Author: Kevin J. Price (kjprice@ncsa.uiuc.edu) Last Update: December 21, 2006
This document explains how to configure a Scientific Annotation Middleware (SAM) installation to query a MyProxy server for authentication.
This page does not cover how to configure MyProxy. Please see Using MyProxy To Create Session Passwords for more details on MyProxy server configuration with web services.
SAM_MyProxy { edu.uiuc.ncsa.jaas.SessionCacheLoginModule sufficient cacheLocation = "/tmp/scache" mode = "read"; org.scidac.sam.security.authenticate.SlideLoginModule sufficient namespace = "sam" digest = "none" timeout = "15"; edu.uiuc.ncsa.myproxy.jaas.MyProxyLoginModule requisite host = "myproxy-server.domain.edu" saveSharedState = "true"; SAMWrapperLoginModule optional defaultRoles = "user"; edu.uiuc.ncsa.jaas.SessionCacheLoginModule optional cacheLocation = "/tmp/scache" mode = "write"; };
The text in green allows users to authenticate using the default SAM authentication mechanism in addition to the MyProxy authentication mechanism, and is especially useful in server configuration (by authenticating as 'root'). If you do not require this functionality, you can safely omit these lines.
The text in blue defines a space-separated list of default roles to be assigned to users authenticated using the MyProxy mechanism. You may need to alter this list to fit your server configuration. It is not currently possible to assign roles on a user-by-user basis.
The optional text in red defines a session caching module that will cache copies of user credentials on the local machine. This will cut down on network traffic, but at the expense of some CPU time as the credentials are encrypted when stored. The cache location can be changed to any good temporary directory. This module can only be used if you installed jaas-scache.jar per the installation instructions above.
and replace:<!-- Authentcation Filter Setup -->
with:<init-param> <param-name>app-name</param-name> <param-value>SAM_Slide</param-value> </init-param>
<init-param> <param-name>app-name</param-name> <param-value>SAM_MyProxy</param-value> </init-param>