File CASA_auth_token_svc.spec of Package CASA_auth_token_svc
#
# spec file for package CASA_auth_token_svc (Version 1.7.1587 )
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
%define cfg Release
%define debug_opt ""
Name: CASA_auth_token_svc
Url: http://www.novell.com/products
BuildRequires: identity-abstraction mono-devel pkgconfig servletapi5 xerces-j2 xml-commons-apis
BuildRequires: CASA-devel curl jakarta-commons-logging java-sdk >= 1.5 log4j pwdutils update-alternatives
%if %suse_version < 1030
BuildRequires: tomcat5
%else
%if %suse_version > 1030
BuildRequires: tomcat6
%else
BuildRequires: tomcat55
%endif
%endif
%define prefix /usr
License: LGPL v2.1 or later
Group: System/Libraries
Group: System/Libraries
AutoReqProv: on
%define bldno 1.7.1587
Version: 1.7.1587
Release: 1
Summary: Novell CASA Authentication Token Service
Source: %{name}-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: jre >= 1.5.0
%if %suse_version < 1030
Requires: servletapi5 insserv identity-abstraction sed log4j xerces-j2 CASA curl
%else
Requires: servletapi5 identity-abstraction sed log4j xerces-j2 CASA curl
%endif
%if %suse_version < 1030
Requires: tomcat5
%else
%if %suse_version > 1030
Requires: tomcat6
%else
Requires: tomcat55
%endif
%endif
PreReq: %fillup_prereq %insserv_prereq
PreReq: /usr/bin/awk, /usr/bin/test, /bin/grep, /bin/cat, /usr/bin/install, /bin/pwd
PreReq: /usr/sbin/groupadd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/getent
BuildArch: noarch
%description
CASA_auth_token is an authentication token infrastructure with support
for multiple authentication mechanisms with an emphasis on providing a
scalable single sign-on solution.
A key feature of CASA_auth_token is that its authentication tokens
contain identity information about the entity being authenticated. This
information is made available to the consuming services. The amount of
information contained in the tokens is configured on a per-service
basis. Because of this feature, we say that CASA_auth_token projects an
"Authenticated Identity".
The CASA_auth_token_svc is the infrastructure component responsible for
authenticating entities using the native authentication mechanism and
for issuing tokens that can later be used by applications to
authenticate the entity or services that are CASA authentication
enabled.
Authors:
--------
Juan Carlos Luciani - jluciani@novell.com
%package -n CASA_auth_token_jaas_support
License: LGPL v2.1 or later
Summary: Novell CASA Authentication Token JAAS Support Components
Group: System/Libraries
Requires: jre >= 1.5.0
Requires: log4j jakarta-commons-logging xerces-j2
%description -n CASA_auth_token_jaas_support
CASA_auth_token is an authentication token infrastructure with support
for multiple authentication mechanisms with an emphasis on providing a
scalable single sign-on solution.
A key feature of CASA_auth_token is that its authentication tokens
contain identity information about the entity being authenticated. This
information is made available to the consuming services. The amount of
information contained in the tokens is configured on a per-service
basis. Because of this feature, we say that CASA_auth_token projects an
"Authenticated Identity".
The CASA_auth_token_jaas_support package contains the CASA (Common
Authentication Services Adapter) authentication token infrastructure
JAAS module and supporting libraries for token verification.
Authors:
--------
Juan Carlos Luciani - jluciani@novell.com
%prep
%setup -q
#%patch
%if %{_lib} == "lib64"
%define binsource bin64
%else
%define binsource bin
%endif
%build
export PATH=.:$PATH:/usr/%_lib/qt3/bin
%if %suse_version > 1000
export CFLAGS="$CFLAGS $RPM_OPT_FLAGS -fstack-protector"
%endif
./autogen.sh
make
%install
export NO_BRP_CHECK_BYTECODE_VERSION="true"
## Prime the file system ##
install -d %{buildroot}%{prefix}
install -d %{buildroot}%{prefix}/share
install -d %{buildroot}%{prefix}/share/java
install -d %{buildroot}%{prefix}/share/java/CASA
install -d %{buildroot}%{prefix}/share/java/CASA/authtoken
install -d %{buildroot}%{prefix}/share/java/CASA/authtoken/bin
install -d %{buildroot}/srv
install -d %{buildroot}/srv/www
install -d %{buildroot}/srv/www/casaats
install -d -m 700 %{buildroot}/srv/www/casaats
install -d -m 700 %{buildroot}/srv/www/casaats/conf
install -d -m 700 %{buildroot}/srv/www/casaats/conf/Catalina
install -d -m 700 %{buildroot}/srv/www/casaats/conf/Catalina/localhost
install -d -m 700 %{buildroot}/srv/www/casaats/shared
install -d -m 700 %{buildroot}/srv/www/casaats/shared/classes
install -d -m 700 %{buildroot}/srv/www/casaats/shared/libs
install -d -m 700 %{buildroot}/srv/www/casaats/webapps
install -d -m 700 %{buildroot}/srv/www/casaats/logs
install -d -m 700 %{buildroot}/srv/www/casaats/work
install -d -m 700 %{buildroot}/srv/www/casaats/temp
install -d %{buildroot}%{prefix}/share/java/CASA/authtoken/external
install -d %{buildroot}%{prefix}/share/java/CASA/authtoken/external/apache.org
install -d %{buildroot}/etc
install -d %{buildroot}/etc/init.d
install -d -m 755 %{buildroot}/var/lib/CASA
install -d -m 755 %{buildroot}/var/lib/CASA/authtoken
install -d -m 700 %{buildroot}/var/lib/CASA/authtoken/svc
install -d -m 755 %{buildroot}/etc/CASA
install -d -m 755 %{buildroot}/etc/CASA/authtoken
install -d -m 755 %{buildroot}/etc/CASA/authtoken
install -d -m 770 %{buildroot}/etc/CASA/authtoken/svc
install -d -m 770 %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms
install -d -m 770 %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate
install -d -m 770 %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/PwdAuthenticate
install -d -m 770 %{buildroot}/etc/CASA/authtoken/svc/enabled_services
install -d -m 770 %{buildroot}/etc/CASA/authtoken/svc/enabled_services/localhost
install -d -m 755 %{buildroot}/etc/CASA/authtoken/svc/templates
install -d -m 755 %{buildroot}/etc/CASA/authtoken/keys
install -d -m 700 %{buildroot}/etc/CASA/authtoken/keys/server
install -d -m 755 %{buildroot}/etc/CASA/authtoken/keys/client
## CASA_auth_token_svc ##
# Libs
%if %suse_version > 1030
install -m 755 %{_lib}/java/CasaAuthTokenSvc.war.minus-commons-logging %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc-%{bldno}.war
install -m 700 %{_lib}/java/CasaAuthTokenSvc.war.minus-commons-logging %{buildroot}/srv/www/casaats/webapps/CasaAuthTokenSvc.war
%else
install -m 755 %{_lib}/java/CasaAuthTokenSvc.war %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc-%{bldno}.war
install -m 700 %{_lib}/java/CasaAuthTokenSvc.war %{buildroot}/srv/www/casaats/webapps/CasaAuthTokenSvc.war
%endif
install -m 755 %{_lib}/java/CasaAuthTokenSettingsEditor.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor-%{bldno}.jar
install -m 755 %{_lib}/java/CasaIdenTokenSettingsEditor.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor-%{bldno}.jar
install -m 755 %{_lib}/java/CasaSvcSettingsEditor.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor-%{bldno}.jar
install -m 755 %{_lib}/java/CasaAuthPolicyEditor.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor-%{bldno}.jar
install -m 755 %{_lib}/java/CasaTomcatConnectorEditor.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor-%{bldno}.jar
install -m 755 %{_lib}/java/CasaIaRealmsEditor.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIaRealmsEditor-%{bldno}.jar
# Symbolic Links
ln -sf CasaAuthTokenSvc-%{bldno}.war %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war
ln -sf CasaAuthTokenSettingsEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.jar
ln -sf CasaIdenTokenSettingsEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.jar
ln -sf CasaSvcSettingsEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.jar
ln -sf CasaAuthPolicyEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.jar
ln -sf CasaTomcatConnectorEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.jar
ln -sf CasaIaRealmsEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIaRealmsEditor.jar
# Settings and configuration files
install -m 600 Svc/templates/svc.settings %{buildroot}/etc/CASA/authtoken/svc/templates/svc.settings
install -m 600 Svc/templates/auth.policy %{buildroot}/etc/CASA/authtoken/svc/templates/auth.policy
install -m 600 Svc/templates/iaRealms.xml %{buildroot}/etc/CASA/authtoken/svc/templates/iaRealms.xml
install -m 600 Svc/templates/jaas.conf %{buildroot}/etc/CASA/authtoken/svc/templates/jaas.conf
install -m 600 Svc/templates/authtoken.settings %{buildroot}/etc/CASA/authtoken/svc/authtoken.settings
install -m 600 Svc/templates/identoken.settings %{buildroot}/etc/CASA/authtoken/svc/identoken.settings
install -m 600 Svc/src/com/novell/casa/authtoksvc/Krb5_mechanism.settings %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate/mechanism.settings
install -m 600 Svc/src/com/novell/casa/authtoksvc/Pwd_mechanism.settings %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/PwdAuthenticate/mechanism.settings
install -m 700 Svc/linux/envvars %{buildroot}/etc/CASA/authtoken/svc/envvars
install -m 700 Svc/linux/casaats.conf %{buildroot}/etc/CASA/authtoken/svc/casaats.conf
install -m 700 Svc/linux/log4j.properties %{buildroot}/etc/CASA/authtoken/svc/log4j.properties
%if %suse_version > 1030
install -m 700 Svc/tomcat6/conf/linux/tomcat6.conf %{buildroot}/etc/CASA/authtoken/svc/tomcat6.conf
%endif
# Others
install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
install -m 700 Svc/linux/refresh_trusted_ats_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
install -m 700 Svc/linux/refresh_server_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
install -m 700 Svc/linux/CasaBasicATSSetup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
install -m 700 Svc/linux/CasaAuthPolicyEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
install -m 700 Svc/linux/CasaTomcatConnectorEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
install -m 700 Svc/linux/CasaIaRealmsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIaRealmsEditor.sh
install -m 700 Svc/linux/CasaAuthTokenSettingsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.sh
install -m 700 Svc/linux/CasaIdenTokenSettingsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.sh
install -m 700 Svc/linux/CasaSvcSettingsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.sh
install -m 700 Svc/linux/CasaIsWebServerAvailable.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIsWebServerAvailable.sh
install -m 755 Svc/linux/CasaAuthtokenSvcD %{buildroot}/etc/init.d/casa_atsd
# Tomcat Base files
%if %suse_version > 1030
install -m 600 Svc/tomcat6/conf/catalina.policy %{buildroot}/srv/www/casaats/conf/catalina.policy
install -m 600 Svc/tomcat6/conf/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
install -m 600 Svc/tomcat6/conf/jk2.properties %{buildroot}/srv/www/casaats/conf/jk2.properties
install -m 600 Svc/tomcat6/conf/logging.properties %{buildroot}/srv/www/casaats/conf/logging.properties
install -m 600 Svc/tomcat6/conf/linux/server-ibm.xml %{buildroot}/srv/www/casaats/conf/server-ibm.xml
install -m 600 Svc/tomcat6/conf/linux/server-pkcs12-ibm.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-ibm.xml
install -m 600 Svc/tomcat6/conf/linux/server-sun.xml %{buildroot}/srv/www/casaats/conf/server-sun.xml
install -m 600 Svc/tomcat6/conf/linux/server-pkcs12-sun.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-sun.xml
install -m 600 Svc/tomcat6/conf/tomcat-users.xml %{buildroot}/srv/www/casaats/conf/tomcat-users.xml
install -m 600 Svc/tomcat6/conf/web.xml %{buildroot}/srv/www/casaats/conf/web.xml
%else
install -m 600 Svc/tomcat5/conf/catalina.policy %{buildroot}/srv/www/casaats/conf/catalina.policy
install -m 600 Svc/tomcat5/conf/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
install -m 600 Svc/tomcat5/conf/jk2.properties %{buildroot}/srv/www/casaats/conf/jk2.properties
install -m 600 Svc/tomcat5/conf/linux/server-ibm.xml %{buildroot}/srv/www/casaats/conf/server-ibm.xml
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-ibm.xml
install -m 600 Svc/tomcat5/conf/linux/server-sun.xml %{buildroot}/srv/www/casaats/conf/server-sun.xml
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-sun.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-sun.xml
install -m 600 Svc/tomcat5/conf/tomcat-users.xml %{buildroot}/srv/www/casaats/conf/tomcat-users.xml
install -m 600 Svc/tomcat5/conf/web.xml %{buildroot}/srv/www/casaats/conf/web.xml
%endif
## CASA_auth_token_jaas_support ##
# Libs
install -m 755 %{_lib}/java/CasaJaasSupport.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaJaasSupport-%{bldno}.jar
install -m 755 %{_lib}/java/CasaAuthToken.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthToken-%{bldno}.jar
install -m 755 Svc/external/xmlsec/xml-security-1_4_0/libs/xmlsec-1.4.0.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/apache.org/xmlsec-1.4.0.jar
install -m 644 Svc/external/xmlsec/xml-security-1_4_0/LICENSE %{buildroot}%{prefix}/share/java/CASA/authtoken/external/apache.org/LICENSE
install -m 644 Jaas/linux/casa_crypto.properties %{buildroot}/etc/CASA/authtoken/keys/client/casa_crypto.properties
# Symbolic Links
ln -sf CasaJaasSupport-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar
ln -sf CasaAuthToken-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar
# Others
install -m 700 Jaas/linux/client_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/client_keystore_setup.sh
%clean
rm -rf $RPM_BUILD_ROOT
## CASA_auth_token_svc ##
%pre
# Do necessary user and group administration
group_present=`getent group | grep ^casaauth`
if [ -z "$group_present" ] ; then
/usr/sbin/groupadd -r casaauth
fi
user_present=`getent passwd | grep ^casaatsd`
if [ -z "$user_present" ] ; then
/usr/sbin/useradd -c "casaatsd System User" -s /bin/false -r -d /var/lib/CASA/authtoken/svc -g casaauth casaatsd 2> /dev/null || :
fi
%post
# Install casa_atsd init script, set it to not start by default.
%{fillup_and_insserv casa_atsd}
# Setup the keystore for the service
%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
%preun
%stop_on_removal casa_atsd
%postun
# Always undeploy our webapp to force re-deployment on upgrade cases
echo "Cleaning up webapp folders"
rm -drf /srv/www/casaats/webapps/CasaAuthTokenSvc
rm -drf /srv/www/casaats/work/Catalina
rm -f /srv/www/casaats/conf/server.xml
%restart_on_update casa_atsd
%insserv_cleanup
%files
%defattr(-,root,root)
%dir %{prefix}/share/java/CASA
%dir %{prefix}/share/java/CASA/authtoken
%dir %{prefix}/share/java/CASA/authtoken/bin
%dir /var/lib/CASA
%dir /var/lib/CASA/authtoken
%dir %attr(-, casaatsd, casaauth) /var/lib/CASA/authtoken/svc
%dir /etc/CASA
%dir /etc/CASA/authtoken
%dir /etc/CASA/authtoken/keys
%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc-%{bldno}.war
%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war
%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
%{prefix}/share/java/CASA/authtoken/bin/CasaIaRealmsEditor.sh
%{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.sh
%{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.sh
%{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.sh
%{prefix}/share/java/CASA/authtoken/bin/CasaIsWebServerAvailable.sh
%{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor-%{bldno}.jar
%{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.jar
%{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor-%{bldno}.jar
%{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.jar
%{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor-%{bldno}.jar
%{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.jar
%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor-%{bldno}.jar
%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.jar
%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor-%{bldno}.jar
%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.jar
%{prefix}/share/java/CASA/authtoken/bin/CasaIaRealmsEditor-%{bldno}.jar
%{prefix}/share/java/CASA/authtoken/bin/CasaIaRealmsEditor.jar
/etc/init.d/casa_atsd
%defattr(-,casaatsd,casaauth)
%dir /srv/www/casaats
%dir /srv/www/casaats/conf
%dir /srv/www/casaats/conf/Catalina
%dir /srv/www/casaats/conf/Catalina/localhost
%dir /srv/www/casaats/shared
%dir /srv/www/casaats/shared/classes
%dir /srv/www/casaats/shared/libs
%dir /srv/www/casaats/webapps
%dir /srv/www/casaats/logs
%dir /srv/www/casaats/work
%dir /srv/www/casaats/temp
%dir /etc/CASA/authtoken/svc
%dir /etc/CASA/authtoken/svc/auth_mechanisms
%dir /etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate
%dir /etc/CASA/authtoken/svc/auth_mechanisms/PwdAuthenticate
%dir /etc/CASA/authtoken/svc/enabled_services
%dir /etc/CASA/authtoken/svc/enabled_services/localhost
%dir /etc/CASA/authtoken/svc/templates
%dir /etc/CASA/authtoken/keys/server
/srv/www/casaats/webapps/CasaAuthTokenSvc.war
%config /srv/www/casaats/conf/catalina.policy
%config /srv/www/casaats/conf/catalina.properties
%config /srv/www/casaats/conf/jk2.properties
%config /srv/www/casaats/conf/server-ibm.xml
%config /srv/www/casaats/conf/server-pkcs12-ibm.xml
%config /srv/www/casaats/conf/server-sun.xml
%config /srv/www/casaats/conf/server-pkcs12-sun.xml
%config /srv/www/casaats/conf/tomcat-users.xml
%config /srv/www/casaats/conf/web.xml
%config /etc/CASA/authtoken/svc/envvars
%config /etc/CASA/authtoken/svc/casaats.conf
%config /etc/CASA/authtoken/svc/log4j.properties
/etc/CASA/authtoken/svc/templates/svc.settings
/etc/CASA/authtoken/svc/templates/auth.policy
/etc/CASA/authtoken/svc/templates/iaRealms.xml
/etc/CASA/authtoken/svc/templates/jaas.conf
%config /etc/CASA/authtoken/svc/authtoken.settings
%config /etc/CASA/authtoken/svc/identoken.settings
%config /etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate/mechanism.settings
%config /etc/CASA/authtoken/svc/auth_mechanisms/PwdAuthenticate/mechanism.settings
%if %suse_version > 1030
%config /etc/CASA/authtoken/svc/tomcat6.conf
%config /srv/www/casaats/conf/logging.properties
%endif
## CASA_auth_token_jaas_support ##
%pre -n CASA_auth_token_jaas_support
# Nothing to do in this pre script
%post -n CASA_auth_token_jaas_support
/sbin/ldconfig
# Setup the keystore for the clients
%{prefix}/share/java/CASA/authtoken/bin/client_keystore_setup.sh
%preun -n CASA_auth_token_jaas_support
# Nothing to do in this preun script
%postun -n CASA_auth_token_jaas_support
# Nothing to do in this preun script
%files -n CASA_auth_token_jaas_support
%defattr(-,root,root)
%dir %{prefix}/share/java/CASA
%dir %{prefix}/share/java/CASA/authtoken
%dir %{prefix}/share/java/CASA/authtoken/bin
%dir %{prefix}/share/java/CASA/authtoken/external
%dir %{prefix}/share/java/CASA/authtoken/external/apache.org
%dir /etc/CASA
%dir /etc/CASA/authtoken
%dir /etc/CASA/authtoken/keys
%dir /etc/CASA/authtoken/keys/client
%{prefix}/share/java/CASA/authtoken/CasaJaasSupport-%{bldno}.jar
%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar
%{prefix}/share/java/CASA/authtoken/CasaAuthToken-%{bldno}.jar
%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar
%{prefix}/share/java/CASA/authtoken/bin/client_keystore_setup.sh
%{prefix}/share/java/CASA/authtoken/external/apache.org/xmlsec-1.4.0.jar
%{prefix}/share/java/CASA/authtoken/external/apache.org/LICENSE
%config /etc/CASA/authtoken/keys/client/casa_crypto.properties
%changelog
* Mon Sep 08 2008 nds_cm@novell.com
- Remove sysvinit depedency from BuildRequire line.
* Mon Aug 18 2008 jluciani@novell.com
- Removed un-necessary components from the BuildRequires line.
* Mon Aug 18 2008 jluciani@novell.com
- Removed BuildRequires dependency on insserv.
- Changed to stop using the UnitedLinux version of the Should-Start
and Should-Stop commands in the casa_atsd init.d script.
* Tue Aug 05 2008 jluciani@novell.com
- Fixed leaking file handle problem reported in BUG 383422.
- Added support to the Pw Authentication mechanism for usernames
which consist of an LDAP DN in support of BUG 358957.
* Thu Jul 31 2008 ro@suse.de
- use generic tag for java in buildrequires
* Thu Jun 05 2008 jluciani@novell.com
- Applied Ruedigers ppc fix to other scripts that had the same
problem.
* Wed Jun 04 2008 ro@suse.de
- fix build on ppc:
do not assume machine is lib64 just because that directory
exists, rather test the directory we try to access
* Tue Jun 03 2008 jluciani@novell.com
- Fixed a script that I missed when making the changes to
remove the JVM version dependency for BUG 394342.
- Added License information that was missing in the spec file.
* Mon Jun 02 2008 jluciani@novell.com
- Modified all the necessary scripts to become JVM version
independent in order to resolve BUG 394342.
* Fri Feb 01 2008 jluciani@novell.com
- Added code to override the default LDAP connect timeout to
a more reasonable value. This addresses the client timeout
issue being seen during LDAP server fail-over reported in
BUG 292598.
* Tue Jan 29 2008 ro@suse.de
- fix tomcat requires as well
* Mon Jan 28 2008 jluciani@novell.com
- Updated the way the RealmsInfo class reads the iaRealms file to
allow for extended characters in the file. This addresses BUG
338574.
* Sat Jan 26 2008 coolo@suse.de
- build against tomcat6
* Thu Aug 09 2007 jluciani@novell.com
- Changed tomcat5 dependency to tomcat55 for SuSE versions
greater or equal to 1030 to handle changes in the distribution.
This addresses BUG 297712.
* Fri Jun 29 2007 jluciani@novell.com
- Added JRE_HOME setting to the envvars file used by the
CASA_auth_token_svc rpm targeted for Zenworks. This addresses
BUG 283074.
* Wed Jun 27 2007 jluciani@novell.com
- Updated server.xml file used in CASA_auth_token_svc package
delivered to Zen to resolve BUG 283074.
* Mon Jun 25 2007 jluciani@novell.com
- Removed dependency to jakarta-commons-lang package added when
BUG 278396 was fixed since we found out that the package is
not in the SLES media.
- Added "ATS Access through Web Server" to resolve BUG 287279.
* Fri Jun 08 2007 jluciani@novell.com
- Fixed problem where we were failing to authenticate users
residing in a container with a "&" in the name. This was
reported in BUG 278396.
* Mon Jun 04 2007 jluciani@novell.com
- Changed to leverage the server key and certificate
(/etc/ssl/servercerts) if present as part of the solution
to BUG 242891.
- Added a scrip to store the Signing Certificates from trusted
ATSs in the client store. This certificate is executed by the
Yast module when completing the configured ATS trust associations.
This is part of the solution to BUG 242891.
- Changed the ATS to use the certificates in the Trusted ATS Keystore
(the client store) when verifying session tokens. This is part of
the solution to BUG 242891.
- The envvars script for the client now specifies the path that Java
should be using to load native libraries in order to work-around
the problem of the 64bit JVM trying to load 32bit libraries. This
resolves BUG 278825.
* Thu May 24 2007 jluciani@novell.com
- Fixed problem in TomcatConnectorEditor utility where it was
referencing the wrong path to the server.xml file. This fixes
BUG277839.
* Thu May 10 2007 jluciani@novell.com
- Removed the temporary work around made to the SPEC files
which was allowing the user casaatsd to have a shell.
- Removed the OES workaround from the CasaBasicATSSetup script
since it is no longer needed.
* Wed May 09 2007 jluciani@novell.com
- Added the capability to read REALM credentials from miCASA to
avoid having the credentials in the clear in the iaRealms.xml
file. This change adds a dependency on CASA and partially
addresses BUG265414.
- Created a utility that allows users to edit the iaRealms.xml
file. This was necessary to support the CASA ATS Yast Module
enhancements.
- Fixed settings and policy utilities to output error messages
to stderr instead of stdout to avoid messing up the CASA ATS
Yast Module.
- Fixed the SPEC files to set the appropriate home folder for
the casaatsd user.
- Temporary changed the SPEC files to allow the casaatsd user
to have a shell. This change will be reverted as soon as
the CASAcli is updated to allow a root user to pass the
UID of the user being targeted.
* Fri Apr 20 2007 jluciani@novell.com
- Created utilities for editing the connector entry for the
server.xml Tomcat configuration file so that it can be
easily modified so that the Tomcat instance utilized by
the ATS use a different Keystore and be able to leverage
Certificate/Keys installed for other products. This is
the first step in the resolution of BUG242891.
* Wed Apr 18 2007 jluciani@novell.com
- Fixed authentication problems where extended characters are
part of either the username, password, or the information
contained in the session or authentication tokens. This
takes care of BUG263007.
* Tue Apr 17 2007 jluciani@novell.com
- Fixed access rights to the /etc/CASA/authtoken/svc folder and
its sub-folders to allow members of the casaauth group to
configure themselves. This resolves BUG265580.
* Mon Apr 02 2007 jluciani@novell.com
- Added pwdutils to BuildRequires to fix build issue.
* Wed Mar 21 2007 jluciani@novell.com
- Fixed BUG256569. The changes allow the ATS to fail-over to another
LDAP server in the case of a communication failure.
* Mon Mar 19 2007 jluciani@novell.com
- Fixed BUG242969 by removing the log files that get created by
the Windows install of the ATS.
- Fixed BUG251942 by updating the Windows install file responsible
for setting up the log4j.properties file so that it properly
escapes the path characters.
- Fixed BUG250413 by lowering the priority of the messages being
logged and by increasing the log level priority to "warn" in
the log4j.properties file.
- Fixed BUG243339 by codding directly to the classes provided by
xmlsec and taking care of building SOAP messages with the
necessary WS-Security headers.
* Mon Mar 05 2007 jluciani@novell.com
- Fixed logging issues under Windows.
* Thu Feb 22 2007 jluciani@novell.com
- Switched logging from Standard Out to using Log4j. Now the
logging and tracing levels can be adjusted via the
log4j.properties file. The changes separate logs done for
tracing Rpc processing from regular logs. These changes
take care of BUG243343.
* Tue Feb 13 2007 jluciani@novell.com
- Made changes to deal with recommendations given by Greg as
a result of the code review that he performed.
- Added check to protect against zero length passwords in the
Pwd authentication mechanism.
- Fixed issue that was not allowing us to associate a PID file
with the ATS service.
- Stopped deleting the user "casaatsd" during RPM un-install to
avoid problems with orphaned files.
* Mon Feb 12 2007 jluciani@novell.com
- Stopped deleting user casaatsd during RPM un-install to avoid
issues with orphaned files.
* Wed Jan 31 2007 jluciani@novell.com
- Fixed typo in iaRealms.xml file template which was keeping
the ATS from running.
* Thu Jan 25 2007 jluciani@novell.com
- The keystore path in the server.xml specific to Zen
installations was wrong.
* Wed Jan 24 2007 jluciani@novell.com
- ATS envvars file now does not rely on the environment
variable JAVA_HOME since it may not be pointed to the
JVM that we would want to use.
* Tue Jan 23 2007 jluciani@novell.com
- More changes to become more compatible with Zen.
- Enhanced places where exceptions are thrown to include
information about exceptions that may have been caught
to improve debugging.
* Mon Jan 22 2007 jluciani@novell.com
- Added the ability to explicitedly configure the type of
directory back-ending a realm.
- Added the ability to configure the search string that should
be utilized when performing contextless-login as part of
the Password authentication process.
* Fri Jan 19 2007 jluciani@novell.com
- Made changes to allow us to build RPMs to be consumed by
the ZenWorks installer.
* Wed Jan 17 2007 jluciani@novell.com
- Fixed BUG225066 (Uninstall doesn't cleanup).
- Addressed BUG190821 (CASA-AD - Display name is being used
instead of the account name).
- Added the ability to search an identity source using
more than one context (search root).
- Fixed problem that was keeping us from disabling the
auto-reconfigure feature by setting the service
reconfigure interval to 0.
- The upgrade path for the ATS was not cleaning up the
appropriate webapp folder so the new webapp was not
getting re-deployed.
* Fri Jan 12 2007 jluciani@novell.com
- Fix issue that was causing authentication to fail when using
Pwd authentication.
* Mon Jan 08 2007 jluciani@novell.com
- Applied changes to solve most issues found during my code
review of the components.
* Wed Dec 13 2006 jluciani@novell.com
- Made changes to deal with API changes in the identity package file.
Without these changes the component does not build successfully.
* Wed Dec 06 2006 jluciani@novell.com
- Added option to the command being used to import
certificate from the CasaBasicATSSetup script so
that it works correctly in conjunction with our
Yast module. This addresses BUG225428.
* Mon Dec 04 2006 jluciani@novell.com
- Added a workaround to the CasaBasicATSSetup script to import
eDirs CA Cert into the Java keystore if it is present. This
workaround will be removed once OES starts performing it.
This addresses BUG225428.
* Mon Dec 04 2006 jluciani@novell.com
- Fixed "Shutting..." init.d output script problem documented
in BUG225027.
* Mon Dec 04 2006 jluciani@novell.com
- Fixed ATS Setup BUG225426.
* Tue Nov 28 2006 jluciani@novell.com
- Fixed a dependency on IBM's Java related to bugs: BUG222541,
BUG216949, and BUG215221.
* Wed Nov 22 2006 jluciani@novell.com
- Resolved the following bugs: BUG222541, BUG216949, BUG215221. :-).
* Tue Nov 21 2006 jluciani@novell.com
- Added NOTICES file detailing the licenses and/or the copyrights
of all third party software used within the project.
* Tue Nov 21 2006 jluciani@novell.com
- Fixed spec file issue.
* Fri Nov 17 2006 jluciani@novell.com
- Removed hard dependency on IBM's JVM.
* Thu Nov 09 2006 jluciani@novell.com
- Completed the ATS configuration story with a tool that
sets up all of the needed configuration files and
parameters with support for a single LDAP Realm and
server.
* Tue Nov 07 2006 jluciani@novell.com
- The service is now only accessible via SSL.
- Created tools for editing settings and policy files.
* Fri Oct 20 2006 jluciani@novell.com
- Modified the CasaAuthTokenSvc war file to no longer include the
identity-abstraction jars. The CASA_auth_token_svc rpm now requires
the installation of the identity-abstraction rpm and the service is
able to load its files from the location where they are installed
with settings set in the server.xml file of our tomcat base.
* Wed Oct 18 2006 jluciani@novell.com
- Updated the RPM install of the ATS to install it as a service
and create the necessary signing keys.
- Made changes to other components to integrate with the new
RPM install changes.
* Tue Oct 10 2006 jluciani@novell.com
- Brought up to date the README and TODO files.
* Thu Sep 21 2006 jluciani@novell.com
- Reduced Kerberos configuration requirements. Now the ATS service
principal name defaults to "host" and there is no need to set the
"javax.security.auth.useSubjectCredsOnly" system property to "false"
in the JAVA_OPTS.
* Mon Sep 18 2006 jluciani@novell.com
- Updated the Svc to reduce the configuration requirements on services
that want to leverage the infrastructure.
- Modified the WSSecurity module to not include the X509 certificate
in tokens if they are targeted to services residing on the same
box as the ATS. This is being done in order to minimize the size
of the tokens.
* Thu Sep 14 2006 jluciani@novell.com
- Made changes to support the Authtoken Validate Service. This now
fixes support of "C" services.
- Switched to using IBMs java instead of SUNs. This was done in order to
gain better Kerberos support (IBMs Kerberos modul supports more
encryption types) and to get around a problem in SUN's Invocation API
that was not letting us consume our AuthToken class from a native thread
other than the thread which creates the JVM.
* Fri Aug 18 2006 jluciani@novell.com
- Implemented securing Authentication and Session Tokens using WS-Security.
This change temporarily breaks support of "C" services. "C" service support
will be resumed once the necessary changes are made to the native authentication
token APIs to support the new Authentication Tokens.
* Mon Aug 14 2006 jluciani@novell.com
- Added some debug statements and added the sample Jaas application into
the tar file that is submitted to autobuild.
* Mon Aug 07 2006 schoi@novell.com
- This file has been created for CASA_auth_token_svc project for the first
time.
