-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
97 changed files
with
5,888 additions
and
282 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -15,7 +15,9 @@ log/ | |
| bin/ | ||
| *.war | ||
| *.iml | ||
| *.ipr | ||
| *.iws | ||
| *.log | ||
| tmp/ | ||
| ./apache-tomcat | ||
| apache-tomcat.zip | ||
| apache-tomcat.zip | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| # Changelog | ||
|
|
||
| We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO. | ||
|
|
||
| 20.0.0 (09-02-2020) | ||
| =================== | ||
|
|
||
| OSF CAS first release with basic authentication features for OSF | ||
|
|
||
| * Username and password login | ||
| * Username and verification key login | ||
| * Two-factor authenticaion | ||
| * Long-term authentication | ||
| * ORCiD login | ||
|
|
||
| Technical details | ||
|
|
||
| * JSON service registry | ||
| * JPA ticket regisrtry with PostgreSQL | ||
| * JPA PostgreSQL authentication backend | ||
| * Customized login web flow and authentication including: | ||
| * OSF credential and metadata populator | ||
| * OSF non-interactive authentication action | ||
| * OSF PostgreSQL authentication handler | ||
| * Pac4j authentication delegation | ||
| * Two-factor authentication using time-based one-time password | ||
| * Customized authentication exception handling | ||
| * Customized user interface | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| <!-- | ||
| Before submitting the PR, double check the target branch. | ||
| - For critical hotfixes, select "master" as the target branch. | ||
| (Re)name your branch to "hotfix/<branch_name>". | ||
| - For the rest, select "develop" as the target branch.(Re)name | ||
| your branch with a proper prefix as listed below. | ||
| - "feature/" for features and improvements | ||
| - "fix/" for bug fixes | ||
| - For security fixes, please check with your team lead before | ||
| submitting your Pull Request. | ||
| --> | ||
|
|
||
| ## Ticket | ||
|
|
||
| [ENG-****](https://openscience.atlassian.net/browse/ENG-****) | ||
|
|
||
| ## Purpose | ||
|
|
||
| <!-- Describe the purpose of your changes. --> | ||
|
|
||
| ## Changes | ||
|
|
||
| <!-- Briefly describe or list your changes. --> | ||
|
|
||
| ## Dev Notes | ||
|
|
||
| <!-- Any special note for reviewer and / or other developers? --> | ||
|
|
||
| ## QA Notes | ||
|
|
||
| <!-- Any special note for QA testing? --> | ||
|
|
||
| ## Dev-Ops Notes | ||
|
|
||
| <!-- Any special note for PR merge and / or server deployment? --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,146 +1,90 @@ | ||
| CAS Overlay Template [](https://travis-ci.org/apereo/cas-overlay-template) | ||
| ======================= | ||
| OSF CAS by Center for Open Science | ||
| ================================== | ||
|
|
||
| Generic CAS WAR overlay to exercise the latest versions of CAS. This overlay could be freely used as a starting template for local CAS war overlays. | ||
| `Master` Build Status: **TBI** | ||
|
|
||
| # Versions | ||
|
|
||
| - CAS `6.1.x` | ||
| - JDK `11` | ||
|
|
||
| # Overview | ||
|
|
||
| To build the project, use: | ||
|
|
||
| ```bash | ||
| # Use --refresh-dependencies to force-update SNAPSHOT versions | ||
| ./gradlew[.bat] clean build | ||
| ``` | ||
| `Develop` Build Status: **TBI** | ||
|
|
||
| To see what commands are available to the build script, run: | ||
| Versioning Scheme: [](http://calver.org) | ||
|
|
||
| ```bash | ||
| ./gradlew[.bat] tasks | ||
| ``` | ||
|
|
||
| To launch into the CAS command-line shell: | ||
|
|
||
| ```bash | ||
| ./gradlew[.bat] downloadShell runShell | ||
| ``` | ||
|
|
||
| To fetch and overlay a CAS resource or view, use: | ||
|
|
||
| ```bash | ||
| ./gradlew[.bat] getResource -PresourceName=[resource-name] | ||
| ``` | ||
|
|
||
| To list all available CAS views and templates: | ||
|
|
||
| ```bash | ||
| ./gradlew[.bat] listTemplateViews | ||
| ``` | ||
|
|
||
| To unzip and explode the CAS web application file and the internal resources jar: | ||
|
|
||
| ```bash | ||
| ./gradlew[.bat] explodeWar | ||
| ``` | ||
| License: [](https://github.com/apereo/cas/blob/master/LICENSE) | ||
|
|
||
| # Configuration | ||
| # About | ||
|
|
||
| - The `etc` directory contains the configuration files and directories that need to be copied to `/etc/cas/config`. | ||
| OSF CAS is the centralized authentication and authorization service for the [OSF](https://osf.io/) and its services such as [OSF Preprints](https://osf.io/preprints/) and [OSF Registries](https://osf.io/registries). | ||
|
|
||
| ```bash | ||
| ./gradlew[.bat] copyCasConfiguration | ||
| ``` | ||
| # Features | ||
|
|
||
| - The specifics of the build are controlled using the `gradle.properties` file. | ||
| * OSF username and password login | ||
| * OSF username and verification key login | ||
| * OSF two-factor authentication | ||
| * **WIP** - Delegated authentication | ||
| * **TBI** - OAuth authorization server for OSF | ||
| * **TBI** - SAML service provider | ||
|
|
||
| ## Adding Modules | ||
| # Implementations | ||
|
|
||
| CAS modules may be specified under the `dependencies` block of the [Gradle build script](build.gradle): | ||
| The implementation of OSF CAS is based on [Apereo CAS 6.2.x](https://github.com/apereo/cas/tree/6.2.x) via [CAS Overlay Template 6.2.x](https://github.com/apereo/cas-overlay-template/tree/6.2). Refer to [CAS Documentaion 6.2.x](https://apereo.github.io/cas/6.2.x/) for more details. | ||
|
|
||
| ```gradle | ||
| dependencies { | ||
| compile "org.apereo.cas:cas-server-some-module:${project.casVersion}" | ||
| ... | ||
| } | ||
| ``` | ||
| ## Legacy Implementations | ||
|
|
||
| To collect the list of all project modules and dependencies: | ||
| A legacy version can be found at [CAS Overlay](https://github.com/CenterForOpenScience/cas-overlay), which was built on [Jasig CAS 4.1.x](https://github.com/apereo/cas/tree/4.1.x) via [CAS Overlay Template 4.1.x](https://github.com/apereo/cas-overlay-template/tree/4.1). | ||
|
|
||
| ```bash | ||
| ./gradlew[.bat] allDependencies | ||
| ``` | ||
| # Versions | ||
|
|
||
| ### Clear Gradle Cache | ||
| - OSF CAS `20.0.x` | ||
| - Apereo CAS `6.2.x` | ||
| - PostgreSQL `9.6` | ||
| - JDK `11` | ||
|
|
||
| If you need to, on Linux/Unix systems, you can delete all the existing artifacts (artifacts and metadata) Gradle has downloaded using: | ||
| # Build and Run OSF CAS | ||
|
|
||
| ```bash | ||
| # Only do this when absolutely necessary | ||
| rm -rf $HOME/.gradle/caches/ | ||
| ``` | ||
| ## OSF | ||
|
|
||
| Same strategy applies to Windows too, provided you switch `$HOME` to its equivalent in the above command. | ||
| OSF CAS requires a working OSF running locally. Refer to OSF's [README-docker-compose.md](https://github.com/CenterForOpenScience/osf.io/blob/develop/README-docker-compose.md) for how to set up and run OSF with `docker-compose`. Must disable `fakeCAS` to free port `8080`. | ||
|
|
||
| # Deployment | ||
| In `cas.propeties`, global JDBC settings can be found [here](https://github.com/cslzchen/osf-cas/blob/21bb277cc38b3364fd67a632c0bc7b7a6ffc9efd/etc/cas/config/cas.properties#L69-L73) and JPA specific settings can be found [here](https://github.com/cslzchen/osf-cas/blob/21bb277cc38b3364fd67a632c0bc7b7a6ffc9efd/etc/cas/config/cas.properties#L54-L60). | ||
|
|
||
| - Create a keystore file `thekeystore` under `/etc/cas`. Use the password `changeit` for both the keystore and the key/certificate entries. This can either be done using the JDK's `keytool` utility or via the following command: | ||
| ## CAS DB | ||
|
|
||
| ```bash | ||
| ./gradlew[.bat] createKeystore | ||
| ``` | ||
| OSF CAS is configured to use the [JPA Ticket Registry](https://apereo.github.io/cas/6.2.x/ticketing/Configuring-Ticketing-Components.html#ticket-registry) for durable ticket storage. Thus, a relational database is required. Set up a `[email protected]` server and update *JPA Ticket Registry* [settings](https://github.com/cslzchen/osf-cas/blob/21bb277cc38b3364fd67a632c0bc7b7a6ffc9efd/etc/cas/config/cas.properties#L65-L113) in `cas.propeties` accordingly. Must use a port other than the already occupied `5432`. | ||
|
|
||
| - Ensure the keystore is loaded up with keys and certificates of the server. | ||
| ## Signing and Encryption Keys | ||
|
|
||
| On a successful deployment via the following methods, CAS will be available at: | ||
| Refer to [settings](https://github.com/cslzchen/osf-cas/blob/21bb277cc38b3364fd67a632c0bc7b7a6ffc9efd/etc/cas/config/cas.properties#L117-L133) in `cas.properties` for signing and encrypting client session and ticket granting cookie. | ||
|
|
||
| * `https://cas.server.name:8443/cas` | ||
| ## Authentication Delegation | ||
|
|
||
| ## Executable WAR | ||
| ### ORCiD Login | ||
|
|
||
| Run the CAS web application as an executable WAR: | ||
| Set up a developer app at [ORCiD](https://orcid.org/developer-tools) with `http://localhost:8080/login` and `http://192.168.168.167:8080/login` as *redirect URIs*. Update | ||
| `cas.authn.pac4j.orcid.id` and `cas.authn.pac4j.orcid.secret` in `cas.properties` [settings](https://github.com/cslzchen/osf-cas/blob/21bb277cc38b3364fd67a632c0bc7b7a6ffc9efd/etc/cas/config/cas.properties#L186-L192). | ||
|
|
||
| ```bash | ||
| ./gradlew[.bat] run | ||
| ``` | ||
| ### `fakeCAS` Login | ||
|
|
||
| Debug the CAS web application as an executable WAR: | ||
| With OSF CAS running locally as the authentication server for OSF, `fakeCAS` can be configured to serve as an identity provider. Simply update `fakecas` in OSF's [docker-compose.yaml](https://github.com/CenterForOpenScience/osf.io/blob/dc87c86b2afb7ad4e801b23c6428e3d2169e3e36/docker-compose.yml#L235-L247) to listen on port 8081. | ||
|
|
||
| ```bash | ||
| ./gradlew[.bat] debug | ||
| ``` | ||
|
|
||
| Run the CAS web application as a *standalone* executable WAR: | ||
|
|
||
| ```bash | ||
| ./gradlew[.bat] clean executable | ||
| fakecas: | ||
| image: quay.io/centerforopenscience/fakecas:master | ||
| command: fakecas -host=0.0.0.0:8081 -osfhost=localhost:5000 -dbaddress=postgres://postgres@postgres:5432/osf?sslmode=disable | ||
| restart: unless-stopped | ||
| ports: | ||
| - 8081:8081 | ||
| depends_on: | ||
| - postgres | ||
| stdin_open: true | ||
| ``` | ||
|
|
||
| ## External | ||
|
|
||
| Deploy the binary web application file `cas.war` after a successful build to a servlet container of choice. | ||
|
|
||
| ## Docker | ||
|
|
||
| The following strategies outline how to build and deploy CAS Docker images. | ||
| Related settings in `cas.propeties` can be found [here](https://github.com/cslzchen/osf-cas/blob/21bb277cc38b3364fd67a632c0bc7b7a6ffc9efd/etc/cas/config/cas.properties#L196-L199). | ||
|
|
||
| ### Jib | ||
| ## Build and Run | ||
|
|
||
| The overlay embraces the [Jib Gradle Plugin](https://github.com/GoogleContainerTools/jib) to provide easy-to-use out-of-the-box tooling for building CAS docker images. Jib is an open-source Java containerizer from Google that lets Java developers build containers using the tools they know. It is a container image builder that handles all the steps of packaging your application into a container image. It does not require you to write a Dockerfile or have Docker installed, and it is directly integrated into the overlay. | ||
| It is recommended to use the `Dockerfile` and the provided scripts to build and run CAS. | ||
|
|
||
| ```bash | ||
| ./gradlew build jibDockerBuild | ||
| ``` | ||
|
|
||
| ### Dockerfile | ||
|
|
||
| You can also use the native Docker tooling and the provided `Dockerfile` to build and run CAS. | ||
|
|
||
| ```bash | ||
| chmod +x *.sh | ||
| ./docker-build.sh | ||
| ./docker-run.sh | ||
| ``` | ||
|
|
||
| Refer to Apereo's [README.md](https://github.com/apereo/cas-overlay-template/tree/6.2#cas-overlay-template-) for more options. |
Oops, something went wrong.