shibboleth-dev - SHIB design call -- (8/9), 3:00 pm edt, noon pdt
Subject: Shibboleth Developers
List archive
- From:
- To:
- Subject: SHIB design call -- (8/9), 3:00 pm edt, noon pdt
- Date: Mon, 9 Aug 2004 12:41:10 -0400
Phone #: (800) 541-1710
Pin #: 0142203
Agenda:
1) Quick status review -- java target (if Howard is on the call)
2) Get consensus on the "doc" plan...... ingredients include:
- the new protocol spec (available from the web page)
- the "white paper" (to be published first in Educause Quarterly)
- the restructured Deploy Guides (hyper-text'ed, web ready)
- the "2nd level tech description" ( sections 1 and 2 from the deploy guides)
- the install-fest checklists
- an FAQ (thank you George! -- look here... http://stc.cis.brown.edu/~stc/Projects/Shibboleth/Version-3/faq01.html)
how do all of these "fit together" and support one another?
3) Origin Install Fest Checklist -- (see attached) are there ways to insert additional "self-test" steps? are there PKI-related errors that occur frequently, that we should test for? Or just tell people to start by using bossie, and then move on to using self-signed certs?
Are there other steps we want to take with the checklist? Some notes from fest debrief:
At 12:08 PM -0400 7/8/04,
wrote:
provide our tomcat package for people, so we know startup scripts + endorsed + config file + whatever...; also provide jk2 config file for download
links to complete sample config files
new process -- have people register; then a 2nd deadline they have to have their apache + jk + tomcat operational; they give us a urland we validate;
Notes from last monday's call (topic - how to insert additional tests into the checklist)
1) Walter -- during the first install fest, there were really only three problems that festers encountered:
a) Apache/Tomcat/JK2
b) Client re-negotiation bug (apache 2 bug)
c) Endorsement Issues
Recommendation: after they've installed the platform, tell folks to retrieve https://origin/shibboleth/ This should list the directory. People could use either a browser or use curl. Note: lack of trailing slash causes unpredictable results. This will test that apache, the connector, and tomcat are all configured, and working together (to some extent).
2) Provide a command line tool that checks origin.xml syntax. Simpler than running Tomcat, and doing something to trigger loading the HS servlet.
3) If using apache 2, then check for the infamous apace 2 error -- walter - use openssl sclient to connect to web server (trigger the problem) ; or perhaps java based tool
4) Provide a built in servlet (similar to the one in twiki -- http://cooke.services.brown.edu/twiki/bin/testenv ) that checks a variety of things and provides a report in the browser window -- it doesn't run Shib; rather it just tests a bunch of things and reports the results. Maybe it only works if the hostname in the url is localhost?
problem with tomcat endorsement..... walter -- use a ps command.... or a simple builtin servlet check and say whether it can find right version
verify that origin announcing right providerId.... this problem didn't occur during fest
5) are there origin side PKI problems? or are they solved by having everyone use bossie....?
Attachment:
Checklist-04b.doc
Description: MS-Word document
- SHIB design call -- (8/9), 3:00 pm edt, noon pdt, Steven_Carmody, 08/09/2004
- RE: SHIB design call -- (8/9), 3:00 pm edt, noon pdt, Howard Gilbert, 08/09/2004
- RE: SHIB design call -- (8/9), 3:00 pm edt, noon pdt, Scott Cantor, 08/09/2004
- RE: applicationId found or not found, Howard Gilbert, 08/12/2004
- RE: applicationId found or not found, Scott Cantor, 08/12/2004
- RE: applicationId found or not found, Howard Gilbert, 08/12/2004
- RE: applicationId found or not found, Scott Cantor, 08/12/2004
- RE: applicationId found or not found, Howard Gilbert, 08/12/2004
- RE: applicationId found or not found, Scott Cantor, 08/12/2004
- RE: applicationId found or not found, Howard Gilbert, 08/12/2004
- RE: applicationId found or not found, Scott Cantor, 08/12/2004
- RE: applicationId found or not found, Howard Gilbert, 08/12/2004
- RE: SHIB design call -- (8/9), 3:00 pm edt, noon pdt, Scott Cantor, 08/09/2004
- RE: SHIB design call -- (8/9), 3:00 pm edt, noon pdt, Howard Gilbert, 08/09/2004
Archive powered by MHonArc 2.6.16.