Apache Integration with Crowd
Steps:
- Install your OS (assuming CentOS or similar) be sure to include dev-tools
- yum install apache
- yum install mod_ssl
- yum install mod_perl
- yum install perl-Crypt-SSLeay (needed for https transport of SOAP)
- yum install perl-Digest-SHA1
- yum install cpan
- modify /etc/sysconfig/iptables to allow connections on port 80 and port 443
- -A RH-Firewall-1-INPUT -p tcp --dport 80 -j ACCEPT
- -A RH-Firewall-1-INPUT -p tcp --dport 443 -j ACCEPT
- service iptables restart
- perl -MCPAN -e shell
- setup CPAN using the defaults, (for URLS I usually go with the http addresses they seem to respond faster)
- for all of the following say yes to follow dependencies if asked
- install Error
- install Cache::Cache
- install SOAP::Lite (note: The current version 0.710.08 has a bug in the test script, you can either hack the CGI.t file and build manually or force install the module(easier))
The error I got looked like this:
t/SOAP/Transport/HTTP/CGI.t .................. 1/?
# Failed test 'return utf8 string'
# at t/SOAP/Transport/HTTP/CGI.t line 57.
# Failed test 'utf8 content: ÃÂberall'
# at t/SOAP/Transport/HTTP/CGI.t line 59.
# got: 'ÃÂberall'
# expected: 'Ãberall'
# Looks like you failed 2 tests of 2.
t/SOAP/Transport/HTTP/CGI.t .................. Dubious, test returned 2 (wstat 5 12, 0x200)
Failed 2/2 subtests
(possibly "install Bundle::CPAN" "reload cpan" may resolve the test issue)
- exit CPAN
- wget http://confluence.atlassian.com/download/attachments/9961902/Crowd-Apache-Connector-1.2.3.zip?version=1
- unzip Crowd-Apache-Connector-1.2.3.zip
- cd Atlassian-Crowd-1.2.3/
- perl Makefile.PL
- make
- make install
- cd ../Apache-CrowdAuth-1.2.3/
- perl Makefile.PL
- make
- make install
- cd ../Apache-CrowdAuthz-1.2.3/
- perl Makefile.PL
- make
- make install
edit /etc/httpd/conf/httpd.conf or /etc/httpd/conf.d/site.conf depending on what you want to protect
Put the following inside an appropriate <Directory> or <Location> directiveAuthName <some appropriate name to clue the user as to what password to use like Crowd> AuthType Basic PerlAuthenHandler Apache::CrowdAuth PerlSetVar CrowdAppName <put app name here> PerlSetVar CrowdAppPassword <put password here> PerlSetVar CrowdSOAPURL https://crowd.crbs.ucsd.edu/crowd/services/SecurityServer PerlSetVar CrowdCacheEnabled on PerlSetVar CrowdCacheLocation /tmp/CrowdAuth PerlSetVar CrowdCacheExpiry 300 require valid-user
- CrowdAppName and CrowdAppPassword are configured on the Crowd server and CrowdSOAPURL points to the machine running Crowd, in this case our dev server
To force https connections create the file /etc/httpd/conf.d/mod_rewrite.conf and put the following lines in it
# port 80 needs to go to port 443 - SSL - No exceptions #### <IfModule !mod_rewrite.c> LoadModule rewrite_module modules/mod_rewrite.so </IfModule> <IfModule mod_rewrite.c> RewriteEngine on #### # The line below sets the rewrite condition for mod_rewrite.so. # That is, if the server port does not equal 443, then this condition is true #### ReWriteCond %{SERVER_PORT} !^443$ #### # The line below is the rule, it states that if above condition is true, # and the request can be any url, then redirect everything to https:// plus # the original url that was requested. #### RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] </IfModule>
- service httpd restart
- Configure Crowd for a new Application** See http://confluence.atlassian.com/display/CROWD/Adding an Application** Details** Application Type: Generic Application** Name: Whatever you put in the config for Apache
- Password: Whatever you put in the config for Apache
- Connection*** _URL: URL for your appliation (e.g. http://dev-apache-crowd.crbs.ucsd.edu)_
- Remote IP Address: 127.0.0.1 (this is because forwarding makes it look like a locally hosted app, I think)
- Directories*** Select which directories you want to use and/or the groups within them that are allowed
- Authorizations*** Select groups from those directories, if desired
- TEST