Notes for wiki install/config. Rough overview:

  • CentOS 4.6 vm
  • setup hostname and ip
  • config ldap auth
  • config ntp
  • create accounts jpr jelaiw cmbellah 
    useradd -m -c jpr@uab.edu jpr
  • add jpr jelaiw cmbellah to sudoers
  • open fw ports 80 443 8080

Install Shibboleth

Get Shibboleth RPMs for CentOS: 

wget http://shibboleth.internet2.edu/downloads/RPMS/i386/RHE/4/log4shib-1.0-1.i386.rpm
wget http://shibboleth.internet2.edu/downloads/RPMS/i386/RHE/4/opensaml-1.1.1-2.i386.rpm
wget http://shibboleth.internet2.edu/downloads/RPMS/i386/RHE/4/shibboleth-1.3.1-2.i386.rpm
wget http://shibboleth.internet2.edu/downloads/RPMS/i386/RHE/4/xerces-c-2.8.0-1.i386.rpm
wget http://shibboleth.internet2.edu/downloads/RPMS/i386/RHE/4/xml-security-c-1.4.0-1.i386.rpm

Install RPMs: 

rpm -ivh *.rpm

Config Shibboleth

  1. Update the Apache config according the shib install instrux
  2. Update the conf.d/ssl.conf file to read the correct server certs for https
  3. Create the server cert
    1. Create key
    2. Create csr
    3. Send csr to jpr
    4. jpr creates cert and sends back
    5. put cert in conf/ssl.crt/uabgrid-hostname.crt file
  4. Update shibboleth.xml
    1. with correct hostname
    2. correct providerid
    3. correct wayf (uabgrid login)
    4. with correct cert/key (put the pair from apache to /etc/shibboleth). Note: this is really the crux of our install and needs to be automated. It should be possible for someone to register a system and by simply submitting a CSR they could be added to the metadata files and get their cert. That is, we need a provider management interface.
  5. create secure/phpinfo.php file
  6. debug

Install mod_jk-ap20

reference: http://agiletesting.blogspot.com/2007/05/apache-virtual-hosting-with-tomcat-and.html 

cd /etc/yum.repos.d/

wget http://jpackage.org/jpackage.repo

Edit jpackage.repo and specify 'enabled=1' in the [jpackage-rhel] section

if you now do 

yum search mod_jk*

you'll get:

mod_jk-tools.i386 1.2.15-1jpp jpackage-rhel
Matched from:
mod_jk-tools
Analysis and report tools for mod_jk
Miscellaneous mod_jk analysis and report tools.

mod_jk-ap20.i386 1.2.15-1jpp jpackage-rhel
Matched from:
mod_jk-ap20
Tomcat mod_jk connector for Apache 2.0.x.
Tomcat mod_jk connector for Apache 2.0.x.

mod_jk-manual.i386 1.2.15-1jpp jpackage-rhel
Matched from:
mod_jk-manual
Tomcat mod_jk connector manual
Tomcat mod_jk connector manual.

mod_jk2.i386 2.0.4-7jpp jpackage-generic
Matched from:
mod_jk2
Tomcat mod_jk2 connector for Apache 2.0.x

Now you can install mod_jk: 

# yum install mod_jk-ap20