Assure Deploy
Contents
About
This page is focused on how to deploy the ASSURE Toolset to a Windows Server.
Shibboleth Service Provider
Required Software
Download the Shibboleth Windows installer: https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPWindowsInstall
Before running the installer you will need to install an appropriate web server, for the ASSURE toolset this needs to be Apache. The best Windows version to install is from https://www.apachelounge.com/.
Configuration
Apache Tomcat
Required Software
Configuration
Update environment variable to include the path to Java if the installer does not do it (probably will not), additionally add a new environment variable called JAVA_HOME that points to the directory you installed Java to.
Tomcat options... Using the Tomcat Configuration Tool add all of these Java options:
-Didp.home=D:\assure\idp -Dconfig.location.assure.mail=D:\assure\user-reg\AssureMail.groovy -Dconfig.location.assure.recaptcha=D:\assure\user-reg\AssureRecaptcha.groovy
Additionally increase the memory to at least 1 GB on this same page of the dialog box.
Mail Config
The Mail (specified in the Java Startup options as AssureMail.groovy) file should look something like this:
grails { mail { host = "smtp.aladata.com" port = 587 username = null password = null props = [:] } } grails.mail.default.from="help@gfipm.net" grails.mail.disabled=false //grails.mail.overrideAddress="gtkrug@gmail.com" grails.mail.poolSize=5
You will need to edit the highlighted fields accordingly. The commented out field, highlighted in red, is useful to uncomment while testing to verify e-mail works.
Recaptcha Config
The Recaptcha Config (specified in the Java Startup options as AssureRecaptcha.groovy) file should look something like this:
recaptcha { // These keys are generated by the ReCaptcha service publicKey = "ASK GTRI" privateKey = "ASK GTRI" // Include the noscript tags in the generated captcha includeNoScript = true // Include the required script tag with the generated captcha includeScript = true } mailhide { // Generated by the Mailhide service publicKey = "" privateKey = "" } environments { development { recaptcha { // Set to false to disable the display of captcha enabled = false } } production { recaptcha { // Set to false to disable the display of captcha enabled = true } } }
You may need to register for a new Recaptcha keypair if the URL for the server changes. To register please go here: https://www.google.com/recaptcha/admin#list.
MySQL
Required Software
Generally any version of MySQL that will run on Windows is fine. The staging Windows server uses MySQL from Oracle. The production server uses MySQL from bitnami (which is probably the Oracle version repackaged).
Configuration
Add DB, Add User, Grant User Privileges.
Migration Notes
Need to backup database tables and restore.
mysqldump mysql < dumped-file.sql
User Registration Tool
Required Software
TBD.
Configuration
Groovy files. DB Config. Spring Security config.
DB Config
The database is configured within WEB-INF/classes/user-manager-config.properties file. This file will need to be updated with the database connection information as well as the path to the local configuration files.
log4j.properties
You have to update the path in the WEB-INF/classes/log4j.properties file to include the correct path, otherwise nothing will get logged. The correct path is
log.basedir=D:/assure/user-reg/logs
resources.xml
The build process always produces a non-functional WEB-INF/spring/resources.xml file. The section of the file that derives the user's username should be updated to look like this:
<property name="usernameResolvers"> <list> <bean class="org.gtri.idp.user.management.security.SamlUsernameResolverRequestAttribute"> <property name="attributeName" value="GfipmLocalId" /> <property name="allowAllEnvironments" value="true" /> </bean> <bean class="org.gtri.idp.user.management.security.SamlUsernameResolverEnvironmentVariable"> <property name="variableName" value="GfipmLocalId" /> <property name="allowAllEnvironments" value="true" /> </bean> <bean class="org.gtri.idp.user.management.security.SamlUsernameResolverRequestHeader"> <property name="headerName" value="GfipmLocalId" /> <property name="allowAllEnvironments" value="true" /> </bean> <bean class="org.gtri.idp.user.management.security.SamlUsernameResolverRequestParam"> <property name="parameterName" value="localId" /> <property name="allowAllEnvironments" value="true" /> </bean> </list> </property>
Identity Provider
Required Software
| Link to GTRI created installer that includes GTRI libraries (totp, db-authn, and login view for ASSURE).
Configuration
Copies of relevant files.