...
Code Block |
---|
$ mkdir /srv/comanage $ cd /srv/comanage $ wget https://github.com/Internet2/comanage-registry/archive/14.03.02.tar.gz $ tar xzf 14.03.02.tar.gz $ ln -s comanage-registry-14.03.02 registry-current |
Downloading the Latest Master
The master
branch has the latest features that should be stable enough for use, but may not be feature complete. (Typically, though, master
is the same as the latest release.) If you want the latest master, you can download it easily via svninstead:
Code Block |
---|
$ svnwget co https://github.com/Internet2/comanage-registry/branchesarchive/master.tar.gz |
You can also download the develop
branch, which is usually more bleeding edge.
Code Block |
---|
$ svnwget co https://github.com/Internet2/comanage-registry/branchesarchive/develop .tar.gz |
Cloning the Git Repo
If you plan on mucking around with the code, you can also clone the git repo.
...
The preferred path /var/www
or /var/www/html
may vary according to your operating system, distribution, or web server configuration.
Noteinfo | ||
---|---|---|
| ||
COmanage Registry currently assumes it is installed As of Registry v4.0.0, it is no longer required to install at the URL path Versions prior to v4.0.0 require COmanage Registry to be made (CO-299). Until this is fixed, you should make COmanage Registry available at |
...
Note | ||
---|---|---|
| ||
The CakePHP framework may write error and debugging logs to the Note you can point the subdirectories of |
Note |
---|
For versions prior to v1.0.0, update |
...
Code Block |
---|
DocumentRoot /var/www <Directory /var/www/registry/auth/login> AuthType shibboleth ShibRequestSetting requireSession 1 requireRequire validshib-usersession </Directory> <Location / > AuthType shibboleth Require shibboleth </Location> |
For Apache, it is recommended that you place this configuration in httpd.conf
rather than .htaccess
, to simplify future upgrades.If your authentication system supports a logout directive, create a similar configuration protecting auth/logout
.
If you choose to use a SAML2 service provider (SP) such as the Shibboleth Native SP or SimpleSAMLPhP for authentication you may find the COmanage Registry Shibboleth Embedded Discovery Service Plugin useful.
Integrate Web Server Logout
COmanage Registry uses a standard PHP session to track requests per user. Clicking the "Logout" button ends the PHP session but does not end any other session such as a session created during authentication by the web server authentication mechanism or module such as the Shibboleth Native SP for Apache (Shibboleth) or mod_auth_openidc. The web server authentication mechanism should be configured so that any necessary session termination happens when the browser accesses registry/auth/logout
.
For example with Shibboleth the following configuration will terminate the Shibboleth session and then allow the browser to continue to access registry/auth/logout:
Code Block |
---|
RewriteEngine On
RewriteCond %{QUERY_STRING} !after_redirect
RewriteRule ^/registry/auth/logout.* https://%{SERVER_NAME}/Shibboleth.sso/Logout?return=https://%{SERVER_NAME}/registry/auth/logout/?after_redirect [L,R] |