Re: local PGA with local airavata. How to obtain admin privilege?

[Pierce, Marlon]

Hi Heejon, thanks for the emails. We also have hip chat: 
https://www.hipchat.com/gMDHyN1KM. This may be more efficient for debugging 
than email.


Marlon


From: Supun Nakandala 
<supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>>
Reply-To: "users@airavata.apache.org<mailto:users@airavata.apache.org>" 
<users@airavata.apache.org<mailto:users@airavata.apache.org>>
Date: Tuesday, October 27, 2015 at 10:52 AM
To: "users@airavata.apache.org<mailto:users@airavata.apache.org>" 
<users@airavata.apache.org<mailto:users@airavata.apache.org>>
Subject: Re: local PGA with local airavata. How to obtain admin privilege?

In airavata-properties file

########################################################################
## API Security Configuration
########################################################################
api.secured=true
security.manager.class=org.apache.airavata.api.server.security.DefaultAiravataSecurityManager
### TLS related configuration ####
TLS.enabled=true


change api.secured=false
TLS.enabled=false

On Tue, Oct 27, 2015 at 10:49 AM, Heejoon Chae 
<heec...@cs.indiana.edu<mailto:heec...@cs.indiana.edu>> wrote:
Here I attached Airavata standard out, property, and PGA config.

Thank you,
Heejoon.

On Tue, Oct 27, 2015 at 11:33 PM, Supun Nakandala 
<supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> wrote:
can you provide more information or screenshot of the error

On Tue, Oct 27, 2015 at 10:26 AM, 채희준 
<ics...@gmail.com<mailto:ics...@gmail.com>> wrote:
Thank you for the information.

BTW, any suggestions for the connection refuse error?

Heejoon.

2015. 10. 27. 오후 11:14 Supun Nakandala 
<supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> 작성:

You can continue using the default configuration for your use. But if you plan 
to use in production I suggest you setup your own identity server deployment.

On Tue, Oct 27, 2015 at 9:51 AM, Heejoon Chae 
<heec...@cs.indiana.edu<mailto:heec...@cs.indiana.edu>> wrote:
Hi, Supun,

I actually still use 'idp.scigap.org<http://idp.scigap.org>', but do I need to 
locally install this if I want to use local Airavata?

Thank you,
Heejoon.

On Tue, Oct 27, 2015 at 10:40 PM, Supun Nakandala 
<supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> wrote:
Hi Heejoon,


In addition to running the local airavata server if you change the wsis section 
in the pga_config.php to use localhost you should also run a local wso2 
identity server instance(http://wso2.com/products/identity-server/). Currently 
what we do is we are hosting a one instance of identity server and using the 
same identity server in all PGAs. The identity server supports tenant based 
isolation so every pga is configured to use a separate tenant. The default 
configuration is the development related tenant that we use.

If you want your own wso2 identity server that can also be done.

On Tue, Oct 27, 2015 at 2:47 AM, Heejoon Chae 
<heec...@cs.indiana.edu<mailto:heec...@cs.indiana.edu>> wrote:
Hi Supun,

Thank you for the role setting information. Now the PGA seems working with 
hosted airavata.

For testing with locally installed Airavata server, I cloned recent git and 
compile which generated 0.16 snapshot.
I deployed it and when I ran it, I got following error and the PGA says unable 
to connect Airavata Server instance.

[INFO] Unable to sendViaPost to 
url[https://localhost:9443/services/EntitlementPolicyAdminService]
java.net.ConnectException: Connection refused

BTW, I modified PGA property to localhost.

Thank  you,
Heejoon.



On Sun, Oct 25, 2015 at 5:30 AM, Supun Nakandala 
<supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> wrote:
Hi Heejoon,

Based on your suggestion I have changed the pga_config.php.template 
admin-username to only have the username part. I hope this will avoid future 
user confusions.

In addition to that if you create a new user you can provide access to that 
user by assigning roles using the admin portal after logging in as master. The 
three main roles are as follows.

airavata-user => basic user who can run experiments
admin => user who can view/change application catalog data
admin-read-only => user who can only view the application catalog data

Thank you,
Supun

On Sat, Oct 24, 2015 at 9:10 AM, Heejoon Chae 
<heec...@cs.indiana.edu<mailto:heec...@cs.indiana.edu>> wrote:
Self-solved the issue.

Interestingly, even though the pga_config is written as

'admin-username' => 'master@master.airavata<mailto:master@master.airavata>',
'admin-password' => 'master',

I need to put admin username as 'master' and password 'master'

It seems the 'admin-username' assumes containing tenant-domain and when to 
login, it is ignored.
Now I can see the admin dashboard

I think It would be helpful if the wiki tutorial explains this part a little 
bit more.

Thank you,
Heejoon.





On Sat, Oct 24, 2015 at 6:05 PM, Heejoon Chae 
<heec...@cs.indiana.edu<mailto:heec...@cs.indiana.edu>> wrote:
Hi,

I installed PGA, airavata server on local machine and it seems working.

I created my own account and changed the user role to 'internal/everyone' to 
see the project and experiment menu.

Now, as pga_config, I tried to login with 
'master@master.airavata<mailto:master@master.airavata>' and 'master', but 
failed to login as admin

I tried this with both 'gw56.iu.xsede.org<http://gw56.iu.xsede.org>' and local 
host.

How can I obtain admin privilege?

Thank you,
Heejoon.




--
Thank you
Supun Nakandala
Dept. Computer Science and Engineering
University of Moratuwa




--
Thank you
Supun Nakandala
Dept. Computer Science and Engineering
University of Moratuwa




--
Thank you
Supun Nakandala
Dept. Computer Science and Engineering
University of Moratuwa



--
Thank you
Supun Nakandala
Dept. Computer Science and Engineering
University of Moratuwa




--
Thank you
Supun Nakandala
Dept. Computer Science and Engineering
University of Moratuwa