Overview

Welcome to OAuth for MyProxy! This describes the client software for the OAuth for MyProxy service. It allows clients to request certificates and users to securely authorize them using the OAuth delegation protocol.

Prerequisites

  • Tomcat 6 or 7. SSL should be configured and enabled.
  • Java 1.8 or above. Only the Oracle VM is officially supported. Do not use OpenJDK. Note that versions previous to Java 1.7 will not work due to internal changes by Sun to their security APIs.
  • (Optional) Maven 3.0+ or higher (only if building from the source)
  • (Optional) Apache 2, configured to work with Tomcat.

Getting and deploying from the war.

You may most easily a bare-bones version for testing by downloading the current reference war:

OAuth 1.0a

client.war

(PGP signature)

OAuth 2.0

client2.war

(PGP signature)

For many cases, this is all you need to do.

Save this and deploy it to Tomcat. You may do this in several ways such as dropping the war into the $CATALINA_HOME/webapps directory. The system will not work until you have configured it then registered with an OA4MP server though.

Using the Maven Repository

Fortunately, OA4MP is hosted on the public Sonatype maven repository so that using the code simply requires you add the right dependencies. There is no need to configure any repositories. Generally it is suggested that you use the pre-compiled war.

Getting and building the source

OAuth 1.0a
If you need/want to customize the basic package, you would download the webapp module from source forge by issuing
svn export https://svn.code.sf.net/p/cilogon/code/tags/edu.uiuc.ncsa/myproxy-3.4/oa4mp-client-oauth1
which has the correct dependencies in it. Build it by issuing
mvn clean install
and you should end up with a deployable war.

If you decide to write your own webapp, you should use the following module:

    <dependency>
        <artifactId>oa4mp-client-oauth1</artifactId>
        <groupId>edu.uiuc.ncsa.myproxy</groupId>
        <version>3.4</version>
    </dependency>
OAuth 2.0
If you need/want to customize the basic package, you would download the webapp module from source forge by issuing
svn export https://svn.code.sf.net/p/cilogon/code/tags/edu.uiuc.ncsa/myproxy-3.4/oa4mp-client-oauth2
which has the correct dependencies in it. Build it by issuing
mvn clean install
and you should end up with a deployable war.

If you decide to write your own webapp, you should use the following module:

    <dependency>
        <artifactId>oa4mp-client-oauth2</artifactId>
        <groupId>edu.uiuc.ncsa.myproxy</groupId>
        <version>3.4</version>
    </dependency>

which will get the OAuth libraries and give you access to the configuration loader.

Deploying to Apache

If you need to deploy this to Apache, you need to add the following to the proxy_ajp.conf file (which, e.g., lives under /etc/httpd/conf.d or perhaps /etc/apache2/conf.d in most unix distributions):

ProxyPass /client/simple ajp://localhost:8009/client/simple

Note:In the WEB-INF/web.xml file there is a section called security-constraint, which controls access to the webapp using Tomcat's SSL. This will conflict with access via Apache, so comment that section out if you are deploying to Apache. It is only needed in stand-alone Tomcat deployments.


Last modified 08/15/17.
©2000-2013 Board of Trustees of the University of Illinois.