perfSONAR User Q&A and Other Discussion

[Cándido Rodríguez Montes <>]

Hi Loukik and Rodesch,

El 23/05/2008, a las 12:18, Loukik Kudarimoti escribió:

Candido,

Can you please help Rodesch with the Idp question?

Absolutely... :-)

Rodesch, to connect the MA to the AS, simply go to the Basic Service pages on web admin and choose to turn on Authentication. You will then need to provide the end point of your AS (the installation guide for AS describes what your access point or end point is). You can also choose the messages that require authentication. All the messages are listed and default and you can remove the ones that you don't want. For example: setupdatarequest deals with requests for data, metadatakeyrequest deals with discovery of metadata, echorequest deals with response to echo messages.

Yes, that's the way for configuring your perfSONAR services.

Loukik.

Rodesch Christian wrote:

Hi,

does nobody have experience with the AS service? I really would appreciate some help as I don't understand how it works and how it has to be configured.

Regards,

Christian

Rodesch Christian wrote:

Hi everyone,

well after the BWCTL MP, I wanted to test the AS. I already have set up our identity provider and some service providers using simpleSAMLphp ,and mainly I'd like to use this IDP to authenticate the perfSONAR services I already installed as for example rrd MA, BWCTL MP and Telnet/SSH MP.

Is there a possibility to connect the AS to a such IDP?

Well, there is an easy way: join that IdP to eduGAIN and it's automatically integrated with perfSONAR. By the other hand, I guess you want to make a local installation of perfSONAR and make some tests. Well, the AS of perfSONAR actually can be configured without using eduGAIN, but it's not an easy task and there isn't any available documentation for it :(

But, I can tell you some steps for addding your IdP into the AS:

- You have to add the certificate of the CAs which issues certificates for your clients/users into the keystore distributed with perfSONAR AS.

- The certificates of clients/users have to conform the eduGAIN PKI specifications.

- Depending on which visualization tool you're using, you need to deploy a Metadata Service of eduGAIN and add your IdP.

I know this could seem a complicated task. Well, it is. Maybe I can help you to minimize your efforts if you can tell me which visualization tools you are going to use with your installation.

Regards

Is there any configuration manual for the MA?

Thanks a lot,

Christian

-- 

---------------------------------------------------------------

L o u k i k   K u d a r i m o t i

     * *              Network Engineer

   *     *            City House, 126 - 130, Hills Road

  *                   Cambridge CB2 1PQ, United Kingdom

  *                   WWW: http://www.dante.net

D  A  N  T  E          Tel:+44 1223 371300 Fax:+44 1223 371371

--

Cándido Rodríguez Montes E-mail: 

Middleware warrior Tel:+34 955 05 66 13

Red.ES/RedIRIS

Edificio CICA

Avenida Reina Mercedes, s/n

41012 Sevilla

SPAIN