wiki:UABgridBlogs
Last modified 10 years ago Last modified on 08/30/07 11:16:51

Configuring the blogs.uabgrid vhost

The blogs were initially installed on the base hosting web server. For easier management and better naming we want to host the blogs on blogs.uabgrid.uab.edu. The following notes cover converting from the default install to this new vhost.

Setting up the vhost for blogs was pretty easy. This is also helping to develop a decent vhost template file to support the configuration management. This involved defining the ip addr for the host, creating the vhost blogs.uabgrid file in /etc/apache2/sites-available, running a2ensite blogs.uabgrid and restarting the server. The host-name specific config file also needed renaming in /etc/wordpress. The default config of wordpress needed to be suppressed by hiding the config in /etc/apache2/config.d/wordpress.conf file.

The old host name apps.uabgrid still came through though because it was stored in the database. This was noticed with the CSS not loading and the wp-login.php function not returning to the site.

There is a siteurl and home attribute definition in the wp_options table. This has to be reset:

update wp_options set option_value='http://blogs.uabgrid.uab.edu/jpr' where option_name='siteurl';
update wp_options set option_value='http://blogs.uabgrid.uab.edu/jpr' where option_name='home';
update wp_options set option_value='' where option_name='http_authentication_logout_uri';

These settings can also be changed in the admin web interface for the site and blog url addresses. It's hard to do this if you can't log into the site, though.

The 3rd update is to remove an HTTP auth module-specific parameter. It too can be controlled under the admin interface Options->HTTP Authentication. This controls the uri the Logout link points to and seems to be set when the http authn module is installed, so it may be correct if the hostname isn't changed subsequently. It may also need to point to a shib logout hook, to operate more predictably (ie. unset cookies). An undefined value causes the default blog uri to be used.

For future reference theres also an ability to define dynamic hostnames for multi-blog configurations. Will need to compare that that to the wpmu approach.

After these fixes, the Shibboleth configuration needs updating. We're using the approach of piggy-backing the attribute trusts on one entityId, so we just needed assertion consumer service urls added to the apps.uabgrid entityId in the UABgrid metadata.

<AssertionConsumerService index="6" isDefault="false"
   Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
   Location="https://blogs.uabgrid.uab.edu/Shibboleth.sso/SAML/POST"/>
<AssertionConsumerService index="7" isDefault="false"
  Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
  Location="https://blogs.uabgrid.uab.edu/Shibboleth.sso/SAML/Artifact"/>

Because our ACS is SSL protected, we need to enable the https://blogs.uabgrid interface to support communication with /Shibboleth.sso. Creating a cert and enabling the ssl site interface makes the shib authn work. i created the cert manually with direct calls to openssl.

openssl genrsa -out blogs.uabgrid.uab.edu.key 1024
openssl req -new -key blogs.uabgrid.uab.edu.key -out blogs.uabgrid.uab.edu.csr

The signed cert is then put in /etc/ssl/certs and the web server restarted.