LIGO-India IAM Status

99b86242 · harshad.sawant · f94fc506 · 99b86242
Commit 99b86242 authored 1 year ago by harshad.sawant
Hide whitespace changes
Inline Side-by-side

Showing

with 121 additions and 0 deletions
+121 -0
--- a/IAM_LIGO-INDIA.md
+++ b/IAM_LIGO-INDIA.md
+\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*[**LIGO-India Aceess Management**](https://comanage.ligo-india.in/registry/pages/public/enroll)\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* 
+
+**Server/Technologies list:**
+
+
+
+|**Sr.No**|**Server/ Tech Name(ligo-india.in)**|**IP’s**|**OS**|**Tool version**|**Status**|
+| :-: | :-: | :-: | :-: | :-: | :-: |
+|1|Comanage registry, CakePHP, Docker & PostgreSQL|<p>192\.168.24.115</p><p>10\.10.30.13</p>|Centos Linux 8|<p>Comanage-registry  4.0.1</p><p>CakePHP 2.10.24</p><p>Docker 18.09.1</p><p>PostgreSQL 9.6.24</p>|Running|
+|2|LDAP-registry|<p>192\.168.24.121</p><p>10\.10.30.21</p>|Ubuntu 20.04|Ldap 2.4.57|Running|
+|3|Kdc-Test|<p>192\.168.24.119</p><p>10\.10.30.16</p>|Centos Linux 8|Kerberos version 5|Running|
+|4|IDP-Registry|<p>192\.168.24.127</p><p>10\.10.30.27</p>|Ubuntu 20.04|Shibboleth IDP version 4.2.1|Running|
+|5|Grouper-registry|<p>192\.168.24.106</p><p>10\.10.30.28</p>|` `Ubuntu 20.04||Running with Some error|
+
+
+
+
+
+
+**Primary Goal @LIGO-INDIA**
+
+
+
+ 1. For existing LIGO setup, Identity registration managed through myligo.org which is web interface for user management at LIGO.
+
+ 2. IGWN-IAM wants to decentralize authentication mechanism by implementing local identity service provider.
+
+ 3. LIGO-India wants to establish the IAM service for authentication and authorization.
+
+
+**Development Plan for [IAM@LIGO-India**](https://comanage.ligo-india.in/registry/pages/public/enroll)**
+
+LIGO-India Identity and Access Management System will
+
+consist of:
+
+ 1. Comanage Registry, IDP, SP, INFED, SAML2
+
+ 2. Technologies: CakePHP, Postgresql
+
+ 3. LDAP, Kerberos, Grouper, Docker
+
+
+**Flow chart of comanage registry for IAM at LIGO-India( Proposed by Dr. Warren Anderson)**
+
+
+
+**Comanage Registry :**
+
+COmanage Registry a lifecycle management system and identity registry, designed to track complex affiliations and identity relationships with a collaborative organization. COmanage Registry is a product of the COmanage Project.
+
+a. Installation Comanage Registry below this link,
+
+Link: <https://github.internet2.edu/docker/comanage-registry-docker/blob/main/docs/evaluation.md>
+
+b. Configure docker.yml file as per our requirement then start docker registry up.
+
+c. Setting up admin configuration and user configuration on comanage registry:
+
+ Link: <https://gitlab.ligo-india.in/harshad.sawant/ligo-india-comanageregistry-documentations/-/blob/main/COmanage_registryAdmin.pdf>
+
+d. Comanage registry with basic auth like kerberos authentication:
+
+ Link: <https://git.ligo.org/scott-koranda/comanage-registry-kerberos>
+
+e. Implemented & configured CakePHP plugins, others LDAP schemas plugin for Comanage registry.
+
+1\. KdcAuthenticator
+
+2\. KdcEnroller	
+
+3\. KdcProvision
+
+4\. AddPasswordLink
+
+4\. KerberosLdapSchema
+
+5\. QmailUserLdapSchema
+
+6\. RecoverPassword
+
+ Link: <https://git.ligo.org/harshad.sawant>
+
+f. Comanage registry admin, User flow & Grouper user help documentations.
+
+ Link: <https://gitlab.ligo-india.in/harshad.sawant/ligo-india-comanageregistry-documentations>
+
+**Kerberos Server :**
+
+a. Installation & configuration kerberos server using below link
+
+ Link: <https://www.dbaplus.ca/2020/10/install-and-configure-kerberos.html>
+
+b. Adding REALM name, admin server & kdc server LIGO-INDIA in kdc.conf
+
+Realm : LIGO-INDIA.IN
+
+admin-server : kdc-test.ligo-india.in:88 & 749
+
+**IDP & SP Server :**
+
+a. Installation & configuration IDP server using below link
+
+  Link: <https://infed.inflibnet.ac.in/idp.php> & <https://infed.inflibnet.ac.in/sp.php>
+
+
+\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
+
+**Current Status**: Imported all existing ldap user in comanage registry with common password.
+
+Pending status:
+ 
+                1. Which one prefer for grouping of comanage or grouper?
+
+                2. Password reset link send to Comanage registry users.
+
+                3. Testing comanage registry with one web service specific user authrized or not.   
+
+
+
+