Grouper Training - Admin - WS - Part 1
15
Grouper Training - Admin - WS - Part 1 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.
description
Grouper Training - Admin - WS - Part 1. Chris Hyzer Internet2 University of Pennsylvania. This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. Contents. Introduction Download Install Upgrade Authentication WS-* security App servers. Introduction. - PowerPoint PPT Presentation
Transcript of Grouper Training - Admin - WS - Part 1
Grouper Training - Admin - WS - Part 1
Chris HyzerInternet2
University of Pennsylvania
This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.
2
Contents
• Introduction• Download• Install• Upgrade• Authentication• WS-* security• App servers
3
Introduction
4
Download
• Grouper download sitehttp://www.internet2.edu/grouper/software.html
• Via Grouper Installer• Unzip
5
Install
• Grouper Installer can install it• Manually you need Java6, ant, and a
servlet container• Edit grouper-ws/build.properties
grouper.dir=C:/mchyzer/grouper/v2_1/grouper• Run "ant dist"
6
Upgrade
• If you are upgrading an existing WS install• Download the new version• Merge in any configuration changes to
new version• Point to an updated copy of Grouper API• Build, deploy
7
Authentication
• Ships with servlet container authn• Configure user/pass in tomcat-users.xml
(for example if using tomcat)• If you need other authn, disable this by
editing WEB-INF/web.xml• Remove the security-constraint, login-config,
and security-role sections• Build again
8
Authentication (continued)
• You could use web server authn• There are other authns built in• To use kerberos user/pass configure
grouper-ws/conf/grouper-ws.properties• Note, user/pass is in HTTP basic auth• Set
ws.security.non-rampart.authentication.class
9
WS-* security
• You can use WS-* security with SOAP• Set this in the build.properties
#if we should build the rampart war, or the regularwebapp.authentication.use.rampart=true
• Build again• In the build, WEB-INF/services you see either
normal aars or wssec aars renamed as "ondeck"• Note: you cannot run WS-* and non WS-* in the
same warfile, you could deploy both though
10
WS-* security (continued)
• Normal aars
11
WS-* security (continued)
• WS-* aars
12
App servers
• Grouper WS runs in Servlet 2.5 container• Generally institutions use Tomcat 6• Take
grouper-ws\build\dist\grouper-ws.war• Install in servlet container• In Tomcat, e.g. drop it in the webapps dir
13
Test the deployment
• Run the grouper client (see the Grouper Client training for details)
• Hit the status servlethttp://localhost:8090/grouper-ws/status?diagnosticType=sources
14
Test the deployment (continued)
• Hit a REST HTTP params service• Note: URL encode the group name
grouper-ws/servicesRest/xml/v2_1_000/groups/etc%3Asysadmingroup/members
Thanks!
Further information:
•Infosheets, mailing lists, wiki, downloads, etc.:www.internet2.edu/grouper
•Grouper demo server:grouperdemo.internet2.edu/
•Grouper Online Training Home:spaces.internet2.edu/x/IIGfAQ
This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. 15
