Overview

Welcome to OAuth for MyProxy! This describes the client software for the OAuth for MyProxy service. It allows clients to request certificates and users to securely authorize them using the OAuth delegation protocol.

Prerequisites

  • Tomcat 9 or above. SSL should be configured and enabled. Tomcat 8 will no longer work with the compiler version of Java (11 or above) we are using.
  • Java 1.9 or above. Note that versions previous to Java 1.7 will not work due to internal changes by Sun to their security APIs.
  • (Optional) Maven 3.3+ or higher (only if building from the source)
  • (Optional) Apache 2, configured to work with Tomcat.

Getting and deploying from the war.

You may most easily a bare-bones version for testing by downloading the current reference war:

client2.war

(PGP signature)

For many cases, this is all you need to do.

Save this and deploy it to Tomcat. You may do this in several ways such as dropping the war into the $CATALINA_HOME/webapps directory. The system will not work until you have configured it then registered with an OA4MP server though.

Getting and building the source

If you need/want to customize the basic package, you would download the source from Git Hub This will resolve the correct dependencies. Build the module you want by issuing 
mvn clean install
and you should end up with a deployable war.

If you decide to write your own OA4MP webapp, you should use the following module:

    <dependency>
        <artifactId>oa4mp-client-oauth2</artifactId>
        <groupId>edu.uiuc.ncsa.myproxy</groupId>
        <version>5.5</version>
    </dependency>

Deploying to Apache

If you need to deploy this to Apache, you need to add the following to the proxy_ajp.conf file (which, e.g., lives under /etc/httpd/conf.d or perhaps /etc/apache2/conf.d in most unix distributions):

ProxyPass /client/simple ajp://localhost:8009/client/simple

Note:In the WEB-INF/web.xml file there is a section called security-constraint, which controls access to the webapp using Tomcat's SSL. This will conflict with access via Apache, so comment that section out if you are deploying to Apache. It is only needed in stand-alone Tomcat deployments.