GitHub - idp-installer-manager/idp-installer-global: The origin of the IDP installer.

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 106 Commits
assets/etc		assets/etc
backups		backups
docs		docs
downloads		downloads
files		files
prep		prep
www/appconfig		www/appconfig
xml		xml
CHANGELOG		CHANGELOG
COPYING		COPYING
README		README
RELEASE-NOTES.CAF		RELEASE-NOTES.CAF
config		config
config_descriptions		config_descriptions
deploy_idp.sh		deploy_idp.sh
preinstall_deps.sh		preinstall_deps.sh

Repository files navigation

Introduction to the Federated Identity Appliance Deployer Tool
-------------------------------------------------------------------------------

This tool is a set of scripts that automates the deployment and configuration
of software used to participate with your SAML2 or eduroam identity federation 
services.


Configured deployment profiles listed alphabetically are:
 
 CAF - Canadian Access Federation  ( http://www.canarie.ca/en/caf-service/about )
 SWAMID - Swedish Academic Identity ( http://www.swamid.se/ )


Each federation may have a different deployment profile and supported 
configurations. What follows are the generic steps to follow to do an installation.

Please consult ~/docs/README.<federation_name> for federation 
specific deployment instructions.


Supported Platforms 
-------------------------------------------------------------------------------

This installer script is intended to be used on a clean install of:
 - Ubuntu Server 12.04   (SWAMID only)
 - CentOS 6.5 'minimal'  (SWAMID or CAF only)

It *MAY* run on pre-existing installations of these OS', but steps in the installer
presume the installed services are 'alone' on the machine and may modify your
existing host settings.



Configuration
-------------------------------------------------------------------------------

This script requires a configuration file to run. The configuration file is 
generated using a local HTML based configuration builder to construct it. 
This technique helps avoid storing sensitive data like passwords anywhere.

Configuration builders are federation specific and can be launched from:

for CAF - ~/www/appconfig/CAF/index.html
for SWAMID - ~/www/appconfig/SWAMID/index.html

The configuration builder uses javascript to perform basic validation and 
has the ability to import existing configuration files avoiding retyping
information.

For best configuration builder experience, we strongly recommend using Firefox 
or Google Chrome. Using IE for the configuration builder is discouraged.


General Installation Steps
-------------------------------------------------------------------------------

These steps expect that the implementer will perform backups or snapshots as necessary.

1. Review your federation specific post install steps
2. Determine your deployment style (dev? production?) 
3. Create a configuration from your federations' configuration builder
4. save configuration as 'config' in this directory on your server
5. run the script ./deploy_idp.sh
6. answer any inline questions (self signed cert? password creation for keystores?)
7. perform any post installation steps per ~/docs/README.<federation_name>


Default behaviour of this tool
-------------------------------------------------------------------------------

The default behaviour of this tool is to deploy a test instance for any service.

This configuration can also be used as the base for the production deployment
with post installation steps per your respective federation.

Per service defaults:

eduroam (RADIUS):
	- uses MS-CHAPv2 to authenticate any user present
	- uses self signed CA and server certificate

Shibboleth (SAML2):
	- uses self signed server certificate
	- has attribute release policy for testshib.org
	- blank passwords autogenerate for SSL keystores
	- optional anonymized usage reporting in FTICKS formats


Please see: ~/docs/README.<federation_name> for federation specific usage


Profile of installed software 
-------------------------------------------------------------------------------
SAML2 Uses: 
      tomcat6                                                        
      shibboleth-identityprovider-2.4.3                                    
      cas-client-3.3.3-release                                             
      mysql-connector-java-5.1.32 (for EPTID)                              
      apache-maven-3.1.1 (for building FTICKS plugin) 



eduroam uses:																 
      freeRADIUS-2.1.12                                                    
      samba-3.6.9 (to connect to AD for MS-CHAPv2)                         


Disclamer
-------------------------------------------------------------------------------

 This software is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.

 It is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License
along with this software. If not, see <http://www.gnu.org/licenses/>.


Contributors
-------------------------------------------------------------------------------
 Anders Lördal, SWAMID
 Chris Phillips, CANARIE