liferay csgf playbook
There is a role to deploy a Catania Science Gateway based on Liferay. The default scenario foresees that authentication to the gateway will be done with Shibboleth tokens from an identity provider registered in a federation - this means that such an IDP should be already configured and we provide a playbook for that too.
While most of the configuration of the liferay application and glassfish server which it runs in is done via templates of XML files, there are some manual steps involved for now, in configuring the Liferay authentication.
Once you have run the liferay-csgf.yml playbook, you need to perform an initial login to the Liferay application running at http://<science-gatway-host>. Then, follow these steps
- Create the first test user
- Log in the first time with this user, and accept the EULA
- Restart the Liferay domain
- Go to Liferay control panel, the "portal settings area"
- Configure LDAP authentication: 1. Add ldap server 1. Add principle cn 1. Configure user search path and attributes 1. Check authentication
We now provide more detail on each step
When the playbook finishes, you are presented with this message :
TASK: [Inform the user to complete liferay setup] *****************************
ok: [sgw.ternet.or.tz] => {
"msg": "after the playbook completes, you have to access the liferay web page and confirm the configuration. Then you have to manually restart the liferay domain in order to complete the installation"
}
At this point, you can go to the liferay instance - https://your.sgw.host.name - where you are presented with something like this :
By clicking on the "Finish Configuration" button, you customise the Liferay application for first use, and are presented with
Click on "Go to portal", and you will be taken to a screen where you can change the default password of the first test user :
As you can see by the context panel above, the user is authenticated. Once you change the password, you are presented with the (empty) home screen:
Now, restart the Liferay domain as liferayadmin user:
cd /opt/glassfish/glassfish3/bin
[liferayadmin@sgw bin]$ ./asadmin stop-domain liferay
Waiting for the domain to stop ......
Command stop-domain executed successfully.
[liferayadmin@sgw bin]$ ./asadmin start-domain liferay
Waiting for liferay to start ..........................................................................
Successfully started the domain : liferay
domain Location: /opt/glassfish/glassfish3/glassfish/domains/liferay
Log File: /opt/glassfish/glassfish3/glassfish/domains/liferay/logs/server.log
Admin Port: 4848
Command start-domain executed successfully.
Once you've logged in again as the test user, you have to accept the Terms of Use :
and select a reminder question for password reset
You are now ready to configure Authentication.
You are now ready to configure authentication via LDAP/Shibboleth. Go to the Portal Settings in the Liferay "Portal" section:
You are provided with several authentication options
- Click on LDAP tab
- Enable LDAP
- Add the LDAP server
- Add the Base DN
dc=local - Add the "principle" - the user that liferay will connect to the LDAP server and apply import as - usually
cn=liferayadmin,dc=local, along with their password - Test the LDAP connection - this will import the existing users
you need an etoken server to connect to the science gateway. The IP of your science gateway needs to be approved from the etoken server.