Assure Deploy

From GFIPM Implementation Wiki
Jump to: navigation, search

About

This page is focused on how to deploy the ASSURE Toolset to a Linux Server. The article was originally written for deploying to Windows and is slowly being adapted to Linux.

Shibboleth Service Provider

Required Software

Configure the Shibboleth Repository for your Linux distribution: https://shibboleth.net/downloads/service-provider/2.6.0/RPMS/

You will also need the Apache httpd webserver which should be available in all Linux distributions.

Configuration

Apache Tomcat

Required Software

Configuration

Update environment variable to include the path to Java if the installer does not do it (probably will not), additionally add a new environment variable called JAVA_HOME that points to the directory you installed Java to.

Tomcat

Tomcat options... On a windows machine you use the Tomcat Configuration Tool add all of these Java options: 

   -Didp.home=D:\assure\idp
   -Dconfig.location.assure.mail=D:\assure\user-reg\AssureMail.groovy 
   -Dconfig.location.assure.recaptcha=D:\assure\user-reg\AssureRecaptcha.groovy

Additionally increase the memory to at least 1 GB on this same page of the dialog box. If you are on a Linux machine, you should include all of the above inside your Tomcat startup script.

Mail Config

The Mail (specified in the Java Startup options as AssureMail.groovy) file should look something like this: 

   grails {
       mail {
           host = "smtp.aladata.com"
           port = 587
           username = null
           password = null
           props = [:]
       }
   }
   grails.mail.default.from="help@gfipm.net"
   grails.mail.disabled=false
   //grails.mail.overrideAddress="gtkrug@gmail.com"
   grails.mail.poolSize=5

You will need to edit the highlighted fields accordingly. The commented out field, highlighted in red, is useful to uncomment while testing to verify e-mail works.

Recaptcha Config

The Recaptcha Config (specified in the Java Startup options as AssureRecaptcha.groovy) file should look something like this: 

   recaptcha {
         // These keys are generated by the ReCaptcha service
         publicKey = "ASK GTRI"
         privateKey = "ASK GTRI"
         // Include the noscript tags in the generated captcha
         includeNoScript = true
         // Include the required script tag with the generated captcha
         includeScript = true
   }
   mailhide {
       // Generated by the Mailhide service
       publicKey = ""
       privateKey = ""
   }
   environments {
       development {
           recaptcha {
              // Set to false to disable the display of captcha
              enabled = false
           }
       }
     production {
           recaptcha {
             // Set to false to disable the display of captcha
             enabled = true
           }
       }
   }

You may need to register for a new Recaptcha keypair if the URL for the server changes. To register please go here: https://www.google.com/recaptcha/admin#list.

MySQL

Required Software

Generally any version of MySQL that will run on Windows is fine. The staging Windows server uses MySQL from Oracle. The production server uses MySQL from bitnami (which is probably the Oracle version repackaged).

Configuration

Add DB, Add User, Grant User Privileges.

Migration Notes

Need to backup database tables and restore. 

 mysqldump
 mysql < dumped-file.sql

User Registration Tool

Required Software

TBD.

Configuration

Groovy files. DB Config. Spring Security config.

DB Config

The database is configured within WEB-INF/classes/user-manager-config.properties file. This file will need to be updated with the database connection information as well as the path to the local configuration files.


log4j.properties

You have to update the path in the WEB-INF/classes/log4j.properties file to include the correct path, otherwise nothing will get logged. The correct path is 

   log.basedir=/[ASSURE-HOME]/user-reg/logs

resources.xml

The build process always produces a non-functional WEB-INF/spring/resources.xml file. The section of the file that derives the user's username should be updated to look like this: 

       <property name="usernameResolvers">
           <list>
               <bean class="org.gtri.idp.user.management.security.SamlUsernameResolverRequestAttribute">
                   <property name="attributeName" value="GfipmLocalId" />
                   <property name="allowAllEnvironments" value="true" />
               </bean>
               <bean class="org.gtri.idp.user.management.security.SamlUsernameResolverEnvironmentVariable">
                   <property name="variableName" value="GfipmLocalId" />
                   <property name="allowAllEnvironments" value="true" />
               </bean>
               <bean class="org.gtri.idp.user.management.security.SamlUsernameResolverRequestHeader">
                   <property name="headerName" value="GfipmLocalId" />
                   <property name="allowAllEnvironments" value="true" />
               </bean>
               <bean class="org.gtri.idp.user.management.security.SamlUsernameResolverRequestParam">
                   <property name="parameterName" value="localId" />
                   <property name="allowAllEnvironments" value="true" />
               </bean>
           </list>
       </property>

Identity Provider

Required Software

Link to GTRI created installer that includes GTRI libraries (totp, db-authn, and login view for ASSURE).

Configuration

Copies of relevant files.

Retrieved from "https://impl.gfipm.net/mwiki/index.php?title=Assure_Deploy&oldid=1248"