Newer
Older
eduGAIN Access Check can be used by SP admins to validate the behaviour of
their federated service in a production environment.
It is actually composed of two parts:
* account manager
* identity provider
This is a web application developed in Perl, allowing SP admins to create test accounts with multiple user profiles.
It requires the following CPAN distributions:
* Email-MIME
* Email-Sender
* JSON
* Locale-Maketext-Lexicon
* Rose-DB-Object
* Template-Toolkit
* Text-CSV
* XML-LibXML
Installation follows the usual autotools-based procedure:
```
$> configure
$> make
$> sudo make install
```
A database has to be created, and its schema populated. For instance, with MariaDB:
```
$> mysqladmin create -u root -p access_check
Enter password:
$> mysql -u root -p access_check < conf/manager.sql
Enter password:
$> mysql -u root -p mysql
Enter password:
MariaDB [mysql]> grant all privileges on access_check.* to access_check@localhost identified by 's3cr3t';
Query OK, 0 rows affected (0.00 sec)
MariaDB [mysql]> quit
```
The web server has to be configured to map access to the CGI script. For instance, with Apache:
```
Alias /access-check /usr/local/share/access-check/www
<Directory /usr/local/share/access-check/www>
DirectoryIndex access-check-manager.cgi
AddHandler cgi-script .cgi
</Directory>
```
Additional directories have to be created for logs and data, with write permission for the web server:
```
$> sudo mkdir /var/log/access-check
$> sudo mkdir /var/lib/access-check
$> sudo chown apache.apache /var/log/access-check
$> sudo chown apache.apache /var/lib/access-check
```
The application has to be properly configured, using the installed ```manager.conf``` file.
A cron task has to be set for downloading federation metadata. For instance:
```
# download eduGAIN metadata hourly
01 * * * * root curl --silent http://mds.edugain.org/ -o /var/lib/access-manager/edugain.xml
```
Another cron task has to be set for purging expired tokens and accounts. For instance:
```
# purge expired tokens hourly
01 * * * * root /usr/local/bin/access-check-manager.pl list_tokens --expired --delete > /dev/null
02 0 * * * root /usr/local/bin/access-check-manager.pl list_accounts --expired --delete > /dev/null
The identity provider is actually [simpleSAMLphp](https://simplesamlphp.org/).
This software is licensed under GÉANT Standard Open Source Software Outward
Licence.
This software was developed by RENATER, with funding from the European
Community Seventh Framework Programme (FP7/2007-2013) under grant agreement nº
238875 (GÉANT).
This software was initialy authored by Olivier Salaün.