Single Sign-on Authentication Modules

Single Sign-on Authentication Modules

The GridPort demo portal includes a set of configurable grid authentication modules which allow one to perform grid authentication upon signing in to the portal. The demo portal contains modules that work with the GridPort Repository and MyProxy.

Configuration

There are a few properties that you can configure in the main project.properties file of the demo portal.

You can enable and disable the authentication modes by setting the auth.enable properties to either true or false. true will turn the module on and false will turn the module off.

	    ###
	    # AUTHENTICATION MODULE PROPERTIES
	    # Set to 'true' to enable and 'false' to disable.
	    ###
	    gridport.auth.enable=true
	    myproxy.auth.enable=false	    

In order for changes to take effect in the portal you must re-deploy the modules and restart tomcat.

Configuring GridPort Repository Authentication

The GridPort Repository allows a developer to set up grid authentication without a MyProxy server. Prerequisites for a GridPort Repository are at least one certificate and private key pair of .pem files and at least one GridSphere portal account created for the user you wish to have single sign-on grid capability through the portal.

If the GridPort authentication module is enabled then a GridPort repository will be created automatically in $HOME/.globus/GridPortRepository with the appropriate directory structure. You can also configure the GridPort repository to install in a directory other than the default by setting the gridport.repo property in project.properties.

	      ###
	      # GRIDPORT REPOSITORY CONFIGURATION
	      ###
	      gridport.repo=${user.home}/.globus/GridPortRepository

Inside the repository you will find three directories, storeCredentials/, storedProxies/, and sessions/. You should copy your certificate and private key .pem files into storedCredentials/ and rename them to have your portal user’s username as a prefix followed by _cert.pem and _key.pem, respectively.

	      localhost> pwd
	      /home/ericrobe/.globus/GridPortRepository/storedCredentials
	      localhost> ls -l
	      total 12
	      -r--------  1 ericrobe users 4860 2005-08-01 18:43 ericrobe_cert.pem
	      -r--------  1 ericrobe users 1743 2005-08-01 18:43 ericrobe_key.pem	    

You should also ensure that all of the directories in the GridPort repository have read, write and execute permissions only for the user running the portal (in UNIX this would be 700). In the example above the user ericrobe is also running the portal.NOTE: Use the GridPort Repository with CAUTION. It does not provide the same level of security that a MyProxy server or other authentication mechanisms do but does allow GridPort users to easily start using the interactive grid capabilities of the demo portal without having to install a MyProxy server.

Configuring MyProxy Authentication

You can configure these authentication modules with as many as 2 different MyProxy servers. If authentication with the first MyProxy server is successful the module will not try the second one. However, if authentication to the first MyProxy server fails the module will automatically try to authenticate to the second one.

The properties that you can configure for each server are the hostname, port and lifetime. By default, the port properties are set to 7512 which is the default port that MyProxy runs on. The default proxy lifetime is set to 2. You will need to set the hostnames to point to actual MyProxy servers as the properties are blank by default.

NOTE:You do not have to configure both MyProxy servers at the same time.


	      # MYPROXY CONFIGURATION
	      # You can configure up to 2 MyProxy servers
	      myproxy.host.1=
	      myproxy.port.1=7512
	      myproxy.lifetime.1=2
	      
	      myproxy.host.2=
	      myproxy.port.2=7512
	      myproxy.lifetime.2=2	    

Deploy

Once you have configured the modules you deploy them and restart Tomcat.

Grid Single Sign-on

If the portal is installed on your local system point your browser to http://localhost:8080/gridsphere. Before you can perform single sign-on grid authentication you need to create a portal user account. The username should be chosen such that it’s the same as the username that you’ve used to delegate proxies to MyProxy or the same as the username you named your certificate and key after in the GridPort repository.

Create A New Portal User

To create a portal account login to the portal using the username root and no password (assuming you haven’t changed the root password for the portal). Once authenticated, click on the Administration tab and then the Users subtab. Next, click on the Create a New User link, fill out the form with the desired username, password and other information and click Save user. Finally, logout of the portal.

Authenticate

To perform a single sign-on login simply enter the username of the portal account you just created and a password that corresponds to either one of your proxies delegated to MyProxy or the certificate you placed in the GridPort repsository. If single sign-on grid authentication is successful you will be logged in and you should see a DN added to your list of proxies in the Proxy Manager portlet.

NOTE: you can still login to GridSphere without grid authentication by providing the password you used when you created your portal account.

Customizing the Portal

The GridPort Demo Portal allows you to customize various aspects of the portal. These include the theme (look-and-feel), default guest and user layouts, and additional authentication modules (used for single-sign-on to the grid).

Themes

The theme specifies the look and feel of the portal. In order to modify the portal’s theme, please edit the css files in src/webapp/theme/gp-demo/css. For more details on GridSphere themes, please refer to the GridSphere documentation.

Layouts

Default layouts for guest and authenticated users may be customized to suit the needs of your portal. These layout descriptors can be found in src/webapp/WEB-INF/CustomPortal/layouts. GuestUserLayout.xml and TemplateLayout.xml specify the layouts for an unauthenticated portal user and an authenticated portal user respectively. For information on editing these descriptors, please refer to the GridSphere documentation.

Portlet Configuration

The GridPort Demo Portal will by default deploy all the portlets included in the distribution. To specify which of these portlets to deploy, please edit the portlets.includeproperty in project.properties. This property contains a comma-delimited list of portlets to install.


    ### project.properties
    portlets.include=comp-file-management,gp-job-submission,gpir-browser-2,proxymanager-portlet
    

The configuration of each portlet is contained in its portlet.xml descriptor file. The GridPort Demo Portal maintains one source directory with each portlet’s descriptor. This configuration can be found in src/conf. The descriptors in this directory are named according to the names of the portlets in the portlets.include property (e.g. portlet.xml.comp-file-management). Please edit these descriptors to modify the configuration of individual portlets.

IMPORTANT NOTE: Modifying a portlet’s portlet.xml file within the portlet’s codebase (portlets/my-portlet/src/webapp/WEB-INF/portlet.xml) WILL NOT have any effect. The portlet deployment goals deploy the src/conf/portlet.xml.my-portlet descriptor into tomcat. If you edit the descriptor in the portlet’s codebase, you will need to manually copy this descriptor to tomcat (after running the portlet deployment goals).

Single Sign-on Authentication Modules

The GridPort Demo Portal deploys an authentication module in addition to GridSphere’s default password authentication module. The (demo) portal’s authentication modules can be configured to retrieve a proxy from the GridPort Repository or from configured myproxy servers on behalf of the user upon login to the portal. This proxy is stored by the portal and can be viewed using the Proxy Manager portlet. The authentication module and Proxy Manager portlet are part of the

For more detailed instructions on configuring the modules click here.

For documentation of the latest relese, please refer to the OGCE2 documentation. For more details on authentication modules in GridSphere, please refer to theGridSphere documentation.

Grid Certificates and Signing Policies

In order to utilize the grid portlets included in the GridPort Demo Portal, you must have grid certificates and signing policies of the CA that your grid utilizes. The build process (during the deploy goal) copies the certificates and signing policies of the TACC and DOE CAs from src/certs to your ~/.globus/certificates directory. To customize the portal to use your grid, please ensure your certificates and signing policies are available. You may place them in src/certs and attain the install-certsmaven goal.

Note: The ~/.globus/certificates directory will be checked before the other globus certificates directories, so if you already have certificates on your portal resource (for example, in /etc/grid-security/certificates), the existing certificates will not be found.

Workshop and Meeting Presentations

Title Event Presenter  Y/N  Media Type
GridPort 4 Latin American Workshop for Grid Administrators, 2005 Freddy Rojas  Y  PPT
GridPort 4 Overview Supercomputing, 2005 Maytal Dahan, Eric Roberts  Y PPT
GridPort 3 Overview Supercomputing, 2004 Eric Roberts  Y PPT
GridPort 3 Overview Monterey Grid Computing Conference, 2004 Maytal Dahan Y PPT
GridPort 3 Overview GlobusWORLD, 2004 Tomislav Urban Y PPT
Overview of The NMI Portals Project GlobusWORLD, 2004 Mary Thomas Y PPT
NPACI Grid Portals Project:New Directions for GridPort and HotPage Supercomputing, 2003 Mary Thomas Y  PPT
CSF: TACC Case Study Supercomputing, 2003 Mary Thomas Y PPT
GridPort Interface to SRB NPACI Summer Institute, 2003 Stephen Mock Y  PPT
Data Collection Management within the NPACI Toolkit NPACI All Hands Meeting 2003 Mary Thomas Y  PPT
Grid Computing Portals Tutorial NPACI All Hands Meeting 2003 Mary Thomas Y PPT
Grid Portals Tutorial: Part 1, Portal and Grid Tools Overview NPACI All Hands Meeting 2003 Catherine Mills Y  PPT
Grid Portals Tutorial: Part 2, Grid Tools Installation NPACI All Hands Meeting 2003 Kurt Mueller Y  PPT
Grid Portals Tutorial: Part 3, GridPort Installation and API NPACI All Hands Meeting 2003 Maytal Dahan Y PPT
Grid Computing Using Modern Technologies NPACI All Hands Meeting 2002 Mary Thomas Y PPT
Installing GridPort and Globus NPACI All Hands Meeting 2002 Kurt Mueller Y  PPT
GridPort Tutorial: Example Portal NPACI All Hands Meeting 2002 Stephen Mock  

Y

 PPT
Development of the Perl CoG EuroGlobus 2001; Lecce, Italy; June 2001 Stephen Mock Y  PPT
Web Portals and Applications NPACI All Hands Meeting 2000 Jay Boisseau Y PPT
NPACI HotPage: A Framework for Scientific Computing Portals Computing Portals 1999 Mary Thomas, Stephen Mock, Jay Boisseau Y PPT
NPACI HotPage:Implementing Globus to ProvideWeb-based Supercomputing Globus Retreat 1999 Stephen Mock Y PPT

Gridport ToolKit Quickstart Download

Download

Here you will find the quickstart download which includes all the of the prerequisite software [excluding Java] needed to install GridPort including CFT and GPIR.

  • GridPort Quickstart Bundle (v 4.0.1) [md5]
  • GridPort Quickstart Bundle (v 4.0.1) [md5]

Installation Instructions

  1. Ensure you have an appropriate installation of Java 1.4.2_xx version for your architecture.
  2. Set your JAVA_HOME environment variable to point to the root java installation directory.
  3. Untar or unzip the GridPort quickstart download.
  4. Change directories into the gridport-4-quickstart and run the install script by executing ./install.sh
  5. Once installation has been completed successfully open a browser and point to the GridPort portal at http://localhost:8080/gridsphere

To download an earlier version of the GridPort Toolkit, please browse the archive.