Versions Compared

Old Version 30

changes.mady.by.user Benn Oshrin

Saved on

compared with

New Version Current

changes.mady.by.user Shayna Atkinson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
$ mkdir /srv/comanage
$ cd /srv/comanage
$ wget https://github.com/Internet2/comanage-registry/archive/14.03.12.tar.gz
$ tar xzf 14.03.12.tar.gz
$ ln -s comanage-registry-14.03.12 registry-current

Downloading the Latest Master

The master branch has the latest features that should be stable enough for use, but may not be feature complete. (Typically, though, master is the same as the latest release.) If you want the latest master, you can download it easily via svninstead:

Code Block
$ svnwget co https://github.com/Internet2/comanage-registry/branchesarchive/master.tar.gz

You can also download the develop branch, which is usually more bleeding edge.

Code Block
$ svnwget co https://github.com/Internet2/comanage-registry/branchesarchive/develop
.tar.gz

Cloning the Git Repo

If you plan on mucking around with the code, you can also clone the git repo.

...

The preferred path /var/www or /var/www/html may vary according to your operating system, distribution, or web server configuration.

Noteinfo
titleInstallation at /registry Currently RequiredRecommended

COmanage Registry currently assumes it is installed As of Registry v4.0.0, it is no longer required to install at the URL path /registry. However, it is recommended to use this path unless a specific reason requires the use of a different path.

Versions prior to v4.0.0 require COmanage Registry to be made (CO-299). Until this is fixed, you should make COmanage Registry available at https://your-site.org/registry.

...

Note
titleLog Files May Be Written To The Cache Directory

The CakePHP framework may write error and debugging logs to the logs directory under the tmp directory. You may wish to monitor and/or rotate these files. By default, the framework usually rotates the log files when they get large.

Note you can point the subdirectories of tmp to different locations. For example, you could point tmp/logs to /var/log/registry if you want to keep all of your logfiles in the same place.


Note

For versions prior to v1.0.0, update app/tmp to point directly to your tmp directory.

...

Code Block
DocumentRoot /var/www
<Directory /var/www/registry/auth/login>
  AuthType shibboleth
  ShibRequestSetting requireSession 1
  requireRequire validshib-usersession
</Directory>
<Location / >
  AuthType shibboleth
  Require shibboleth
</Location>

For Apache, it is recommended that you place this configuration in httpd.conf rather than .htaccess, to simplify future upgrades.If your authentication system supports a logout directive, create a similar configuration protecting auth/logout.

If you choose to use a SAML2 service provider (SP) such as the Shibboleth Native SP or SimpleSAMLPhP for authentication you may find the COmanage Registry Shibboleth Embedded Discovery Service Plugin useful.

Integrate Web Server Logout

COmanage Registry uses a standard PHP session to track requests per user. Clicking the "Logout" button ends the PHP session but does not end any other session such as a session created during authentication by the web server authentication mechanism or module such as the Shibboleth Native SP for Apache (Shibboleth) or mod_auth_openidc. The web server authentication mechanism should be configured so that any necessary session termination happens when the browser accesses registry/auth/logout.

For example with Shibboleth the following configuration will terminate the Shibboleth session and then allow the browser to continue to access registry/auth/logout: 

Code Block
RewriteEngine On
RewriteCond %{QUERY_STRING} !after_redirect
RewriteRule ^/registry/auth/logout.* https://%{SERVER_NAME}/Shibboleth.sso/Logout?return=https://%{SERVER_NAME}/registry/auth/logout/?after_redirect [L,R]

Next: Registry Installation - Database