Single-Sign-On for DownloadManager
Links
mod_auth_pubtkt with Debian-Apache
- we assume, apache is already installed and you are familiar with apache configuration
- we assume you have read the mod_auth_pubtkt documentation
- in debian install the package libapache2-mod-auth-pubtkt
# apt-get install libapache2-mod-auth-pubtkt
- generate a pub/private keypair. We use DSA, see pubtkt manual
# openssl dsaparam -out dsaparam.pem 1024
# openssl gendsa -out privkey.pem dsaparam.pem
# openssl dsa -in privkey.pem -out pubkey.pem -pubout
- the pubkey.pem is needed by the pubtkt apache module
- the privkey.pem must be installed on the B-Fabric Server (keep it secret!!!)
- copy pubkey.pem to /etc/apache2/pubkey.pem
- create a apache config file for pubtkt with the reference to the public key
- add a alias to the data downloaded via downloadmanager in the apache config
- add the AuthType and some configuration options for mod_auth_pubtkt to the apache config
- TKTAuthCookieName correspond to the cookie name generated by B-Fabric
- apache config example:
<IfModule mod_auth_pubtkt.c>
TKTAuthPublicKey /etc/apache2/pubkey.pem
Alias /dm /srv/www/DownloadManager
<Directory /srv/www/DownloadManager>
AuthType mod_auth_pubtkt
TKTAuthCookieName auth_cookie
TKTAuthDigest SHA256
require valid-user
</Directory>
</IfModule>
- every project directory needs its own security token, which can be configured in an apache config file
<IfModule mod_auth_pubtkt.c>
<Location /dm/p1>
TKTAuthToken "1"
</Location>
<Location /dm/p2>
TKTAuthToken "2"
</Location>
</IfModule>
Storage
- add an access to the storage of type "dm" with protocol "http"
System Properties
- the property "downloadManagerEnabled" needs to be set to "true"
- the property "pubtktGeneratorFilePath" must point to the script which generates the cookie, as described in the pubtkt manual
Create cookie script