Panel | |
---|---|
|
...
Download Source
...
Downloading the Latest Release
In general, you should download the latest release. This will make it easier to track where your deployment is versus the current development work for purposes of reporting bugs, diagnosing issues, and understanding available features.
Download Checkout the COmanage Registry source files somewhere into the file system. The location you put the files does not have to be the location from where which the files are served by the web server. Create a symlink from to the tag to directory called registry-sourcecurrent
(or something similar):
Code Block |
---|
$ mkdir /srv/comanage $ svn co http cd /srv/comanage $ wget https://anonsvngithub.internet2.educom/svnInternet2/comanage/-registry/tags/0.8.3archive/4.3.2.tar.gz $ tar xzf 4.3.2.tar.gz $ ln -s 0.8.3 registry-source comanage-registry-4.3.2 registry-current |
Downloading the Latest Master
The master
branch has the latest features that should be stable enough for use, but may not be feature complete. (Typically, though, master
is the same as the latest release.) If you want the latest master, you can download it instead:
Code Block |
---|
$ wget https://github.com/Internet2/comanage-registry/archive/master.tar.gz
|
You can also download the develop
branch, which is usually more bleeding edge.
Code Block |
---|
$ wget https://github.com/Internet2/comanage-registry/archive/develop.tar.gz |
Cloning the Git Repo
If you plan on mucking around with the code, you can also clone the git repo.
Configure Web Server
Deploy the COmanage Registry directory wherever you like. Note that the user that the web server runs as needs to be able to read all the files.
Configure your web server to deliver the registry at a suitable URL such as https://some-vo.org/registry
. A simple strategy to accomplish this when running under the Apache web server is to create a symlink in the DocumentRoot
named registry
that points to the directory .../registry-sourcecurrent/app/webroot
:
Code Block |
---|
$ cd /var/www/html $ ln -s /path/to/registry-sourcecurrent/app/webroot registry |
The preferred path /var/www
or /var/www/html
may vary according to your operating system, distribution, or web server configuration.
Infonote | ||
---|---|---|
| ||
COmanage Registry currently assumes it is installed As of Registry v4.0.0, it is no longer required to install at the URL path Versions prior to v4.0.0 require COmanage Registry to be made (CO-299). Until this is fixed, you should make COmanage Registry available at |
...
You should verify that the web server will not deliver unprocessed files, especially configuration files such as the database configuration file (ie: https://some-vo.org/registry/app/configConfig/database.php
). By default, these files will not be delivered.
...
Create /tmp Directory
As of v1.0.0, app/tmp
is a symlink to local/tmp
. You'll most ll most likely want to move the registry-source/app/tmp
directoryto make that a symlink to another location, since it is bad practice to have writable directories on the file system delivering web content. A reasonable alternative would be /var/cache/registry
. The easiest way to do this on a Unix-like system is to create a symlink to the new directory.
The basic required structure for the tmp
directory is included in app/tmp.dist
. Be sure to replicate this in the target location.
Code Block |
---|
$ cd |
Code Block |
$ cd registry-sourcecurrent/app $ sudo cp -r tmp.dist /var/cache/registry $ sudo chown -R $HTTPUSER /var/cache/registry $ sudo chmod 700 /var/cache/registry $ mv tmp tmp.notcd registry-current/local $ ln -s /var/cache/registry tmp tmp |
Note | ||
---|---|---|
| ||
The CakePHP framework may write error and debugging logs to the Note you can point the subdirectories of |
Note |
---|
For versions prior to v1.0.0, update |
Integrate Web Server Authentication
In order to integrate COmanage Registry with your authentication system, configure your Web server to protect the directory registry/app/webroot/auth/login
. For example, under Apache your configuration may look something like
Code Block |
---|
DocumentRoot /var/www <Directory /var/www/registry/auth/login> AuthType shibboleth ShibRequestSetting requireSession 1 requireRequire validshib-usersession </Directory> <Location / > AuthType shibboleth Require shibboleth </Location> |
...
For Apache, it is recommended that you place this configuration in httpd.conf
rather than .htaccess
, to simplify future upgrades.
If you choose to use a SAML2 service provider (SP) such as the Shibboleth Native SP or SimpleSAMLPhP for authentication you may find the COmanage Registry Shibboleth Embedded Discovery Service Plugin useful.
Integrate Web Server Logout
COmanage Registry uses a standard PHP session to track requests per user. Clicking the "Logout" button ends the PHP session but does not end any other session such as a session created during authentication by the web server authentication mechanism or module such as the Shibboleth Native SP for Apache (Shibboleth) or mod_auth_openidc. The web server authentication mechanism should be configured so that any necessary session termination happens when the browser accesses registry/auth/logout
.
For example with Shibboleth the following configuration will terminate the Shibboleth session and then allow the browser to continue to access registry/auth/logout:
Code Block |
---|
RewriteEngine On
RewriteCond %{QUERY_STRING} !after_redirect
RewriteRule ^/registry/auth/logout.* https://%{SERVER_NAME}/Shibboleth.sso/Logout?return=https://%{SERVER_NAME}/registry/auth/logout/?after_redirect [L,R] |