Task #3394: Deploy Shibboleth provider for KNB LDAP accounts
Determine which host will run IdP software
We are looking to deploy two instances of the Shibboleth IdP software, both pointing to different subtrees in ldap.ecoinformatics.org.
Where should they be deployed? We definitely need Tomcat and Apache and a secure connection to the ldap server.
The current LDAP service is running on triana.nceas.ucsb.edu, and it makes sense that the shibboleth services would run on the same machine. This needs to be discussed with Nick Brand, but I think it will be the best location.
I'm in the process of deploying two IdPs on one machine to see if they can coexist. So far so good, but I still need to get this newer IdP registered with CILogon to make sure.
I have the ou=Account and the o=unaffiliated accounts both running on the same mn-demo-5.test.dataone.org server in the CILogon test environment. So I think we should be good running two (or more) IdPs on the same server in the same Tomcat container. We do have to do a couple more configuration steps to use contexts other than "idp" but they are pretty trivial.
So, is triana the one?
Talked to Nick about the set-up:
Will make new VM on the same host that houses triana.nceas.ucsb.edu.¶
Deploy each IdP using distinct hostnames:¶
This means we need another IP for the VM
The new server is up. Ben has sudo, hostname is frey.nceas.ucsb.edu.
I set it up with monitoring, nightly tape backups, and stats collection.
- translation missing: en.field_remaining_hours set to 0.0
- Status changed from New to Closed
Host is up; there are other tickets for deploying the individual instances.
- Target version changed from 2013.2-Block.1.1 to 2013.10-Block.2.1
- Target version set to 2013.10-Block.2.1
- Target version deleted (
Also available in: Atom