1
|
=====================================
|
2
|
Larpe - Administrator Guide
|
3
|
=====================================
|
4
|
|
5
|
:author: Damien Laniel
|
6
|
:contact: dlaniel@entrouvert.com
|
7
|
:copyright: Copyright © 2006 Entr'ouvert
|
8
|
|
9
|
.. contents:: Table of contents
|
10
|
|
11
|
Overview
|
12
|
========
|
13
|
|
14
|
Larpe is a Liberty Alliance Reverse Proxy. It allows any service provider
|
15
|
(that is a website) to use Liberty Alliance features (Identity federation,
|
16
|
Single Sign On and Single Logout) without changing the code of
|
17
|
the service provider itself. It uses the Lasso_ library
|
18
|
which is certified by the `Liberty Alliance`_ consortium. Lasso_ and Larpe
|
19
|
are released under the terms of the `GNU GPL license`_.
|
20
|
|
21
|
|
22
|
How to get and install Larpe
|
23
|
============================
|
24
|
|
25
|
Installation under Debian_ Sarge
|
26
|
++++++++++++++++++++++++++++++++
|
27
|
|
28
|
To work correctly Larpe relies on :
|
29
|
|
30
|
* Apache2_ ;
|
31
|
|
32
|
* Lasso_ (0.6.3) ;
|
33
|
|
34
|
* Quixote_ (2.0) ;
|
35
|
|
36
|
* SCGI_ ;
|
37
|
|
38
|
* mod_python_ ;
|
39
|
|
40
|
* libxml2 ;
|
41
|
|
42
|
* mod_proxy_html.
|
43
|
|
44
|
You will also need a Liberty Alliance Identity Provider, be it on the same server or not.
|
45
|
We recommend Authentic_ for that need.
|
46
|
|
47
|
Package Installation
|
48
|
--------------------
|
49
|
|
50
|
You need to add the following line to your /etc/apt/sources.list; this will
|
51
|
give you access to the repository where Larpe is stored::
|
52
|
|
53
|
deb http://deb.entrouvert.org/ sarge main
|
54
|
|
55
|
As root type::
|
56
|
|
57
|
apt-get update
|
58
|
apt-get install larpe
|
59
|
|
60
|
And follow the debconf wizard to set it up.
|
61
|
|
62
|
All the required packages are now installed and configured.
|
63
|
|
64
|
You might need to change the "<VirtualHost \*>" in your apache2 configuration
|
65
|
(/etc/apache2/sites-available/apache2-vhost-larpe) depending on how you
|
66
|
previously configured apache.
|
67
|
|
68
|
Don't forget to modify your /etc/hosts file if necessary. Larpe now works, the
|
69
|
administration interface is reachable at http://your_domain_name/admin. The username
|
70
|
and password are the ones you entered during the installation wizard.
|
71
|
|
72
|
If you don't want to modify your sources.list file, you can manually dowload and
|
73
|
install the required packages with the dpkg -i command :
|
74
|
|
75
|
* Larpe, Authentic and Lasso on http://deb.entrouvert.org/ ;
|
76
|
|
77
|
* Quixote 2.0 on http://authentic.labs.libre-entreprise.org/.
|
78
|
|
79
|
Installation with another Linux distribution
|
80
|
++++++++++++++++++++++++++++++++++++++++++++
|
81
|
|
82
|
We suppose Apache2_, SCGI_, mod_python_, libxml2 and mod_proxy_html are already installed. You need then to
|
83
|
download and install the following sources :
|
84
|
|
85
|
* Lasso http://lasso.entrouvert.org ;
|
86
|
|
87
|
* Quixote http://www.mems-exchange.org/software/Quixote/ ;
|
88
|
|
89
|
* Authentic http://authentic.labs.libre-entreprise.org/ ;
|
90
|
|
91
|
* Larpe http://labs.libre-entreprise.org/frs/?group_id=108.
|
92
|
|
93
|
To install Larpe, uncompress the sources you have downloaded and launch the
|
94
|
setup.py script ::
|
95
|
|
96
|
tar xzf larpe*.tar.gz
|
97
|
cd larpe*
|
98
|
python setup.py install
|
99
|
|
100
|
You need then to configure Apache2_ correctly. You should use the provided apache2-vhost-larpe template and adapt to your configuration.
|
101
|
|
102
|
Don't forget to modify your /etc/hosts file if necessary. Larpe now works, the
|
103
|
administration interface is reachable at http://your_domain_name/admin.
|
104
|
|
105
|
Basic Larpe configuration
|
106
|
=========================
|
107
|
|
108
|
Identity Provider configuration
|
109
|
+++++++++++++++++++++++++++++++
|
110
|
|
111
|
If you don't have a configured Identity Provider yet, please read Authentic
|
112
|
manual to set it up. Then you must have the metadata and public key of the Identity
|
113
|
Provider to begin with Larpe.
|
114
|
|
115
|
Then in Larpe administration interface, click on "Settings", then "Identity Provider".
|
116
|
Fill in the metadata and public key that you've got from your Identity Provider then
|
117
|
click Submit.
|
118
|
Your Identity Provider is now configured in Larpe, you can then configure as many Service
|
119
|
Providers as you want.
|
120
|
|
121
|
Service Provider Configuration
|
122
|
++++++++++++++++++++++++++++++
|
123
|
|
124
|
Service Provider configuration
|
125
|
------------------------------
|
126
|
|
127
|
Click on "Hosts" then "New Host".
|
128
|
|
129
|
Fill in the following parameters :
|
130
|
|
131
|
* Label : the name you want to give to your Service Provider ;
|
132
|
|
133
|
* Original Site Address : the root URL of your Service Provider ;
|
134
|
|
135
|
* Authentication Page : if the page which contains the authentication form for
|
136
|
your Service Provider is on a separate page, fill the url of this page here ;
|
137
|
|
138
|
* Authentication Form Page : if you didn't fill the previous field and if the
|
139
|
authentication form if not on the first page of your Service Provider either,
|
140
|
fill the url of the page which contains the authentication form here ;
|
141
|
|
142
|
* Logout Address : when you want Single Sign On and Identity Federation, you probably
|
143
|
want Single Logout too. If so, fill the logout url of your original site here ;
|
144
|
|
145
|
* Reversed Host Name : the domain name where you want to access your Service Provider
|
146
|
through the reverse proxy. It can be the domain name of Larpe or not ;
|
147
|
|
148
|
Then click "Submit". Wait a few seconds then go to http://reversed_host_name/reverse_directory/
|
149
|
to check if it works. If not, wait a bit more and try again. If it really doesn't work,
|
150
|
please submit a bug report at http://labs.libre-entreprise.org/tracker/?func=add&group_id=108&atid=512
|
151
|
|
152
|
Service Provider Example: Linuxfr
|
153
|
---------------------------------
|
154
|
|
155
|
To help you setup your own Service Provider, we provide an example of a working Service Provider
|
156
|
to guide you.
|
157
|
|
158
|
To setup Linuxfr, fill in the following parameters :
|
159
|
|
160
|
* Label : Linuxfr ;
|
161
|
|
162
|
* Original Site Address : http://linuxfr.org/ ;
|
163
|
|
164
|
* Authentication Page : Nothing here ;
|
165
|
|
166
|
* Authentication Form Page : http://linuxfr.org/pub/ ;
|
167
|
|
168
|
* Logout Address : http://linuxfr.org/close_session.html ;
|
169
|
|
170
|
* Reversed Host Name : linuxfr.reverse-proxy.example.com.
|
171
|
|
172
|
With "reverse-proxy.example.com" being the hostname you've set up before for your reverse-proxy
|
173
|
|
174
|
Don't forget to add this new hostname to your /etc/hosts as well.
|
175
|
|
176
|
You can then go to the reversed Linuxfr at http://linuxfr.reverse-proxy.example.com/
|
177
|
|
178
|
Service Provider Liberty Alliance final setup
|
179
|
---------------------------------------------
|
180
|
|
181
|
Now that you can access your Service Provider, you need a final step to use Liberty Alliance
|
182
|
features. Click on "Hosts", the click on the "Edit" icon of the Service Provider you've
|
183
|
just configured. Save the Service Provider Metadata (for ID-FF 1.2) and the Public Key
|
184
|
(right click then "Save as"). Configure this Service Provider on your Identity Provider
|
185
|
with these two files.
|
186
|
|
187
|
Licenses
|
188
|
========
|
189
|
|
190
|
Larpe, Authentic_, Candle_ and Lasso_ are released under the terms of the
|
191
|
`GNU GPL license`_.
|
192
|
|
193
|
.. _Lasso: http://lasso.entrouvert.org/
|
194
|
.. _`Liberty Alliance`: http://projectliberty.org/
|
195
|
.. _`GNU GPL License`: http://www.gnu.org/copyleft/gpl.html
|
196
|
.. _Debian: http://www.debian.org/
|
197
|
.. _Apache2: http://httpd.apache.org/
|
198
|
.. _Quixote: http://www.mems-exchange.org/software/Quixote
|
199
|
.. _mod_python: http://www.modpython.org/
|
200
|
.. _SCGI: http://www.mems-exchange.org/software/scgi/
|
201
|
.. _Candle: http://candle.labs.libre-entreprise.org/
|
202
|
.. _Authentic: http://www.entrouvert.com/fr/authentic/
|