This is the users guide for WebSSO Jasig Client that explains how to deploy a Sample WebSSO Jasig Client application. This application communicates with the WebSSO client (deployed in the same application server) to use the session attributes added by the WebSSO client. These session attributes are added during authentication and can be used by any web application that is deployed to a WebSSO-enabled app server.
Checkout SampleApplications release from SVN.
The caGrid 1.3 release stream provides access to the official source code repository for caGrid 1.3. On Windows systems, we recommend the following 3rd party tool as a GUI front-end to subversion to check out a caGrid release: http://tortoisesvn.tigris.org The command line version of subversion can be obtained from http://subversion.apache.org/source-code.html
cagrid-1-0\SampleApplications directory is refered as WEBSSO_CLIENT_SAMPLE_APPLICATIONS in this document.
In order to install and run the WebSSO, the following pre-requisite software must be installed:
The WebSSO Server has been configured and installed. The URL to this server would be used for configuring the WebSSO Client. Make sure host-identityof WebSSO Client was added as delegated application in websso-properties.xml for WEBSSO-Server. Details on how to install and configure a WebSSO Server can be found at following location WebSSO Administrators Guide.
- Create a GLOBUS_LOCATION environment variable and point it at the directory in which you installed Globus.
- Create a CATALINA_HOME environment variable and point it at the directory in which you installed Tomcat.
The WebSSO Client must run as a secure service, so the hosting container must run with a host credential. A host credential consist of an X.509 certificate and private key. Dorian provides the ability to issue and manage host credentials. There are many methods of retrieving host credentials, including:
- Requesting a credential from a known/trusted certificate authority (caGrid Certificate Authority). (RECOMMENDED APROACH)
- Standing up a Dorian service.
- Standing up a simple certificate authority.
We MUST configure Globus to trust the CA that issued the host credentials obtained in the previous step. To do this, place a copy of the certificate for the CA that issued the host credentials in the Globus trusted certificates directory. Unless otherwise specified during installation, this is usually ''USER_HOME/.globus/certificates''. Globus requires all CA certificates in its trusted certificates directory to be in PEM format and to have a digit extension (0-9). For example, if a CA certificate is stored in the file ''cacert.pem'', it should be copied to the directory ''USER_HOME/.globus/certificates'' (create directory if needed) with the file name ''cacert.0''
Modify application.properties in WEBSSO_CLIENT_SAMPLE_APPLICATIONS directory to specify location of cagrid.dir.
Since the WebSSO Client would be running using SSL we need to configure Tomcat to enable SSL. To do so complete the following:
Verify that the installation was successful by starting the container that WebSSO Jasig Client was deployed to. To start a secure Tomcat container run the startup script (startup.sh or startup.bat) located in TOMCAT_INSTALLATION_DIRECTORY/bin. If the container starts up,we are ready to verify that the WebSSO Jasig Client installation was successful.
From browser type http://localhost:@PORT_NUMBER@/webssoclientjasigexample-1.3-dev and make sure you are able to redirect to the WebSSO server.