Date: Fri, 29 Mar 2024 11:25:21 +0000 (UTC) Message-ID: <1138845975.7891.1711711521942@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7890_1458336339.1711711521942" ------=_Part_7890_1458336339.1711711521942 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
In general, you should download the latest release. This will make it ea= sier to track where your deployment is versus the current development work = for purposes of reporting bugs, diagnosing issues, and understanding availa= ble features.
Download the COmanage Registry source files somewhere into the file syst=
em. The location you put the files does not have to be the location from wh=
ich the files are served by the web server. Create a symlink to the directo=
ry called registry-current
(or something similar):
$ mkdir= /srv/comanage $ cd /srv/comanage $ wget https://github.com/Internet2/comanage-registry/archive/4.3.2.tar.gz $ tar xzf 4.3.2.tar.gz $ ln -s comanage-registry-4.3.2 registry-current
The master
branch has the latest features that should be st=
able enough for use, but may not be feature complete. (Typically, though, <=
code>master is the same as the latest release.) If you want the late=
st master, you can download it instead:
$ wget = https://github.com/Internet2/comanage-registry/archive/master.tar.gz
You can also download the develop
branch, which is usually =
more bleeding edge.
$ wget = https://github.com/Internet2/comanage-registry/archive/develop.tar.gz
If you plan on mucking around with the code, you can also clone the git repo.
Deploy the COmanage Registry directory wherever you like. Note that the = user that the web server runs as needs to be able to read all the files.
Configure your web server to deliver the registry at a suitable URL such=
as =
https://some-vo.org/registry
. A simple strategy to accomplish th=
is when running under the Apache web server is to create a symlink in the <=
code>DocumentRoot named registry
that points to the dir=
ectory .../registry-current/app/webroot
:
$ cd /v= ar/www/html $ ln -s /path/to/registry-current/app/webroot registry
The preferred path /var/www
or /var/www/html may vary according to your operating system, distribution, or web serve=
r configuration.
Installation at /registry Currently Re= commended
As of Registry v4.0.0, it is no longer required to install at the URL pa=
th /registry
. However, it is recommended to use this path unle=
ss a specific reason requires the use of a different path.
Versions prior to v4.0.0 require COmanage Registry to be made available =
at https://your-site.org/registry
.
You should verify that the web server will not deliver unprocessed files=
, especially configuration files such as the database configuration file (i=
e: https://some-vo.org/registry/app/Config/database.php=
). By default, these files will not be delivered.
As of v1.0.0, app/tmp
is a symlink to local=
/tmp
. You'll most likely want to make that a symlink to another=
location, since it is bad practice to have writable directories on the fil=
e system delivering web content. A reasonable alternative would be /var/cache/registry
. The easiest way=
to do this on a Unix-like system is to create a symlink to the new directo=
ry.
The basic required structure for the tmp
directory is =
included in app/tmp.dist
. Be sure to replicate this in th=
e target location.
$ = cd registry-current/app $ sudo cp -r tmp.dist /var/cache/registry $ sudo chown -R $HTTPUSER /var/cache/registry $ sudo chmod 700 /var/cache/registry $ cd registry-current/local $ ln -s /var/cache/registry tmp
Log Files May Be Written To The Cache = Directory
The CakePHP framework may write error and debugging logs to the lo=
gs
directory under the tmp
directory. You may wish to m=
onitor and/or rotate these files. By default, the framework usually rotates=
the log files when they get large.
Note you can point the subdirectories of tmp
to different l=
ocations. For example, you could point tmp/logs
to /var/=
log/registry
if you want to keep all of your logfiles in the same pl=
ace.
For versions prior to v1.0.0, update app/tmp
to point direc=
tly to your tmp
directory.
In order to integrate COmanage Registry with your authentication system,=
configure your Web server to protect the directory registry/app/webr=
oot/auth/login
. For example, under Apache your configuration may loo=
k something like
Documen= tRoot /var/www <Directory /var/www/registry/auth/login> AuthType shibboleth ShibRequestSetting requireSession 1 Require shib-session </Directory> <Location / > AuthType shibboleth Require shibboleth </Location>
For Apache, it is recommended that you place this configuration in =
httpd.conf
rather than .htaccess
, to simplif=
y future upgrades.
If you choose to use a SAML2 service provider (SP) such as the Shibbolet= h Native SP or SimpleSAMLPhP for authentication you may find the COmanage Registry Shibboleth Emb= edded Discovery Service Plugin useful.
COmanage Registry uses a standard PHP session to track requests per user=
. Clicking the "Logout" button ends the PHP session but does not end any ot=
her session such as a session created during authentication by the web serv=
er authentication mechanism or module such as the Shibboleth Native SP for =
Apache (Shibboleth) or mod_auth_openidc. The web server authentication mech=
anism should be configured so that any necessary session termination happen=
s when the browser accesses registry/auth/logout
.
For example with Shibboleth the following configuration will terminate t= he Shibboleth session and then allow the browser to continue to access regi= stry/auth/logout:
Rewrite= Engine On RewriteCond %{QUERY_STRING} !after_redirect RewriteRule ^/registry/auth/logout.* https://%{SERVER_NAME}/Shibboleth.sso/= Logout?return=3Dhttps://%{SERVER_NAME}/registry/auth/logout/?after_redirect= [L,R]