session mgr for
shib working since comments describe it as a two level cache with the
attributes remaining in ram. will need to look at this more closely.
don't need to worry about it for now. need ldap database and vo mgm up
more pressing.

would need to build a attribute cache backend that stores the attributes
into the voaa origin aa cache or build that shib shim that captures the
attributes during the vo origin hs processing after the shib
authentication is done.

[phpwiki]
have had no luck with the test code and can't figure out why it's failing.
google doesn't seem to be of help. mysql.com doesn't seem to indicate any
problems with mysql embedded. and my test embedded build absolutely
refuses to link. if i do the build/link in one step i get an undefined
function mysql_server_init, if I do it in two steps I get complaints about
references to compress which I can't figure out how to resolve.

there doesn't seem to be anything special about linking the embedded db
according to the docs. the only diff between embedded and non-embedded is
that mysql_init_server() is not an empty stub in the embedded version.

got the double shib redirect working so now we have one shib install
protected by another. this is working nicely and feeding remote user
through. now just have to set up distinct ldap database for vo and get the
open subscription id provider "id" working. also need to refine the arp
and aap so the vo system env gets a consist set of attributes from the vo
database.

The Shibboleth Project has started. Please post any Shibboleth-relevant pages under this project.

Thanks,

jason