Versions Compared

Old Version 43

changes.mady.by.user Benn Oshrin

Saved on

compared with

New Version 75

changes.mady.by.user Shayna Atkinson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
$ mkdir /srv/comanage
$ cd /srv/comanage
$ wget https://github.com/Internet2/comanage-registry/archive/4.3.0.02.tar.gz
$ tar xzf 4.3.02.0.tar.gz
$ ln -s comanage-registry-4.3.0.02 registry-current

Downloading the Latest Master

...

Code Block
$ wget https://github.com/Internet2/comanage-registry/archive/master.tar.zipgz

You can also download the develop branch, which is usually more bleeding edge.

Code Block
$ wget https://github.com/Internet2/comanage-registry/archive/develop.tar.zipgz

Cloning the Git Repo

If you plan on mucking around with the code, you can also clone the git repo.

...

The preferred path /var/www or /var/www/html may vary according to your operating system, distribution, or web server configuration.

Noteinfo
titleInstallation at /registry Currently RequiredRecommended

COmanage Registry currently assumes it is installed As of Registry v4.0.0, it is no longer required to install at the URL path /registry. However, it is recommended to use this path unless a specific reason requires the use of a different path.

Versions prior to v4.0.0 require COmanage Registry to be made (CO-299). Until this is fixed, you should make COmanage Registry available at https://your-site.org/registry.

...

Code Block
DocumentRoot /var/www
<Directory /var/www/registry/auth/login>
  AuthType shibboleth
  ShibRequestSetting requireSession 1
  requireRequire validshib-usersession
</Directory>
<Location / >
  AuthType shibboleth
  Require shibboleth
</Location>

For Apache, it is recommended that you place this configuration in httpd.conf rather than .htaccess, to simplify future upgrades.

If your authentication system supports a logout directive, create a similar configuration protecting auth/logout.If you choose to use a SAML2 service provider (SP) such as the Shibboleth Native SP or SimpleSAMLPhP for authentication you may find the COmanage Registry Shibboleth Embedded Discovery Service Plugin useful.

...

COmanage Registry uses a standard PHP session to track requests per user. Clicking the "Logout" button ends the PHP session but does not end any other session such as a session created during authentication. A common deployment pattern is to use a SAML service provider (SP) like authentication by the web server authentication mechanism or module such as the Shibboleth Native SP for Apache . To have the Shibboleth SP session terminated when the user clicks "Logout" you may wish to add to your Apache configuration something like (Shibboleth) or mod_auth_openidc. The web server authentication mechanism should be configured so that any necessary session termination happens when the browser accesses registry/auth/logout.

For example with Shibboleth the following configuration will terminate the Shibboleth session and then allow the browser to continue to access registry/auth/logout: 

Code Block
RewriteEngine On
RewriteCond %{QUERY_STRING} !after_redirect
RewriteRule ^/registry/auth/logout.* https://%{SERVER_NAME}
Code Block
Redirect /registry/users/logout https://<your host>/Shibboleth.sso/Logout?return=https%3Ahttps://<your host>%{SERVER_NAME}/registry/auth/logout/?after_redirect [L,R]

Next: Registry Installation - Database