Welcome to OAuth for MyProxy! This is a delegation service for MyProxy. It allows clients to request certificates and users to securely authorize them using the OAuth delegation protocol. Current release is 3.0.
$CATALINA_HOME/lib
. OA4MP used
to bundle these in the wars, but since their licences conflicted with those of some of
our users, we decided to simply let you supply them. If you are just using file-based storage,
then you don't need either of these.
$CATALINA_HOME/lib
as well as, apparently
JGlobus-Core
(latest release seems to be 2.0.4)
and the Bouncy Castle version that support these. Otherwise, you may omit this. Again, be sure you
check for the version of Bouncy Castle that your version of JGlobus uses and use that as well.
JGlobus-Core 2.0.4 includes Bouncy Castle classes.
You may most easily a bare-bones version for testing by downloading the current reference war:
oauth-server-latest.war
(PGP signature)
Download this, read to configure the deployment, and deploy it to Tomcat. The war, as delivered, cannot be run.You must do some minimal configuration at least before deploying it.
mvn clean installand you should end up with a deployable war.
If you decide to write your own webapp, you should use the following module:
<dependency> <artifactId>oa4mp-server-oauth1</artifactId> <groupId>edu.uiuc.ncsa.myproxy</groupId> <version>4.3</version> </dependency>
which will get the OAuth libraries and give you access to the configuration loader.
If you need to deploy this to Apache, you need to add the following to the proxy_ajp.conf file (which, e.g., lives under /etc/httpd/conf.d in most unix distributions):
ProxyPass /oauth/initiate ajp://localhost:8009/oauth/initiate
ProxyPass /oauth/authorize ajp://localhost:8009/oauth/authorize
ProxyPass /oauth/token ajp://localhost:8009/oauth/token
ProxyPass /oauth/getcert ajp://localhost:8009/oauth/getcert
ProxyPass /oauth/register ajp://localhost:8009/oauth/register
These entries allow access to all parts of the process. Note: in the WEB-INF/web.xml file there is a section called security-constraint, which controls access to the webapp using Tomcat's SSL. This will conflict with access via Apache, so comment that section out if you are deploying to Apache. It is only needed in stand-alone Tomcat deployments.
You may store all information for the service in your local file system. It is important that you restrict access to it and back it up. Specifying the storage location in your configuration file is sufficient, since the system will detect if it exists and create anything it needs.
In order to use MySQL for persistent storage, you must run the supplied script, mysql.sql to create all of the tables and users before your first use.
mysql -u username -p < /path/to/file/mysql.sql
(the username is an account (root, e.g.) which has sufficient privileges to create other users) which will prompt you for your password and run the file. If you do not accept the default account names, you must edit this file and replace all occurrences of them manually, as well as setting the passwords. This has to be done because of MySQL's very lousy support for variables. (Should you have to re-run the script, you should manually remove the users and database beforehand. These commands are commented out at the beginning of the file.)
Most Unix distros have this database installed by default. There is a specific script, pg.sql, that will create all the tables. All you should need to do is set the passwords near the top of the file. Then you would need to log in to the command line psql tool as the user postgres (this is the super user) and from that prompt issue
\i /path/to/file/pg.sql
The file contains default user, table, database and schema names, which you may change if you see fit (be sure to pass these along in your configuration file!). Again, you only need to edit the values at the top of the file, thanks to PostgreSQL's support for variables.