I have configured the Apache HTTPD as the proxy server for the syncope deployment over ssl
Following url's can now be used: - http://idm-poc.apache.org/syncope, redirecting to https://idm-poc.apache.org/syncope - http://idm-poc.apache.org/syncope-console, redirecting to https://idm-poc.apache.org/syncope-console - http://idm-poc.apache.org/syncope-enduser, redirecting to https://idm-poc.apache.org/syncope-enduser I still have to look at aspects like: - https://idm-poc.apache.org/syncope/swagger As this doesn't work correctly. But then again, http://idm-poc.apache.org:8080/syncope/swagger doesn't work either. Please do *not* use the syncope implementation via the unencrypted tomcat port 8080/ Best regards, Pierre Smits ORRTIZ.COM <http://www.orrtiz.com> OFBiz based solutions & services OFBiz Extensions Marketplace http://oem.ofbizci.net/oci-2/ On Thu, Jan 12, 2017 at 8:23 PM, Francesco Chicchiriccò <ilgro...@apache.org > wrote: > Il 12 gennaio 2017 19:23:37 CET, Pierre Smits <pierre.sm...@gmail.com> ha > scritto: > >I see that the syncope-vm is working. But did we use the preconfigured > >installations of tomcat and postgresql (the client for connection to a > >ASF > >psql setup)? > > syncope-vm.apache.org hosts our public demo, see > > http://syncope.apache.org/demo.html > > I am working on syncope-vm2 with manual Tomcat deployment (and PostgreSQL) > of the artifacts built from the POC GIT repository. > > Regards. > > >On Thu, Jan 12, 2017 at 5:14 PM, Francesco Chicchiriccò > ><ilgro...@apache.org > >> wrote: > > > >> Hi, > >> quick update: I have defined some schemas and the local LDAP resource > >with > >> provision for both users and groups: at the moment browsing the > >resource > >> from Syncope Admin UI works fine. > >> > >> Regards. > >> > >> On 11/01/2017 16:12, Francesco Chicchiriccò wrote: > >> > >>> On 11/01/2017 12:42, Francesco Chicchiriccò wrote: > >>> > >>>> On 10/01/2017 23:56, Chris Lambertus wrote: > >>>> > >>>>> Yes, I am available. I will provide you an export of our existing > >LDAP > >>>>> repository and pointers to our schemas. > >>>>> > >>>> > >>>> Thanks Chris, looks good! > >>>> > >>>> In answer to your questions below regarding id.a.o: > >>>>> > >>>>> 1) Yes, the current id.a.o app exclusively manages data in LDAP as > >a > >>>>> self-service tool. > >>>>> > >>>>> 2a) OpenLDAP > >>>>> 2b) A variety including some custom schemas which I will make > >available > >>>>> you along with the ldif. > >>>>> 2c) There are MANY processes and tools which read and write from > >LDAP. > >>>>> > >>>>> The initial scope of the PoC should be to provision Syncope as an > >admin > >>>>> and end-user UI for maintaining attributes related to LDAP > >accounts > >>>>> (committers, staff) as a potential replacement for the > >id.apache.org < > >>>>> http://id.apache.org> service. Once we’ve explored the key > >>>>> functionality of a test/demo implementation, we can look at what > >it would > >>>>> take to replace the service in production, along with integrating > >other > >>>>> tools related to account creation. > >>>>> > >>>> > >>>> I completely agree. > >>>> > >>>> AFAICT, the identified tasks are: > >>>> > >>>> 1. setup an OpenLDAP instance with the content and configuration > >>>> provided > >>>> 2. configure the Syncope entities: schemas, realms, resource, > >tasks, ... > >>>> 3. configure / customize the Enduser UI > >>>> > >>>> I will start with task (1), manual installation; not sure if it > >makes > >>>> sense to puppet-ize that: if so, Pierre could possibly help. > >>>> > >>> > >>> Updated: thanks to the LDIF dump saved under > >>> > >>> /root/asf-20170110.ldif on syncope-vm2 > >>> > >>> and the LDAP conf chunks I could derive from > >>> > >>> https://github.com/apache/infrastructure-puppet/tree/deploym > >>> ent/modules/ldapserver > >>> > >>> I was finally able to successfully import everything; the OpenLDAP > >>> instance is currently up and running, ready to rumble. > >>> > >>> FYI I have placed a copy of the resulting slapd.conf under /root on > >>> syncope-vm2 > >>> > >>> Any other volunteer? > >>>> > >>>> Regards. > >>>> > >>>> > >>>> On Jan 9, 2017, at 3:59 AM, Francesco Chicchiriccò > ><ilgro...@apache.org > >>>>>> <mailto:ilgro...@apache.org>> wrote: > >>>>>> > >>>>>> Hi all, > >>>>>> semi-formal "ping" for Infra guys: is there anyone available for > >>>>>> supporting this PoC? As said from the beginning, a fundamental > >requirement > >>>>>> is to have someone playing the customer role, otherwise any > >effort is > >>>>>> pointless. > >>>>>> > >>>>>> Regards. > >>>>>> > >>>>>> On 19/12/2016 09:09, Francesco Chicchiriccò wrote: > >>>>>> > >>>>>>> Quick update: > >>>>>>> > >>>>>>> 1. Pierre has submitted the first PR for puppet at > >>>>>>> https://github.com/apache/infrastructure-puppet/pull/156 > >>>>>>> > >>>>>>> 2. I have just updated the PoC code to Syncope 2.0.1 (that's the > >>>>>>> second commit, exactly 1 year after fist one: time flies): > >>>>>>> https://github.com/apache/iampoc/commit/a155f59362e6f553356e > >>>>>>> 7e52116834837dbda984 > >>>>>>> > >>>>>>> However, without someone from Infra providing info + > >specifications, > >>>>>>> there is no much more we can do. > >>>>>>> Infra, please if you're there, knock once. > >>>>>>> > >>>>>>> Regards. > >>>>>>> > >>>>>>> On 16/12/2016 11:13, Francesco Chicchiriccò wrote: > >>>>>>> > >>>>>>>> HI all, > >>>>>>>> I am happy to report that the VM for the PoC was made available > >( > >>>>>>>> syncope-vm2.apache.org) - see INFRA-10931. > >>>>>>>> I have been able to successfully access via SSH (sudo does not > >seem > >>>>>>>> to work, but nothing problematic about this ATM). > >>>>>>>> > >>>>>>>> I know from IRC that Pierre is at work to try to define a first > >>>>>>>> Puppet setup including JDK 1.8, Maven, Tomcat 8.5 and > >PostgreSQL. > >>>>>>>> Besides such components, the setup process will also need to > >fetch > >>>>>>>> and build the Maven project from the dedicated GIT repository > >(see below). > >>>>>>>> > >>>>>>>> Now in fist place I think we should re-attempt to start > >discussing > >>>>>>>> the actual requirements of this PoC, and then the planning. > >>>>>>>> > >>>>>>>> This means, essentially, to gather some information from the > >infra > >>>>>>>> team. > >>>>>>>> > >>>>>>>> I propose again to concentrate, from the list shown by Tony in > >[1], > >>>>>>>> on the first item, e.g. "https://id.apache.org (The end-user > >part > >>>>>>>> of it)", which triggers these first questions: > >>>>>>>> > >>>>>>>> 1. does the current app exclusively manage data from LDAP? > >>>>>>>> 2. if so, could you provide some details: > >>>>>>>> a. which LDAP server implementation? OpenLDAP? > >>>>>>>> b. which object classes are in use? baseDN(s)? > >>>>>>>> c. which processes / tools are reading from LDAP? which are > >>>>>>>> writing? > >>>>>>>> > >>>>>>>> In INFRA-10931, Greg proposed to provide an LDIF export of the > >>>>>>>> production LDAP servers so that we can setup a local detached > >copy which we > >>>>>>>> could use for tests. > >>>>>>>> > >>>>>>>> Looking forward to your reply. > >>>>>>>> Regards. > >>>>>>>> > >>>>>>>> On 21/12/2015 17:16, Francesco Chicchiriccò wrote: > >>>>>>>> > >>>>>>>>> Hi all, > >>>>>>>>> we now have our GIT repository at > >>>>>>>>> > >>>>>>>>> https://git-wip-us.apache.org/repos/asf/iampoc.git > >>>>>>>>> > >>>>>>>>> which is also mirrored, as usual, to GitHub. > >>>>>>>>> > >>>>>>>>> As you can see, I have made an initial commit featuring an > >empty > >>>>>>>>> default Syncope 2.0.0-SNAPSHOT setup. > >>>>>>>>> > >>>>>>>>> Now, waiting for the VM to be available (see INFRA-10931), we > >can > >>>>>>>>> start defining what is actually going to be part of this PoC, > >and how we > >>>>>>>>> are going to implement the related features. > >>>>>>>>> > >>>>>>>>> From the list showed by Tony in [1], I'd start with first > >item, > >>>>>>>>> e.g. "https://id.apache.org (The end-user part of it)". > >>>>>>>>> > >>>>>>>>> Here are some questions: > >>>>>>>>> > >>>>>>>>> 1. does the current app exclusively manage data from LDAP? > >>>>>>>>> 2. if so, could you provide some details: > >>>>>>>>> a. LDAP architecture (replicas, load-balancing, ..) > >>>>>>>>> b. which LDAP server implementation? OpenLDAP? > >>>>>>>>> c. which object classes are in use? baseDN(s)? > >>>>>>>>> d. which processes / tools are reading from LDAP? which are > >>>>>>>>> writing? > >>>>>>>>> e. is there any test LDAP instance available? if not, is it > >>>>>>>>> possible to pre-load some data from the production instances > >in order to > >>>>>>>>> build a test instance in our development VM? > >>>>>>>>> > >>>>>>>>> Please add questions if you see something missing. > >>>>>>>>> > >>>>>>>>> Regards. > >>>>>>>>> > >>>>>>>>> [1] http://markmail.org/message/utlcjkanilz4qztz > >>>>>>>>> > >>>>>>>> > >> -- > >> Francesco Chicchiriccò > >> > >> Tirasa - Open Source Excellence > >> http://www.tirasa.net/ > >> > >> Member at The Apache Software Foundation > >> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail > >> http://home.apache.org/~ilgrosso/ > >> > >> > > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, > OpenJPA, PonyMail > http://home.apache.org/~ilgrosso/ >
