This page is the home for draft documentation pages created by Keith Hazelton.
(KH 29 April 2013) Drafting is done. Awaiting further review and wrap-up tasks. (SJM 29 April 2013) – I've added notes with or or icons next to them to indicate whether I think these tasks are done, in my court, or still in KH's court, respectively, as of 5pm PDT on 29 Apr 2013 |
The following list of pages to be drafted/reviewed/edited as my part of the documentation wrap-up is excerpted from https://wikihub.berkeley.edu/display/pbamboo/Wrap-Up+Documentation+Checklist+-+Spring+2013
Developer Workbench Environment for BSP Service Developers
https://wikihub.berkeley.edu/display/pbamboo/Developer+Workbench+Environment+for+BSP+Service+Developers
- Review the client auth and Grouper setup instructions; Anything else needed from me on this page?
(SJM 22 April 2013) AFAIK, nothing needed from Keith on this page other than quick review of Client Auth and Grouper sections, which do little more than contextualize and refer to the 'actual' installation instructions located separately (and noted by KH below). (SJM 29 April 2013) – this task appears complete to SJM |
Configure Apache Web Server for Client Auth
https://wikihub.berkeley.edu/display/pbamboo/Configure+Apache+Web+Server+for+Client+Auth
- See the attached Word doc for updated instructions: clientAuthHowto-20130422.docx
(SJM 22 April 2013) From inspection, and per JIRA IAM-79, documentation about how to generate a self-signed cert is already included in the current wiki doc that is referenced above (cf. section "Generate a self-signed key with openssl" – amendments / corrections / suggestions here are welcome if there's something wrong included in this documentation section!!). Addition in Keith's attached Word doc re: which bit to extract and send to a Bamboo admin is helpful, but would be more helpful if it directly referenced the steps that the Bamboo admin would take once s/he has received the public X.509, which is also already described on the same page, cf. section "A Bamboo Service Platform administrator places a trusted client's X.509 cert in the proper directory." What's missing from the Configure Apache Web Server for Client Auth page is still missing from the attached Word doc: what to do on the client side with the self-generated cert. Note that instructions for Poster are given (Configuring Firefox Poster as a test client). What I am hoping to have from Keith is instructions that pertain to a Drupal instance hosted on a Linux box. I think this probably means only a brief HowTo about configuring httpd on such a box, but perhaps Drupal handles its own certs / SSL layer – I just don't know. That's why I didn't attempt to write this section of the documents. (KH 26 April 2013) We've resolved that the client auth bits are handled in PHP code running within Drupal. Steve is producing documentation based on Bruce Barton's code and Brian Wood's work on Account Services. (SJM 29 April 2013) – this task appears complete to SJM |
Grouper Install - Configure - Populate
https://wikihub.berkeley.edu/display/pbamboo/Grouper+Install+-+Configure+-+Populate
- See Populating a Bamboo Grouper Instance
(SJM 29 April 2013) – this task / document is now in SJM's court ... intended to be incorporated in documentation this week |
Maintaining Application Catalog Data for Trusted Clients
https://wikihub.berkeley.edu/display/pbamboo/Maintaining+Application+Catalog+Data+for+Trusted+Clients
- See Bamboo Administrator's Guide to Maintaining the Application Catalog
(SJM, 22 April 2013) The document referenced above was last updated in Aug 2012. Most important, this document refers to local entities in connection with the "App Catalog" data, but AFAIK that is no longer current. [I do not have an instance of Grouper with the current data in it ... should I spend the hour or two re-creating this via re-install and backup so that we can look at the data, or is there still a current instance at arche (if the latter, how can I see it?)?]
Note that this documentation task is tracked in JIRA IAM-116. If it would be helpful to move this/these notes there, where threading is easier to track, we can do so. (KH 24 April 2013) Further comments added to JIRA IAM-116. (SJM 29 April 2013) – this task / document is now in SJM's court ... intended to be incorporated in documentation (SJM 29 April 2013) – this task / document is now complete, except for review by KH. note that the section re: adding subjects to the interim Subject DB will be incorporated in the Grouper - Install Configure - Populate document, not this one. |
Maintaining SAML Metadata that establishes a Trust Federation
https://wikihub.berkeley.edu/display/pbamboo/Maintaining+SAML+Metadata+that+establishes+a+Trust+Federation
- See "Bamboo Federation processes for onboarding a new Relying Party or IdP" at https://sites.google.com/a/metazome.info/fed-metadata-howto/
- See the attached metadata file (cleansed of entities not related to Bamboo): ProjectBambooSaml2Metadata-20130422.xml
(SJM, 22 April 2013) SJM to take next steps on this NOTE TO STEVE:
(SJM 29 April 2013) – this task appears complete to SJM, but the doc could benefit from some very light, pro-forma review by Keith. Note that SAML metadata is now versioned here |
Social/SAML Gateway to enable social media identity provisioning
https://wikihub.berkeley.edu/pages/viewpage.action?pageId=72418259
- See attached word doc from U Texas describing the configuration of SimpleSAMLphp to deliver a social2SAML gateway modeled on the U Texas pilot. A zipped file of the SimpleSAMLphp directories (scrubbed of passwords) is also available on request from Steve Masover or Keith Hazelton.
(SJM, 29 April 2013) Keith, I think we agree that this is not actually complete until:
(KH 29 April 2013) These items will take some time to complete due in part to other obligations and in part to the amount of work involved. (SJM, 29 April 2013) Acknowledged, Keith, that completion of this item will take a bit more time. We should discuss status before what I recall is your week out of the office scheduled for next week. |
Authentication - Current Limitations and Future Direction
https://wikihub.berkeley.edu/display/pbamboo/Authentication+-+Current+Limitations+and+Future+Direction
- Drafted. See https://projectbamboo.atlassian.net/wiki/display/BWSP/Authentication+-+Current+Limitations+and+Future+Direction
(SJM, 22 April 2013) SJM to take next steps on this KH: This looks like a good start. Let me take the next iteration, and I may come back to you for (low time-impact) review. (SJM 29 April 2013) – this task appears complete to SJM |
Client Environment-Tool-Service Integration with Bamboo IAM infrastructure
https://wikihub.berkeley.edu/display/pbamboo/Client+Environment-Tool-Service+Integration+with+Bamboo+IAM+infrastructure
- Using the prototype of Drupal-based Account Services as the example
(SJM, 29 April 2013) (KH 29 April 2013) The link above your note is live. The document is ready for review (SJM, 29 April 2013) SJM acknowledging ball in SJM's court on this. (SJM, 30 April 2013) – this task appears complete to SJM |