/[pdpsoft]/trunk/eu.rcauth.pilot-ica/DS
ViewVC logotype

Log of /trunk/eu.rcauth.pilot-ica/DS

View Directory Listing Directory Listing


Sticky Revision:

Revision 3233 - Directory Listing
Modified Fri Apr 20 13:52:02 2018 UTC (3 years, 5 months ago) by msalle
Various updates, synced from EGI test CA

- Add instructions for JSON Web Key creation in README
- remove Tamas
- Update logfile size for shibd.logger and cfg.xml (both oauth2.log and
  trace.log) to 10MB
- Adapt http config for Shib to easier allow banning users
- Update download URL for javax.mail.jar (now via github)


Revision 3165 - Directory Listing
Modified Fri Feb 17 14:43:05 2017 UTC (4 years, 7 months ago) by msalle
Do deployment of JSON web keys in oa4mp-server to prevent accidental race
conditions or the like.


Revision 3162 - Directory Listing
Modified Fri Feb 17 13:56:24 2017 UTC (4 years, 7 months ago) by msalle
Update for recent changes w.r.t. signed tokens


Revision 3144 - Directory Listing
Modified Thu Dec 22 15:33:02 2016 UTC (4 years, 9 months ago) by msalle
Synchronize metadata with that from the WAYF


Revision 3129 - Directory Listing
Modified Fri Oct 14 14:00:36 2016 UTC (5 years ago) by msalle
Update registration-init.jsp in different war files.


Revision 3127 - Directory Listing
Modified Fri Oct 14 12:33:13 2016 UTC (5 years ago) by msalle
Removed limited proxy option in registration page


Revision 3120 - Directory Listing
Modified Thu Oct 13 12:43:04 2016 UTC (5 years ago) by msalle
Update list of claims in the "org.cilogon.userinfo" scope.


Revision 3095 - Directory Listing
Modified Mon Aug 22 10:22:29 2016 UTC (5 years, 1 month ago) by tamasb
blocking /authorized has to have precedence


Revision 3089 - Directory Listing
Modified Wed Aug 17 12:02:01 2016 UTC (5 years, 1 month ago) by tamasb
lineinfile now backs up before making changes


Revision 3087 - Directory Listing
Modified Mon Aug 15 14:25:14 2016 UTC (5 years, 2 months ago) by tamasb
change ownership of oa2-cli to root


Revision 3083 - Directory Listing
Modified Mon Aug 15 10:51:05 2016 UTC (5 years, 2 months ago) by tamasb
produce clearer error message in myproxy server


Revision 3082 - Directory Listing
Modified Mon Aug 15 09:36:30 2016 UTC (5 years, 2 months ago) by msalle
Add missing run-as user to cron entry


Revision 3080 - Directory Listing
Modified Mon Aug 15 09:00:26 2016 UTC (5 years, 2 months ago) by msalle
Create CRL publishing cron job in cron.d instead of crontab


Revision 3078 - Directory Listing
Modified Tue Aug 9 11:19:32 2016 UTC (5 years, 2 months ago) by msalle
Need to copy conf file, not just check (i.e. copy, not file)
Make restrict dependent on whether variable is set.


Revision 3077 - Directory Listing
Modified Mon Aug 8 13:37:02 2016 UTC (5 years, 2 months ago) by msalle
Add mysql dump and restore scripts plus cronjob for the former.
Move 00-httpoxy from templates to file (it's not a template)
Update the oauth2 war and jar files.


Revision 3075 - Directory Listing
Modified Fri Jul 29 09:22:58 2016 UTC (5 years, 2 months ago) by davidg
New ACLs and root access from fabman-net


Revision 3074 - Directory Listing
Modified Thu Jul 28 12:59:02 2016 UTC (5 years, 2 months ago) by msalle
Replace crontab entry with a cron.hourly cronjob by symlinking to the /usr/local
script.


Revision 3072 - Directory Listing
Modified Mon Jul 25 15:51:19 2016 UTC (5 years, 2 months ago) by tamasb
don't map ShibAuthenticatingAuthority directly into /O=
this will be done by the WAYF from now.


ShibAuthenticatingAuthority can be multi valued (unordered)
in case there is a WAYF after our WAYF. This will cause confusion 
on the  Delegation Server since it expects a single valued 
attribute. The WAYF will take care of extracting the right 
ShibAuthenticatingAuthority (the proxy entityID) and setting 
it in the 'o' attribute sent to the Delegation Server



Revision 3068 - Directory Listing
Modified Mon Jul 25 10:29:51 2016 UTC (5 years, 2 months ago) by tamasb
enable shibboleth exportAssertion in mod_shib

- also, raise logging to debug on the server


Revision 3066 - Directory Listing
Modified Fri Jul 22 15:41:22 2016 UTC (5 years, 2 months ago) by tamasb
added HSTS support


Revision 3064 - Directory Listing
Modified Fri Jul 22 14:38:25 2016 UTC (5 years, 2 months ago) by tamasb
updated SSLCipher rules on httpd config


Revision 3058 - Directory Listing
Modified Tue Jul 19 09:48:12 2016 UTC (5 years, 2 months ago) by tamasb
fix for httpoxy voulnerability (CVE-2016-5387)


Revision 3057 - Directory Listing
Modified Thu Jul 14 14:18:02 2016 UTC (5 years, 3 months ago) by tamasb
we don't use a trust store for the DS

it uses the /var/www/server/certificates as a trust root


Revision 3056 - Directory Listing
Modified Thu Jul 14 13:52:58 2016 UTC (5 years, 3 months ago) by tamasb
changed an outdated comment


Revision 3055 - Directory Listing
Modified Thu Jul 14 12:48:45 2016 UTC (5 years, 3 months ago) by tamasb
do not fail (and send mail) on faild CRL retrievals 


Revision 3054 - Directory Listing
Modified Thu Jul 14 10:41:27 2016 UTC (5 years, 3 months ago) by tamasb
ca_checker now keeps state so that if will not flood with emails


Revision 3053 - Directory Listing
Modified Wed Jul 13 14:18:50 2016 UTC (5 years, 3 months ago) by tamasb
renamed host group for more generic 'delegserver'


Revision 3048 - Directory Listing
Modified Mon Jul 11 13:17:28 2016 UTC (5 years, 3 months ago) by tamasb
hourly ca checker cronjob that sends an email if CA is down



Revision 3047 - Directory Listing
Modified Mon Jul 11 12:02:29 2016 UTC (5 years, 3 months ago) by tamasb
corrected claim name to idp_display_name matching OpenID Connect for MyProxy specs


Revision 3046 - Directory Listing
Modified Mon Jul 11 11:54:05 2016 UTC (5 years, 3 months ago) by tamasb
don't map eptid from oid, only map it from persistent NameID

This change was introduced to match the eptid that the RCauth WAYF is producing


Revision 3045 - Directory Listing
Modified Mon Jul 11 10:52:25 2016 UTC (5 years, 3 months ago) by tamasb
Change delegation server idp to RCauth WAYF

- change IdP metadata endpoint and entityID
- idp claim source becomes Shib-Authenticating-Authority (since Shib-Identity-Provider will always be the WAYF from here on)
- idp_name claim source becomse o (since orgDisplayName will always be the WAYF)



Revision 3042 - Directory Listing
Modified Mon Jul 11 10:32:36 2016 UTC (5 years, 3 months ago) by tamasb
enable assertion exporting for trace logging


Revision 3040 - Directory Listing
Modified Mon Jul 11 10:25:15 2016 UTC (5 years, 3 months ago) by tamasb
Configuration for the updated delegation server

- generate and release 'cert_subject_dn' claim
- configure attribute filtering (url extraction)
- add certificate extensions (mail) support


Revision 3039 - Directory Listing
Modified Mon Jul 11 09:22:03 2016 UTC (5 years, 3 months ago) by tamasb
Added 'description' field to client DB table


Revision 3035 - Directory Listing
Modified Thu Jun 23 13:50:11 2016 UTC (5 years, 3 months ago) by msalle
Set cookie using mod_rewrite for request parameter idphint, this is passed to
wayf which uses it to directly go to a IdP.



Revision 3031 - Directory Listing
Modified Wed Jun 15 09:03:33 2016 UTC (5 years, 4 months ago) by tamasb
fromatting 


Revision 3030 - Directory Listing
Modified Fri Jun 10 08:46:15 2016 UTC (5 years, 4 months ago) by tamasb
update mappings for idp and idp_name claims


Revision 3029 - Directory Listing
Modified Wed Jun 8 12:14:15 2016 UTC (5 years, 4 months ago) by tamasb
changes rsync backup from /var to /


Revision 3025 - Directory Listing
Modified Mon May 30 08:53:01 2016 UTC (5 years, 4 months ago) by tamasb
changed the order of precedence to: epuid eppn 


Revision 3021 - Directory Listing
Modified Mon May 23 13:21:53 2016 UTC (5 years, 4 months ago) by tamasb
deleted unused configuration tag dnFormat


Revision 3020 - Directory Listing
Modified Mon May 23 12:59:48 2016 UTC (5 years, 4 months ago) by tamasb
map SAML2 attributes only (by their OID) 

keep both SAML2 attribute OID and NameID source for extracting eptid


Revision 3019 - Directory Listing
Modified Mon May 23 12:43:16 2016 UTC (5 years, 4 months ago) by tamasb
add the shibboleth repo key from https source


Revision 3015 - Directory Listing
Modified Fri May 13 08:46:49 2016 UTC (5 years, 5 months ago) by tamasb
switch short claim names to long version


Revision 3009 - Directory Listing
Modified Wed May 4 09:52:26 2016 UTC (5 years, 5 months ago) by tamasb
added missing scope for eptid


Revision 3008 - Directory Listing
Modified Tue May 3 18:56:09 2016 UTC (5 years, 5 months ago) by tamasb
replaced links with binaries 


Revision 3007 - Directory Listing
Modified Tue May 3 17:07:17 2016 UTC (5 years, 5 months ago) by tamasb
updated to support trace_records 

 - new war file
 - new server config 
 - new shibboleth config mapping more attributes
 - mysql scipt for creating the right DB tables



Revision 3006 - Directory Listing
Modified Wed Apr 20 12:44:45 2016 UTC (5 years, 5 months ago) by tamasb
added new set of host variables with the right hostname 

and changed the epel repo location to a more generic link


Revision 3004 - Directory Listing
Modified Mon Apr 11 16:35:13 2016 UTC (5 years, 6 months ago) by tamasb
updated hostname and server aliases


Revision 3003 - Directory Listing
Modified Mon Apr 11 16:34:29 2016 UTC (5 years, 6 months ago) by tamasb
protect /register endpoint with SSO


Revision 3002 - Directory Listing
Modified Mon Apr 11 14:20:17 2016 UTC (5 years, 6 months ago) by tamasb
publish new CRLs to web root


Revision 3001 - Directory Listing
Modified Mon Apr 11 13:55:34 2016 UTC (5 years, 6 months ago) by tamasb
check for defined variables


Revision 3000 - Directory Listing
Modified Mon Apr 11 13:30:48 2016 UTC (5 years, 6 months ago) by tamasb
customize SP metadata contact and attributes 


Revision 2996 - Directory Listing
Modified Tue Apr 5 16:29:35 2016 UTC (5 years, 6 months ago) by tamasb
added extra sirtfi bits to shibboleth metadata


Revision 2995 - Directory Listing
Modified Tue Apr 5 13:36:51 2016 UTC (5 years, 6 months ago) by tamasb
switch from using ansible_fqdn to inventory_hostname


Revision 2992 - Directory Listing
Modified Tue Apr 5 12:27:35 2016 UTC (5 years, 6 months ago) by tamasb
rewrite index.html instead of / (breaks shibboleth urls)


Revision 2991 - Directory Listing
Modified Tue Apr 5 09:31:27 2016 UTC (5 years, 6 months ago) by tamasb
redirect webroot to rcauth url


Revision 2988 - Directory Listing
Modified Mon Apr 4 13:57:24 2016 UTC (5 years, 6 months ago) by tamasb
updated readme



Revision 2987 - Directory Listing
Modified Mon Apr 4 13:57:09 2016 UTC (5 years, 6 months ago) by tamasb
ansible config saves logs in /tmp


Revision 2986 - Directory Listing
Modified Mon Apr 4 13:56:42 2016 UTC (5 years, 6 months ago) by tamasb
distinguish secret_owner from secret_group


Revision 2985 - Directory Listing
Modified Mon Apr 4 13:56:09 2016 UTC (5 years, 6 months ago) by tamasb
added quates around ansible variable


Revision 2984 - Directory Listing
Modified Mon Apr 4 13:55:32 2016 UTC (5 years, 6 months ago) by tamasb
task to make sure oa4mp db user exists


Revision 2983 - Directory Listing
Modified Mon Apr 4 13:54:50 2016 UTC (5 years, 6 months ago) by tamasb
install tomcat manager interface


Revision 2982 - Directory Listing
Modified Mon Apr 4 13:54:32 2016 UTC (5 years, 6 months ago) by tamasb
tomcat should only listed on localhost


Revision 2981 - Directory Listing
Modified Mon Apr 4 13:54:01 2016 UTC (5 years, 6 months ago) by tamasb
add empty index page in webroot


Revision 2980 - Directory Listing
Modified Mon Apr 4 13:53:43 2016 UTC (5 years, 6 months ago) by tamasb
completed shibboleth defaults


Revision 2979 - Directory Listing
Modified Mon Apr 4 13:53:02 2016 UTC (5 years, 6 months ago) by tamasb
stop using the yumrepo extra ansible module


Revision 2978 - Directory Listing
Modified Mon Apr 4 13:52:12 2016 UTC (5 years, 6 months ago) by tamasb
renamed rsync_hosts_allow to rsync_hosts


Revision 2977 - Directory Listing
Modified Mon Apr 4 13:51:41 2016 UTC (5 years, 6 months ago) by tamasb
disable pw logins and add sshd verbosity


Revision 2976 - Directory Listing
Modified Mon Apr 4 13:50:59 2016 UTC (5 years, 6 months ago) by tamasb
copy host credentials into target machine 


Revision 2975 - Directory Listing
Modified Mon Apr 4 13:48:27 2016 UTC (5 years, 6 months ago) by tamasb
updated the way iptables are generated


Revision 2974 - Directory Listing
Modified Mon Apr 4 13:47:13 2016 UTC (5 years, 6 months ago) by tamasb
set hostname to ansible_fqdn


Revision 2973 - Directory Listing
Modified Mon Apr 4 13:46:44 2016 UTC (5 years, 6 months ago) by tamasb
added epuid into the attribute map


Revision 2972 - Directory Listing
Modified Mon Apr 4 13:46:14 2016 UTC (5 years, 6 months ago) by tamasb
Updated metadata generation 


Revision 2943 - Directory Listing
Modified Wed Mar 30 14:36:05 2016 UTC (5 years, 6 months ago) by tamasb
added ipv6 static configuration


Revision 2900 - Directory Listing
Modified Fri Mar 18 13:17:35 2016 UTC (5 years, 6 months ago) by msalle
Changing default policy to DROP for INPUT and FORWARD


Revision 2889 - Directory Listing
Modified Thu Mar 17 11:43:48 2016 UTC (5 years, 7 months ago) by tamasb
adding kickstart file


Revision 2886 - Directory Listing
Modified Wed Mar 16 22:06:29 2016 UTC (5 years, 7 months ago) by tamasb
added some shib metadata info 


Revision 2885 - Directory Listing
Modified Wed Mar 16 16:14:04 2016 UTC (5 years, 7 months ago) by tamasb
fixed some minor issues, and added support for password generation on the fly


Revision 2880 - Directory Listing
Modified Tue Mar 15 11:48:53 2016 UTC (5 years, 7 months ago) by tamasb
Ansible deployment scripts for DS


Revision 2877 - Directory Listing
Added Mon Mar 14 10:32:08 2016 UTC (5 years, 7 months ago) by msalle
Adding installation stick for the CA.


grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28