Skip to content
Browse files

Update site

  • Loading branch information...
1 parent 10581c2 commit 824522dfb1b694859827add1c67b850b90c9a43f @davidjb committed
View
4 archives.html
@@ -32,6 +32,10 @@
<dl>
<dt>Mon 22 April 2013</dt>
+ <dd><a href="http://davidjb.com/blog/2013/04/integrating-nginx-and-a-shibboleth-sp-with-fastcgi/">Integrating Nginx and a Shibboleth <span class="caps">SP</span> with&nbsp;FastCGI</a></dd>
+ <dt>Mon 22 April 2013</dt>
+ <dd><a href="http://davidjb.com/blog/2013/04/setting-up-a-shibboleth-sp-with-fastcgi-support/">Setting up a Shibboleth <span class="caps">SP</span> with FastCGI&nbsp;support</a></dd>
+ <dt>Mon 22 April 2013</dt>
<dd><a href="http://davidjb.com/blog/2013/04/shibboleth-sp-logojpg-missing-from-distributions/">Shibboleth <span class="caps">SP</span> logo.jpg missing from&nbsp;distributions</a></dd>
<dt>Fri 12 April 2013</dt>
<dd><a href="http://davidjb.com/blog/2013/04/switching-to-nginx-from-cherokee-techincal-guide/">Switching to Nginx from Cherokee: Techincal&nbsp;Guide</a></dd>
View
2 author/davidjb.html
@@ -339,7 +339,7 @@ <h1 class="entry-title"><a href="http://davidjb.com/blog/2009/10/a-little-time-o
</article></li>
</ol><!-- /#posts-list -->
<p class="paginator">
- Page 1 / 12
+ Page 1 / 13
<a href="http://davidjb.com/author/davidjb2.html">&raquo;</a>
</p>
</section><!-- /#content -->
View
111 author/davidjb10.html
@@ -35,6 +35,33 @@
<ol id="posts-list" class="hfeed" start="9">
<li><article class="hentry">
<header>
+ <h1><a href="http://davidjb.com/blog/2010/12/replace-your-logitech-premium-notebook-headset-foam-ear-pads/" rel="bookmark"
+ title="Permalink to DIY - Replace your Logitech Premium Notebook Headset foam ear pads"><span class="caps">DIY</span> - Replace your Logitech Premium Notebook Headset foam ear&nbsp;pads</a></h1>
+ </header>
+
+ <div class="entry-content">
+ <footer class="post-info">
+ <abbr class="published" title="2010-12-04T00:56:00">
+ Sat 04 December 2010
+ </abbr>
+
+ <address class="vcard author">
+ By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
+ </address>
+ <p>In <a href="http://davidjb.com/category/hardware.html">Hardware</a>. </p>
+<p>tags: <a href="http://davidjb.com/tag/foam.html">foam</a><a href="http://davidjb.com/tag/headphones.html">headphones</a><a href="http://davidjb.com/tag/logitech.html">logitech</a><a href="http://davidjb.com/tag/maths.html">maths</a><a href="http://davidjb.com/tag/pads.html">pads</a><a href="http://davidjb.com/tag/problem.html">problem</a><a href="http://davidjb.com/tag/solution.html">solution</a></p>
+</footer><!-- /.post-info --> <p>So, I&#8217;m the proud owner of a set of a <a class="reference external" href="http://www.logitech.com/en-gb/speakers-audio/headphones/devices/223">Logitech Premium Notebook
+Headset</a>. I purchased these headphones a fair while ago - around 2
+years - and just like any set of headphones, the foam ear pads
+deteriorated away when I took them out to use them after a long ...</p>
+ <a class="readmore" href="http://davidjb.com/blog/2010/12/replace-your-logitech-premium-notebook-headset-foam-ear-pads/">read more</a>
+ <p>There are <a href="http://davidjb.com/blog/2010/12/replace-your-logitech-premium-notebook-headset-foam-ear-pads/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
+ </article></li>
+
+
+
+ <li><article class="hentry">
+ <header>
<h1><a href="http://davidjb.com/blog/2012/06/restartreset-usb-in-ubuntu-12-04-without-rebooting/" rel="bookmark"
title="Permalink to Restart/reset USB in Ubuntu 12.04 without rebooting">Restart/reset <span class="caps">USB</span> in Ubuntu 12.04 without&nbsp;rebooting</a></h1>
</header>
@@ -200,6 +227,34 @@
<li><article class="hentry">
<header>
+ <h1><a href="http://davidjb.com/blog/2013/04/setting-up-a-shibboleth-sp-with-fastcgi-support/" rel="bookmark"
+ title="Permalink to Setting up a Shibboleth SP with FastCGI support">Setting up a Shibboleth <span class="caps">SP</span> with FastCGI&nbsp;support</a></h1>
+ </header>
+
+ <div class="entry-content">
+ <footer class="post-info">
+ <abbr class="published" title="2013-04-22T00:00:00">
+ Mon 22 April 2013
+ </abbr>
+
+ <address class="vcard author">
+ By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
+ </address>
+ <p>In <a href="http://davidjb.com/category/web.html">Web</a>. </p>
+<p>tags: <a href="http://davidjb.com/tag/shibboleth.html">Shibboleth</a><a href="http://davidjb.com/tag/fastcgi.html">FastCGI</a></p>
+</footer><!-- /.post-info --> <p>Good news! The Shibboleth <span class="caps">SP</span> software features FastCGI authorizer and
+responder applications for use with your favourite non-Apache and non-<span class="caps">IIS</span>
+web server. Unfortunately, the default distributions don&#8217;t come with it
+built by default. I&#8217;m looking into why this is the case, but for now
+here&#8217;s how ...</p>
+ <a class="readmore" href="http://davidjb.com/blog/2013/04/setting-up-a-shibboleth-sp-with-fastcgi-support/">read more</a>
+ <p>There are <a href="http://davidjb.com/blog/2013/04/setting-up-a-shibboleth-sp-with-fastcgi-support/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
+ </article></li>
+
+
+
+ <li><article class="hentry">
+ <header>
<h1><a href="http://davidjb.com/blog/2013/04/shibboleth-sp-logojpg-missing-from-distributions/" rel="bookmark"
title="Permalink to Shibboleth SP logo.jpg missing from distributions">Shibboleth <span class="caps">SP</span> logo.jpg missing from&nbsp;distributions</a></h1>
</header>
@@ -253,64 +308,10 @@
<a class="readmore" href="http://davidjb.com/blog/2009/12/start-screen-after-suing-to-another-user/">read more</a>
<p>There are <a href="http://davidjb.com/blog/2009/12/start-screen-after-suing-to-another-user/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
</article></li>
-
-
-
- <li><article class="hentry">
- <header>
- <h1><a href="http://davidjb.com/blog/2013/04/switching-to-nginx-from-cherokee-techincal-guide/" rel="bookmark"
- title="Permalink to Switching to Nginx from Cherokee: Techincal Guide">Switching to Nginx from Cherokee: Techincal&nbsp;Guide</a></h1>
- </header>
-
- <div class="entry-content">
- <footer class="post-info">
- <abbr class="published" title="2013-04-12T00:00:00">
- Fri 12 April 2013
- </abbr>
-
- <address class="vcard author">
- By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
- </address>
- <p>In <a href="http://davidjb.com/category/web.html">Web</a>. </p>
-<p>tags: <a href="http://davidjb.com/tag/nginx.html">Nginx</a><a href="http://davidjb.com/tag/cherokee.html">Cherokee</a><a href="http://davidjb.com/tag/web.html">web</a><a href="http://davidjb.com/tag/web-servers.html">web servers</a></p>
-</footer><!-- /.post-info --> <p>This is a follow up to a previous post on
-<a class="reference external" href="http://davidjb.com/blog/2013/04/switching-to-nginx-from-cherokee-why/">Switching to Nginx from Cherokee</a>. Read that in case you&#8217;re here and haven&#8217;t&nbsp;already.</p>
-<p>All information here on a server level is related to <span class="caps">RHEL</span> 6. You will
-need to change some instructions for Debian based systems. CentOS ...</p>
- <a class="readmore" href="http://davidjb.com/blog/2013/04/switching-to-nginx-from-cherokee-techincal-guide/">read more</a>
- <p>There are <a href="http://davidjb.com/blog/2013/04/switching-to-nginx-from-cherokee-techincal-guide/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
- </article></li>
-
-
-
- <li><article class="hentry">
- <header>
- <h1><a href="http://davidjb.com/blog/2013/04/switching-to-nginx-from-cherokee-why/" rel="bookmark"
- title="Permalink to Switching to Nginx from Cherokee: Why">Switching to Nginx from Cherokee:&nbsp;Why</a></h1>
- </header>
-
- <div class="entry-content">
- <footer class="post-info">
- <abbr class="published" title="2013-04-11T00:00:00">
- Thu 11 April 2013
- </abbr>
-
- <address class="vcard author">
- By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
- </address>
- <p>In <a href="http://davidjb.com/category/web.html">Web</a>. </p>
-<p>tags: <a href="http://davidjb.com/tag/nginx.html">Nginx</a><a href="http://davidjb.com/tag/cherokee.html">Cherokee</a><a href="http://davidjb.com/tag/web.html">web</a><a href="http://davidjb.com/tag/web-servers.html">web servers</a></p>
-</footer><!-- /.post-info --> <p>After a switching away from Apache some time ago, our primary web server
-had been running <a class="reference external" href="http://cherokee.github.io/">Cherokee</a> for quite a while
-- since September 2011, in fact, looking back at the configuration history.
-More recently, however, I&#8217;ve switched us again. This time to <a class="reference external" href="http://nginx.org">Nginx</a> - with impressive improvements in performance and ...</p>
- <a class="readmore" href="http://davidjb.com/blog/2013/04/switching-to-nginx-from-cherokee-why/">read more</a>
- <p>There are <a href="http://davidjb.com/blog/2013/04/switching-to-nginx-from-cherokee-why/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
- </article></li>
</ol><!-- /#posts-list -->
<p class="paginator">
<a href="http://davidjb.com/author/davidjb9.html">&laquo;</a>
- Page 10 / 12
+ Page 10 / 13
<a href="http://davidjb.com/author/davidjb11.html">&raquo;</a>
</p>
</section><!-- /#content -->
View
114 author/davidjb11.html
@@ -35,6 +35,60 @@
<ol id="posts-list" class="hfeed" start="9">
<li><article class="hentry">
<header>
+ <h1><a href="http://davidjb.com/blog/2013/04/switching-to-nginx-from-cherokee-techincal-guide/" rel="bookmark"
+ title="Permalink to Switching to Nginx from Cherokee: Techincal Guide">Switching to Nginx from Cherokee: Techincal&nbsp;Guide</a></h1>
+ </header>
+
+ <div class="entry-content">
+ <footer class="post-info">
+ <abbr class="published" title="2013-04-12T00:00:00">
+ Fri 12 April 2013
+ </abbr>
+
+ <address class="vcard author">
+ By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
+ </address>
+ <p>In <a href="http://davidjb.com/category/web.html">Web</a>. </p>
+<p>tags: <a href="http://davidjb.com/tag/nginx.html">Nginx</a><a href="http://davidjb.com/tag/cherokee.html">Cherokee</a><a href="http://davidjb.com/tag/web.html">web</a><a href="http://davidjb.com/tag/web-servers.html">web servers</a></p>
+</footer><!-- /.post-info --> <p>This is a follow up to a previous post on
+<a class="reference external" href="http://davidjb.com/blog/2013/04/switching-to-nginx-from-cherokee-why/">Switching to Nginx from Cherokee</a>. Read that in case you&#8217;re here and haven&#8217;t&nbsp;already.</p>
+<p>All information here on a server level is related to <span class="caps">RHEL</span> 6. You will
+need to change some instructions for Debian based systems. CentOS ...</p>
+ <a class="readmore" href="http://davidjb.com/blog/2013/04/switching-to-nginx-from-cherokee-techincal-guide/">read more</a>
+ <p>There are <a href="http://davidjb.com/blog/2013/04/switching-to-nginx-from-cherokee-techincal-guide/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
+ </article></li>
+
+
+
+ <li><article class="hentry">
+ <header>
+ <h1><a href="http://davidjb.com/blog/2013/04/switching-to-nginx-from-cherokee-why/" rel="bookmark"
+ title="Permalink to Switching to Nginx from Cherokee: Why">Switching to Nginx from Cherokee:&nbsp;Why</a></h1>
+ </header>
+
+ <div class="entry-content">
+ <footer class="post-info">
+ <abbr class="published" title="2013-04-11T00:00:00">
+ Thu 11 April 2013
+ </abbr>
+
+ <address class="vcard author">
+ By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
+ </address>
+ <p>In <a href="http://davidjb.com/category/web.html">Web</a>. </p>
+<p>tags: <a href="http://davidjb.com/tag/nginx.html">Nginx</a><a href="http://davidjb.com/tag/cherokee.html">Cherokee</a><a href="http://davidjb.com/tag/web.html">web</a><a href="http://davidjb.com/tag/web-servers.html">web servers</a></p>
+</footer><!-- /.post-info --> <p>After a switching away from Apache some time ago, our primary web server
+had been running <a class="reference external" href="http://cherokee.github.io/">Cherokee</a> for quite a while
+- since September 2011, in fact, looking back at the configuration history.
+More recently, however, I&#8217;ve switched us again. This time to <a class="reference external" href="http://nginx.org">Nginx</a> - with impressive improvements in performance and ...</p>
+ <a class="readmore" href="http://davidjb.com/blog/2013/04/switching-to-nginx-from-cherokee-why/">read more</a>
+ <p>There are <a href="http://davidjb.com/blog/2013/04/switching-to-nginx-from-cherokee-why/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
+ </article></li>
+
+
+
+ <li><article class="hentry">
+ <header>
<h1><a href="http://davidjb.com/blog/2009/09/the-biggest-problems-have-the-simplest-answers/" rel="bookmark"
title="Permalink to Buildout: the biggest problems have the simplest answers…">Buildout: the biggest problems have the simplest&nbsp;answers&#8230;</a></h1>
</header>
@@ -254,68 +308,10 @@
<a class="readmore" href="http://davidjb.com/blog/2009/05/unix-removing-open-logical-volumes-in-centosrhl/">read more</a>
<p>There are <a href="http://davidjb.com/blog/2009/05/unix-removing-open-logical-volumes-in-centosrhl/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
</article></li>
-
-
-
- <li><article class="hentry">
- <header>
- <h1><a href="http://davidjb.com/blog/2008/12/unix-ssh-port-forwarding/" rel="bookmark"
- title="Permalink to Unix: SSH Port Forwarding">Unix: <span class="caps">SSH</span> Port&nbsp;Forwarding</a></h1>
- </header>
-
- <div class="entry-content">
- <footer class="post-info">
- <abbr class="published" title="2008-12-18T14:57:00">
- Thu 18 December 2008
- </abbr>
-
- <address class="vcard author">
- By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
- </address>
- <p>In <a href="http://davidjb.com/category/linux.html">Linux</a>. </p>
-<p>tags: <a href="http://davidjb.com/tag/linux.html">linux</a><a href="http://davidjb.com/tag/port.html">port</a><a href="http://davidjb.com/tag/port-forwarding.html">port forwarding</a><a href="http://davidjb.com/tag/ssh.html">ssh</a><a href="http://davidjb.com/tag/unix.html">unix</a></p>
-</footer><!-- /.post-info --> <p>So it&#8217;s not that special and I bet 1000 people have already posted the
-same details. Still, it&#8217;s cool and I need a place to record my thoughts
-about&nbsp;this:</p>
-<pre class="code bash literal-block">
-ssh host.name -L YYYY:other.host:ZZZZ
-</pre>
-<p>Essentially, this means logging into the first machine and creating ...</p>
- <a class="readmore" href="http://davidjb.com/blog/2008/12/unix-ssh-port-forwarding/">read more</a>
- <p>There are <a href="http://davidjb.com/blog/2008/12/unix-ssh-port-forwarding/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
- </article></li>
-
-
-
- <li><article class="hentry">
- <header>
- <h1><a href="http://davidjb.com/blog/2011/11/user-ids-show-as-comment-authors-in-plone-4-x-after-migration-from-plone-app-discussion/" rel="bookmark"
- title="Permalink to User IDs show as comment authors in Plone 4.x after migration from plone.app.discussion">User IDs show as comment authors in Plone 4.x after migration from&nbsp;plone.app.discussion</a></h1>
- </header>
-
- <div class="entry-content">
- <footer class="post-info">
- <abbr class="published" title="2011-11-01T13:18:00">
- Tue 01 November 2011
- </abbr>
-
- <address class="vcard author">
- By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
- </address>
- <p>In <a href="http://davidjb.com/category/plone.html">Plone</a>. </p>
-<p>tags: <a href="http://davidjb.com/tag/collective.html">collective</a><a href="http://davidjb.com/tag/comments.html">comments</a><a href="http://davidjb.com/tag/discussion.html">discussion</a><a href="http://davidjb.com/tag/docs.html">docs</a><a href="http://davidjb.com/tag/documentation.html">documentation</a><a href="http://davidjb.com/tag/fix.html">fix</a><a href="http://davidjb.com/tag/plone.html">plone</a></p>
-</footer><!-- /.post-info --> <p>If you&#8217;ve migrated your site from earlier versions of Plone to the
-latest ones in the 4.x series, or else have started using
-plone.app.discussion earlier than that, you might have come across a
-situation where comments on your site show user IDs as authors rather
-than ...</p>
- <a class="readmore" href="http://davidjb.com/blog/2011/11/user-ids-show-as-comment-authors-in-plone-4-x-after-migration-from-plone-app-discussion/">read more</a>
- <p>There are <a href="http://davidjb.com/blog/2011/11/user-ids-show-as-comment-authors-in-plone-4-x-after-migration-from-plone-app-discussion/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
- </article></li>
</ol><!-- /#posts-list -->
<p class="paginator">
<a href="http://davidjb.com/author/davidjb10.html">&laquo;</a>
- Page 11 / 12
+ Page 11 / 13
<a href="http://davidjb.com/author/davidjb12.html">&raquo;</a>
</p>
</section><!-- /#content -->
View
89 author/davidjb12.html
@@ -35,6 +35,64 @@
<ol id="posts-list" class="hfeed" start="9">
<li><article class="hentry">
<header>
+ <h1><a href="http://davidjb.com/blog/2008/12/unix-ssh-port-forwarding/" rel="bookmark"
+ title="Permalink to Unix: SSH Port Forwarding">Unix: <span class="caps">SSH</span> Port&nbsp;Forwarding</a></h1>
+ </header>
+
+ <div class="entry-content">
+ <footer class="post-info">
+ <abbr class="published" title="2008-12-18T14:57:00">
+ Thu 18 December 2008
+ </abbr>
+
+ <address class="vcard author">
+ By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
+ </address>
+ <p>In <a href="http://davidjb.com/category/linux.html">Linux</a>. </p>
+<p>tags: <a href="http://davidjb.com/tag/linux.html">linux</a><a href="http://davidjb.com/tag/port.html">port</a><a href="http://davidjb.com/tag/port-forwarding.html">port forwarding</a><a href="http://davidjb.com/tag/ssh.html">ssh</a><a href="http://davidjb.com/tag/unix.html">unix</a></p>
+</footer><!-- /.post-info --> <p>So it&#8217;s not that special and I bet 1000 people have already posted the
+same details. Still, it&#8217;s cool and I need a place to record my thoughts
+about&nbsp;this:</p>
+<pre class="code bash literal-block">
+ssh host.name -L YYYY:other.host:ZZZZ
+</pre>
+<p>Essentially, this means logging into the first machine and creating ...</p>
+ <a class="readmore" href="http://davidjb.com/blog/2008/12/unix-ssh-port-forwarding/">read more</a>
+ <p>There are <a href="http://davidjb.com/blog/2008/12/unix-ssh-port-forwarding/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
+ </article></li>
+
+
+
+ <li><article class="hentry">
+ <header>
+ <h1><a href="http://davidjb.com/blog/2011/11/user-ids-show-as-comment-authors-in-plone-4-x-after-migration-from-plone-app-discussion/" rel="bookmark"
+ title="Permalink to User IDs show as comment authors in Plone 4.x after migration from plone.app.discussion">User IDs show as comment authors in Plone 4.x after migration from&nbsp;plone.app.discussion</a></h1>
+ </header>
+
+ <div class="entry-content">
+ <footer class="post-info">
+ <abbr class="published" title="2011-11-01T13:18:00">
+ Tue 01 November 2011
+ </abbr>
+
+ <address class="vcard author">
+ By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
+ </address>
+ <p>In <a href="http://davidjb.com/category/plone.html">Plone</a>. </p>
+<p>tags: <a href="http://davidjb.com/tag/collective.html">collective</a><a href="http://davidjb.com/tag/comments.html">comments</a><a href="http://davidjb.com/tag/discussion.html">discussion</a><a href="http://davidjb.com/tag/docs.html">docs</a><a href="http://davidjb.com/tag/documentation.html">documentation</a><a href="http://davidjb.com/tag/fix.html">fix</a><a href="http://davidjb.com/tag/plone.html">plone</a></p>
+</footer><!-- /.post-info --> <p>If you&#8217;ve migrated your site from earlier versions of Plone to the
+latest ones in the 4.x series, or else have started using
+plone.app.discussion earlier than that, you might have come across a
+situation where comments on your site show user IDs as authors rather
+than ...</p>
+ <a class="readmore" href="http://davidjb.com/blog/2011/11/user-ids-show-as-comment-authors-in-plone-4-x-after-migration-from-plone-app-discussion/">read more</a>
+ <p>There are <a href="http://davidjb.com/blog/2011/11/user-ids-show-as-comment-authors-in-plone-4-x-after-migration-from-plone-app-discussion/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
+ </article></li>
+
+
+
+ <li><article class="hentry">
+ <header>
<h1><a href="http://davidjb.com/blog/2009/06/user-selectable-themes-in-plone/" rel="bookmark"
title="Permalink to User-selectable Themes In Plone">User-selectable Themes In&nbsp;Plone</a></h1>
</header>
@@ -250,38 +308,11 @@
<a class="readmore" href="http://davidjb.com/blog/2009/06/webpage-content-underneath-flash-content/">read more</a>
<p>There are <a href="http://davidjb.com/blog/2009/06/webpage-content-underneath-flash-content/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
</article></li>
-
-
-
- <li><article class="hentry">
- <header>
- <h1><a href="http://davidjb.com/blog/2010/02/wget-a-plone-site-and-make-it-actually-work/" rel="bookmark"
- title="Permalink to Wget a Plone site (and make it actually work)">Wget a Plone site (and make it actually&nbsp;work)</a></h1>
- </header>
-
- <div class="entry-content">
- <footer class="post-info">
- <abbr class="published" title="2010-02-25T15:01:00">
- Thu 25 February 2010
- </abbr>
-
- <address class="vcard author">
- By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
- </address>
- <p>In <a href="http://davidjb.com/category/plon.html">Plon</a>. </p>
-<p>tags: <a href="http://davidjb.com/tag/cd.html">cd</a><a href="http://davidjb.com/tag/content.html">content</a><a href="http://davidjb.com/tag/download.html">download</a><a href="http://davidjb.com/tag/dvd.html">dvd</a><a href="http://davidjb.com/tag/export.html">export</a><a href="http://davidjb.com/tag/media.html">media</a><a href="http://davidjb.com/tag/offline.html">offline</a><a href="http://davidjb.com/tag/plone.html">plone</a><a href="http://davidjb.com/tag/site.html">site</a><a href="http://davidjb.com/tag/static.html">static</a><a href="http://davidjb.com/tag/wget.html">wget</a></p>
-</footer><!-- /.post-info --> <p>There&#8217;s a lot of different resources and posts on the
-web about how to export a Plone site to static html content, but no
-methodology would actually solve all of my problems. Now, Plone is
-inherently a complicated beast, given just how much it does, and that&#8217;s
-definitely ...</p>
- <a class="readmore" href="http://davidjb.com/blog/2010/02/wget-a-plone-site-and-make-it-actually-work/">read more</a>
- <p>There are <a href="http://davidjb.com/blog/2010/02/wget-a-plone-site-and-make-it-actually-work/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
- </article></li>
</ol><!-- /#posts-list -->
<p class="paginator">
<a href="http://davidjb.com/author/davidjb11.html">&laquo;</a>
- Page 12 / 12
+ Page 12 / 13
+ <a href="http://davidjb.com/author/davidjb13.html">&raquo;</a>
</p>
</section><!-- /#content -->
<section id="extras" class="body">
View
121 author/davidjb13.html
@@ -0,0 +1,121 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <title>DavidJB.com - davidjb</title>
+ <meta charset="utf-8" />
+ <link rel="stylesheet" href="http://davidjb.com/theme/css/main.css" type="text/css" />
+ <link href="http://davidjb.com/feeds/all.atom.xml" type="application/atom+xml" rel="alternate" title="DavidJB.com Atom Feed" />
+
+ <!--[if IE]>
+ <script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
+
+ <!--[if lte IE 7]>
+ <link rel="stylesheet" type="text/css" media="all" href="http://davidjb.com/css/ie.css"/>
+ <script src="http://davidjb.com/js/IE8.js" type="text/javascript"></script><![endif]-->
+
+ <!--[if lt IE 7]>
+ <link rel="stylesheet" type="text/css" media="all" href="http://davidjb.com/css/ie6.css"/><![endif]-->
+
+</head>
+
+<body id="index" class="home">
+ <header id="banner" class="body">
+ <h1><a href="http://davidjb.com/">DavidJB.com <strong>Ramblings about Plone, Pyramid, Python, the web, Linux, roses and more, by David Beitey.</strong></a></h1>
+ <nav><ul>
+ <li><a href="http://davidjb.com/about.html">About&nbsp;me</a></li>
+ <li><a href="http://davidjb.com/blog/index.html">Blog</a></li>
+ <li><a href="http://davidjb.com/projects.html">Projects</a></li>
+ </ul></nav>
+ </header><!-- /#banner -->
+
+
+
+
+ <section id="content" class="body">
+ <ol id="posts-list" class="hfeed" start="9">
+ <li><article class="hentry">
+ <header>
+ <h1><a href="http://davidjb.com/blog/2010/02/wget-a-plone-site-and-make-it-actually-work/" rel="bookmark"
+ title="Permalink to Wget a Plone site (and make it actually work)">Wget a Plone site (and make it actually&nbsp;work)</a></h1>
+ </header>
+
+ <div class="entry-content">
+ <footer class="post-info">
+ <abbr class="published" title="2010-02-25T15:01:00">
+ Thu 25 February 2010
+ </abbr>
+
+ <address class="vcard author">
+ By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
+ </address>
+ <p>In <a href="http://davidjb.com/category/plon.html">Plon</a>. </p>
+<p>tags: <a href="http://davidjb.com/tag/cd.html">cd</a><a href="http://davidjb.com/tag/content.html">content</a><a href="http://davidjb.com/tag/download.html">download</a><a href="http://davidjb.com/tag/dvd.html">dvd</a><a href="http://davidjb.com/tag/export.html">export</a><a href="http://davidjb.com/tag/media.html">media</a><a href="http://davidjb.com/tag/offline.html">offline</a><a href="http://davidjb.com/tag/plone.html">plone</a><a href="http://davidjb.com/tag/site.html">site</a><a href="http://davidjb.com/tag/static.html">static</a><a href="http://davidjb.com/tag/wget.html">wget</a></p>
+</footer><!-- /.post-info --> <p>There&#8217;s a lot of different resources and posts on the
+web about how to export a Plone site to static html content, but no
+methodology would actually solve all of my problems. Now, Plone is
+inherently a complicated beast, given just how much it does, and that&#8217;s
+definitely ...</p>
+ <a class="readmore" href="http://davidjb.com/blog/2010/02/wget-a-plone-site-and-make-it-actually-work/">read more</a>
+ <p>There are <a href="http://davidjb.com/blog/2010/02/wget-a-plone-site-and-make-it-actually-work/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
+ </article></li>
+ </ol><!-- /#posts-list -->
+ <p class="paginator">
+ <a href="http://davidjb.com/author/davidjb12.html">&laquo;</a>
+ Page 13 / 13
+ </p>
+ </section><!-- /#content -->
+ <section id="extras" class="body">
+ <div class="blogroll">
+ <h2>blogroll</h2>
+ <ul>
+ <li><a href="http://planet.plone.org">Planet Plone</a></li>
+ <li><a href="http://jcu.me">jcu.me Research Porfolio</a></li>
+ <li><a href="http://xckd.com">XKCD</a></li>
+ <li><a href="http://appleinsider.com/">Apple Insider</a></li>
+ <li><a href="http://git.io/djb">Latest coding activity</a></li>
+ <li><a href="http://www.ozbargain.com.au">OzBargain</a></li>
+ </ul>
+ </div><!-- /.blogroll -->
+ <div class="social">
+ <h2>social</h2>
+ <ul>
+ <li><a href="http://davidjb.com/feeds/all.atom.xml" type="application/atom+xml" rel="alternate">atom feed</a></li>
+
+ <li><a href="http://git.io/djb">GitHub</a></li>
+ <li><a href="http://twitter.com/davidjb_">Twitter</a></li>
+ <li><a href="http://linkedin.com/in/davidbeitey">LinkedIn</a></li>
+ <li><a href="http://facebook.com/david.beitey">Facebook</a></li>
+ <li><a href="https://plus.google.com/u/0/106527454335411502430">Google+</a></li>
+ </ul>
+ </div><!-- /.social -->
+ </section><!-- /#extras -->
+
+ <footer id="contentinfo" class="body">
+ <address id="about" class="vcard body">
+ Proudly powered by <a href="http://getpelican.com/">Pelican</a>, which takes great advantage of <a href="http://python.org">Python</a>.
+ </address><!-- /#about -->
+
+ <p>The theme is by <a href="http://coding.smashingmagazine.com/2009/08/04/designing-a-html-5-layout-from-scratch/">Smashing Magazine</a>, thanks!</p>
+ </footer><!-- /#contentinfo -->
+
+ <script type="text/javascript">
+ var _gaq = _gaq || [];
+ _gaq.push(['_setAccount', 'UA-24253455-1']);
+ _gaq.push(['_trackPageview']);
+ (function() {
+ var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+ ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+ var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+ })();
+ </script>
+<script type="text/javascript">
+ var disqus_shortname = 'davidjb';
+ (function () {
+ var s = document.createElement('script'); s.async = true;
+ s.type = 'text/javascript';
+ s.src = 'http://' + disqus_shortname + '.disqus.com/count.js';
+ (document.getElementsByTagName('HEAD')[0] || document.getElementsByTagName('BODY')[0]).appendChild(s);
+ }());
+</script>
+</body>
+</html>
View
2 author/davidjb2.html
@@ -319,7 +319,7 @@
</ol><!-- /#posts-list -->
<p class="paginator">
<a href="http://davidjb.com/author/davidjb.html">&laquo;</a>
- Page 2 / 12
+ Page 2 / 13
<a href="http://davidjb.com/author/davidjb3.html">&raquo;</a>
</p>
</section><!-- /#content -->
View
2 author/davidjb3.html
@@ -311,7 +311,7 @@
</ol><!-- /#posts-list -->
<p class="paginator">
<a href="http://davidjb.com/author/davidjb2.html">&laquo;</a>
- Page 3 / 12
+ Page 3 / 13
<a href="http://davidjb.com/author/davidjb4.html">&raquo;</a>
</p>
</section><!-- /#content -->
View
62 author/davidjb4.html
@@ -258,61 +258,69 @@
<li><article class="hentry">
<header>
- <h1><a href="http://davidjb.com/blog/2012/02/java-http-request-fails-with-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated/" rel="bookmark"
- title="Permalink to Java HTTP request fails with “javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated”">Java <span class="caps">HTTP</span> request fails with &#8220;javax.net.ssl.SSLPeerUnverifiedException: peer not&nbsp;authenticated&#8221;</a></h1>
+ <h1><a href="http://davidjb.com/blog/2013/04/integrating-nginx-and-a-shibboleth-sp-with-fastcgi/" rel="bookmark"
+ title="Permalink to Integrating Nginx and a Shibboleth SP with FastCGI">Integrating Nginx and a Shibboleth <span class="caps">SP</span> with&nbsp;FastCGI</a></h1>
</header>
<div class="entry-content">
<footer class="post-info">
- <abbr class="published" title="2012-02-16T15:16:00">
- Thu 16 February 2012
+ <abbr class="published" title="2013-04-22T00:00:00">
+ Mon 22 April 2013
</abbr>
<address class="vcard author">
By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
</address>
- <p>In <a href="http://davidjb.com/category/linux.html">Linux</a>. </p>
-<p>tags: <a href="http://davidjb.com/tag/certificate.html">certificate</a><a href="http://davidjb.com/tag/java.html">java</a><a href="http://davidjb.com/tag/key.html">key</a><a href="http://davidjb.com/tag/linux.html">linux</a><a href="http://davidjb.com/tag/ssl.html">ssl</a><a href="http://davidjb.com/tag/store.html">store</a></p>
-</footer><!-- /.post-info --> <p>Searching the above-mentioned stack trace reveals lots and lots of
-results, unsurprisingly. &nbsp;Most results are workarounds where you modify
-the code, but what about if an application (like Jenkins/Hudson <span class="caps">CI</span>, in
-my case) throws this error at you? The reason the error is occurring is
-because the <span class="caps">SSL</span> certificate ...</p>
- <a class="readmore" href="http://davidjb.com/blog/2012/02/java-http-request-fails-with-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated/">read more</a>
- <p>There are <a href="http://davidjb.com/blog/2012/02/java-http-request-fails-with-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
+ <p>In <a href="http://davidjb.com/category/web.html">Web</a>. </p>
+<p>tags: <a href="http://davidjb.com/tag/nginx.html">Nginx</a><a href="http://davidjb.com/tag/shibboleth.html">Shibboleth</a><a href="http://davidjb.com/tag/fastcgi.html">FastCGI</a></p>
+</footer><!-- /.post-info --> <p><strong>tl;dr</strong>: You can have Nginx with Shibboleth. Rebuild Shibboleth with
+FastCGI support, and recompile Nginx with a custom module:
+<a class="reference external" href="https://bitbucket.org/davidjb/ngx_http_auth_request_module">https://bitbucket.org/davidjb/ngx_http_auth_request_module</a>. You can now
+run the Shibboleth FastCGI authorizer and responder applications and
+successfully&nbsp;authenticate!</p>
+<div class="contents local topic" id="contents">
+<ul class="simple">
+<li><a class="reference internal" href="#background" id="id2">Background</a><ul>
+<li><a class="reference internal" href="#cautionary-note" id="id3">Cautionary&nbsp;note</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#install-the-shibboleth-sp-with-fastcgi-support" id="id4">Install the Shibboleth <span class="caps">SP</span> with FastCGI&nbsp;support</a></li>
+<li><a class="reference internal" href="#nginx-with-fastcgi-authorizer-support" id="id5">Nginx ...</a></li></ul></div>
+ <a class="readmore" href="http://davidjb.com/blog/2013/04/integrating-nginx-and-a-shibboleth-sp-with-fastcgi/">read more</a>
+ <p>There are <a href="http://davidjb.com/blog/2013/04/integrating-nginx-and-a-shibboleth-sp-with-fastcgi/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
</article></li>
<li><article class="hentry">
<header>
- <h1><a href="http://davidjb.com/blog/2008/11/jcu-lyx-layout/" rel="bookmark"
- title="Permalink to JCU LyX Layout"><span class="caps">JCU</span> LyX&nbsp;Layout</a></h1>
+ <h1><a href="http://davidjb.com/blog/2012/02/java-http-request-fails-with-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated/" rel="bookmark"
+ title="Permalink to Java HTTP request fails with “javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated”">Java <span class="caps">HTTP</span> request fails with &#8220;javax.net.ssl.SSLPeerUnverifiedException: peer not&nbsp;authenticated&#8221;</a></h1>
</header>
<div class="entry-content">
<footer class="post-info">
- <abbr class="published" title="2008-11-09T11:25:00">
- Sun 09 November 2008
+ <abbr class="published" title="2012-02-16T15:16:00">
+ Thu 16 February 2012
</abbr>
<address class="vcard author">
By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
</address>
- <p>In <a href="http://davidjb.com/category/study.html">Study</a>. </p>
-
-</footer><!-- /.post-info --> <!-- note Update: this is now available on GitHub at
-https://github.com/davidjb/JCU-Thesis-LyX-Layout for you to fork and
-improve. Feel free to drop me a line if you're using it! -->
-<p>What might be interesting to all you <a class="reference external" href="http://www.jcu.edu.au/">James Cook
-University</a> or <strong><span class="caps">JCU</span></strong> folk out there (yeah, you know ...</p>
- <a class="readmore" href="http://davidjb.com/blog/2008/11/jcu-lyx-layout/">read more</a>
- <p>There are <a href="http://davidjb.com/blog/2008/11/jcu-lyx-layout/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
+ <p>In <a href="http://davidjb.com/category/linux.html">Linux</a>. </p>
+<p>tags: <a href="http://davidjb.com/tag/certificate.html">certificate</a><a href="http://davidjb.com/tag/java.html">java</a><a href="http://davidjb.com/tag/key.html">key</a><a href="http://davidjb.com/tag/linux.html">linux</a><a href="http://davidjb.com/tag/ssl.html">ssl</a><a href="http://davidjb.com/tag/store.html">store</a></p>
+</footer><!-- /.post-info --> <p>Searching the above-mentioned stack trace reveals lots and lots of
+results, unsurprisingly. &nbsp;Most results are workarounds where you modify
+the code, but what about if an application (like Jenkins/Hudson <span class="caps">CI</span>, in
+my case) throws this error at you? The reason the error is occurring is
+because the <span class="caps">SSL</span> certificate ...</p>
+ <a class="readmore" href="http://davidjb.com/blog/2012/02/java-http-request-fails-with-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated/">read more</a>
+ <p>There are <a href="http://davidjb.com/blog/2012/02/java-http-request-fails-with-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
</article></li>
</ol><!-- /#posts-list -->
<p class="paginator">
<a href="http://davidjb.com/author/davidjb3.html">&laquo;</a>
- Page 4 / 12
+ Page 4 / 13
<a href="http://davidjb.com/author/davidjb5.html">&raquo;</a>
</p>
</section><!-- /#content -->
View
57 author/davidjb5.html
@@ -35,6 +35,34 @@
<ol id="posts-list" class="hfeed" start="9">
<li><article class="hentry">
<header>
+ <h1><a href="http://davidjb.com/blog/2008/11/jcu-lyx-layout/" rel="bookmark"
+ title="Permalink to JCU LyX Layout"><span class="caps">JCU</span> LyX&nbsp;Layout</a></h1>
+ </header>
+
+ <div class="entry-content">
+ <footer class="post-info">
+ <abbr class="published" title="2008-11-09T11:25:00">
+ Sun 09 November 2008
+ </abbr>
+
+ <address class="vcard author">
+ By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
+ </address>
+ <p>In <a href="http://davidjb.com/category/study.html">Study</a>. </p>
+
+</footer><!-- /.post-info --> <!-- note Update: this is now available on GitHub at
+https://github.com/davidjb/JCU-Thesis-LyX-Layout for you to fork and
+improve. Feel free to drop me a line if you're using it! -->
+<p>What might be interesting to all you <a class="reference external" href="http://www.jcu.edu.au/">James Cook
+University</a> or <strong><span class="caps">JCU</span></strong> folk out there (yeah, you know ...</p>
+ <a class="readmore" href="http://davidjb.com/blog/2008/11/jcu-lyx-layout/">read more</a>
+ <p>There are <a href="http://davidjb.com/blog/2008/11/jcu-lyx-layout/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
+ </article></li>
+
+
+
+ <li><article class="hentry">
+ <header>
<h1><a href="http://davidjb.com/blog/2012/06/jenkins-ci-and-github-post-receive-hooks-ceasing-to-work-potential-solution/" rel="bookmark"
title="Permalink to Jenkins CI and GitHub post-receive hooks ceasing to work (+ potential solution)">Jenkins <span class="caps">CI</span> and GitHub post-receive hooks ceasing to work (+ potential&nbsp;solution)</a></h1>
</header>
@@ -282,37 +310,10 @@
<a class="readmore" href="http://davidjb.com/blog/2012/06/members-cant-add-folders-to-plone-via-webdav-401-unauthorized/">read more</a>
<p>There are <a href="http://davidjb.com/blog/2012/06/members-cant-add-folders-to-plone-via-webdav-401-unauthorized/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
</article></li>
-
-
-
- <li><article class="hentry">
- <header>
- <h1><a href="http://davidjb.com/blog/2009/09/migrating-a-plone-site-off-to-another-database-zeo/" rel="bookmark"
- title="Permalink to Migrating a Plone site off to another database (Zeo)">Migrating a Plone site off to another database&nbsp;(Zeo)</a></h1>
- </header>
-
- <div class="entry-content">
- <footer class="post-info">
- <abbr class="published" title="2009-09-30T12:25:00">
- Wed 30 September 2009
- </abbr>
-
- <address class="vcard author">
- By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
- </address>
- <p>In <a href="http://davidjb.com/category/plone.html">Plone</a>. </p>
-<p>tags: <a href="http://davidjb.com/tag/database.html">database</a><a href="http://davidjb.com/tag/export.html">export</a><a href="http://davidjb.com/tag/import.html">import</a><a href="http://davidjb.com/tag/migration.html">migration</a><a href="http://davidjb.com/tag/plone.html">plone</a><a href="http://davidjb.com/tag/site.html">site</a><a href="http://davidjb.com/tag/zeo.html">zeo</a><a href="http://davidjb.com/tag/zodb.html">zodb</a></p>
-</footer><!-- /.post-info --> <p>Another of the interesting things in my professional life has been
-migrating a Plone site from one database (where it lived as a dev site,
-along with many others) onto a nice, clean database of its own.&nbsp; Now,
-yes, I&#8217;m aware that the export/import feature of Zope <strong>isn ...</strong></p>
- <a class="readmore" href="http://davidjb.com/blog/2009/09/migrating-a-plone-site-off-to-another-database-zeo/">read more</a>
- <p>There are <a href="http://davidjb.com/blog/2009/09/migrating-a-plone-site-off-to-another-database-zeo/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
- </article></li>
</ol><!-- /#posts-list -->
<p class="paginator">
<a href="http://davidjb.com/author/davidjb4.html">&laquo;</a>
- Page 5 / 12
+ Page 5 / 13
<a href="http://davidjb.com/author/davidjb6.html">&raquo;</a>
</p>
</section><!-- /#content -->
View
57 author/davidjb6.html
@@ -35,6 +35,33 @@
<ol id="posts-list" class="hfeed" start="9">
<li><article class="hentry">
<header>
+ <h1><a href="http://davidjb.com/blog/2009/09/migrating-a-plone-site-off-to-another-database-zeo/" rel="bookmark"
+ title="Permalink to Migrating a Plone site off to another database (Zeo)">Migrating a Plone site off to another database&nbsp;(Zeo)</a></h1>
+ </header>
+
+ <div class="entry-content">
+ <footer class="post-info">
+ <abbr class="published" title="2009-09-30T12:25:00">
+ Wed 30 September 2009
+ </abbr>
+
+ <address class="vcard author">
+ By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
+ </address>
+ <p>In <a href="http://davidjb.com/category/plone.html">Plone</a>. </p>
+<p>tags: <a href="http://davidjb.com/tag/database.html">database</a><a href="http://davidjb.com/tag/export.html">export</a><a href="http://davidjb.com/tag/import.html">import</a><a href="http://davidjb.com/tag/migration.html">migration</a><a href="http://davidjb.com/tag/plone.html">plone</a><a href="http://davidjb.com/tag/site.html">site</a><a href="http://davidjb.com/tag/zeo.html">zeo</a><a href="http://davidjb.com/tag/zodb.html">zodb</a></p>
+</footer><!-- /.post-info --> <p>Another of the interesting things in my professional life has been
+migrating a Plone site from one database (where it lived as a dev site,
+along with many others) onto a nice, clean database of its own.&nbsp; Now,
+yes, I&#8217;m aware that the export/import feature of Zope <strong>isn ...</strong></p>
+ <a class="readmore" href="http://davidjb.com/blog/2009/09/migrating-a-plone-site-off-to-another-database-zeo/">read more</a>
+ <p>There are <a href="http://davidjb.com/blog/2009/09/migrating-a-plone-site-off-to-another-database-zeo/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
+ </article></li>
+
+
+
+ <li><article class="hentry">
+ <header>
<h1><a href="http://davidjb.com/blog/2011/01/migrating-plone-2-5-content-straight-onto-plone-4/" rel="bookmark"
title="Permalink to Migrating Plone 2.5 content straight onto Plone 4">Migrating Plone 2.5 content straight onto Plone&nbsp;4</a></h1>
</header>
@@ -282,38 +309,10 @@
<a class="readmore" href="http://davidjb.com/blog/2010/07/plone-4-local-zeo-blobs-conflict-with-plone-instance/">read more</a>
<p>There are <a href="http://davidjb.com/blog/2010/07/plone-4-local-zeo-blobs-conflict-with-plone-instance/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
</article></li>
-
-
-
- <li><article class="hentry">
- <header>
- <h1><a href="http://davidjb.com/blog/2010/04/plone-and-dexterity-working-with-computed-fields/" rel="bookmark"
- title="Permalink to Plone and Dexterity: Working with computed fields">Plone and Dexterity: Working with computed&nbsp;fields</a></h1>
- </header>
-
- <div class="entry-content">
- <footer class="post-info">
- <abbr class="published" title="2010-04-19T14:03:00">
- Mon 19 April 2010
- </abbr>
-
- <address class="vcard author">
- By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
- </address>
- <p>In <a href="http://davidjb.com/category/plon.html">Plon</a>. </p>
-<p>tags: <a href="http://davidjb.com/tag/computation.html">computation</a><a href="http://davidjb.com/tag/content.html">content</a><a href="http://davidjb.com/tag/dexterity.html">dexterity</a><a href="http://davidjb.com/tag/extension.html">extension</a><a href="http://davidjb.com/tag/function.html">function</a><a href="http://davidjb.com/tag/plone.html">plone</a><a href="http://davidjb.com/tag/product.html">product</a><a href="http://davidjb.com/tag/python.html">python</a></p>
-</footer><!-- /.post-info --> <p>Today, we&#8217;re looking at how to utilise computed fields within a
-Dexterity-based content type. The specific use-case is that of having
-two separate fields (first name and surname, for a Person type, for
-example) generate the complete object title. The first part of this &#8212;
-having the title of the ...</p>
- <a class="readmore" href="http://davidjb.com/blog/2010/04/plone-and-dexterity-working-with-computed-fields/">read more</a>
- <p>There are <a href="http://davidjb.com/blog/2010/04/plone-and-dexterity-working-with-computed-fields/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
- </article></li>
</ol><!-- /#posts-list -->
<p class="paginator">
<a href="http://davidjb.com/author/davidjb5.html">&laquo;</a>
- Page 6 / 12
+ Page 6 / 13
<a href="http://davidjb.com/author/davidjb7.html">&raquo;</a>
</p>
</section><!-- /#content -->
View
58 author/davidjb7.html
@@ -35,6 +35,34 @@
<ol id="posts-list" class="hfeed" start="9">
<li><article class="hentry">
<header>
+ <h1><a href="http://davidjb.com/blog/2010/04/plone-and-dexterity-working-with-computed-fields/" rel="bookmark"
+ title="Permalink to Plone and Dexterity: Working with computed fields">Plone and Dexterity: Working with computed&nbsp;fields</a></h1>
+ </header>
+
+ <div class="entry-content">
+ <footer class="post-info">
+ <abbr class="published" title="2010-04-19T14:03:00">
+ Mon 19 April 2010
+ </abbr>
+
+ <address class="vcard author">
+ By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
+ </address>
+ <p>In <a href="http://davidjb.com/category/plon.html">Plon</a>. </p>
+<p>tags: <a href="http://davidjb.com/tag/computation.html">computation</a><a href="http://davidjb.com/tag/content.html">content</a><a href="http://davidjb.com/tag/dexterity.html">dexterity</a><a href="http://davidjb.com/tag/extension.html">extension</a><a href="http://davidjb.com/tag/function.html">function</a><a href="http://davidjb.com/tag/plone.html">plone</a><a href="http://davidjb.com/tag/product.html">product</a><a href="http://davidjb.com/tag/python.html">python</a></p>
+</footer><!-- /.post-info --> <p>Today, we&#8217;re looking at how to utilise computed fields within a
+Dexterity-based content type. The specific use-case is that of having
+two separate fields (first name and surname, for a Person type, for
+example) generate the complete object title. The first part of this &#8212;
+having the title of the ...</p>
+ <a class="readmore" href="http://davidjb.com/blog/2010/04/plone-and-dexterity-working-with-computed-fields/">read more</a>
+ <p>There are <a href="http://davidjb.com/blog/2010/04/plone-and-dexterity-working-with-computed-fields/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
+ </article></li>
+
+
+
+ <li><article class="hentry">
+ <header>
<h1><a href="http://davidjb.com/blog/2009/07/plone-app-blob-and-failed-migrations/" rel="bookmark"
title="Permalink to plone.app.blob and Failed Migrations">plone.app.blob and Failed&nbsp;Migrations</a></h1>
</header>
@@ -281,38 +309,10 @@
<a class="readmore" href="http://davidjb.com/blog/2009/04/plone-issues-with-products/">read more</a>
<p>There are <a href="http://davidjb.com/blog/2009/04/plone-issues-with-products/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
</article></li>
-
-
-
- <li><article class="hentry">
- <header>
- <h1><a href="http://davidjb.com/blog/2010/07/plone-overrides-zcml-gets-auto-included-with-z3c-autoinclude/" rel="bookmark"
- title="Permalink to Plone: Overrides.zcml gets auto-included with z3c.autoinclude">Plone: Overrides.zcml gets auto-included with&nbsp;z3c.autoinclude</a></h1>
- </header>
-
- <div class="entry-content">
- <footer class="post-info">
- <abbr class="published" title="2010-07-13T15:01:00">
- Tue 13 July 2010
- </abbr>
-
- <address class="vcard author">
- By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
- </address>
- <p>In <a href="http://davidjb.com/category/plone.html">Plone</a>. </p>
-<p>tags: <a href="http://davidjb.com/tag/auto.html">auto</a><a href="http://davidjb.com/tag/icons.html">icons</a><a href="http://davidjb.com/tag/include.html">include</a><a href="http://davidjb.com/tag/plone.html">plone</a><a href="http://davidjb.com/tag/plone-3.html">plone 3</a><a href="http://davidjb.com/tag/problem.html">problem</a><a href="http://davidjb.com/tag/theme.html">theme</a><a href="http://davidjb.com/tag/z3c.html">z3c</a><a href="http://davidjb.com/tag/zcml.html">zcml</a><a href="http://davidjb.com/tag/zope.html">zope</a></p>
-</footer><!-- /.post-info --> <p>Unsurprisingly, specifying a z3c.autoinclude entry point in your Plone
-product egg means your <span class="caps">ZCML</span> gets automatically included. That&#8217;s great
-because it means you don&#8217;t have to specify your product under the <span class="caps">ZCML</span>
-section of your instance in buildout. One thing that isn&#8217;t so obvious
-(it&#8217;s ...</p>
- <a class="readmore" href="http://davidjb.com/blog/2010/07/plone-overrides-zcml-gets-auto-included-with-z3c-autoinclude/">read more</a>
- <p>There are <a href="http://davidjb.com/blog/2010/07/plone-overrides-zcml-gets-auto-included-with-z3c-autoinclude/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
- </article></li>
</ol><!-- /#posts-list -->
<p class="paginator">
<a href="http://davidjb.com/author/davidjb6.html">&laquo;</a>
- Page 7 / 12
+ Page 7 / 13
<a href="http://davidjb.com/author/davidjb8.html">&raquo;</a>
</p>
</section><!-- /#content -->
View
60 author/davidjb8.html
@@ -35,6 +35,34 @@
<ol id="posts-list" class="hfeed" start="9">
<li><article class="hentry">
<header>
+ <h1><a href="http://davidjb.com/blog/2010/07/plone-overrides-zcml-gets-auto-included-with-z3c-autoinclude/" rel="bookmark"
+ title="Permalink to Plone: Overrides.zcml gets auto-included with z3c.autoinclude">Plone: Overrides.zcml gets auto-included with&nbsp;z3c.autoinclude</a></h1>
+ </header>
+
+ <div class="entry-content">
+ <footer class="post-info">
+ <abbr class="published" title="2010-07-13T15:01:00">
+ Tue 13 July 2010
+ </abbr>
+
+ <address class="vcard author">
+ By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
+ </address>
+ <p>In <a href="http://davidjb.com/category/plone.html">Plone</a>. </p>
+<p>tags: <a href="http://davidjb.com/tag/auto.html">auto</a><a href="http://davidjb.com/tag/icons.html">icons</a><a href="http://davidjb.com/tag/include.html">include</a><a href="http://davidjb.com/tag/plone.html">plone</a><a href="http://davidjb.com/tag/plone-3.html">plone 3</a><a href="http://davidjb.com/tag/problem.html">problem</a><a href="http://davidjb.com/tag/theme.html">theme</a><a href="http://davidjb.com/tag/z3c.html">z3c</a><a href="http://davidjb.com/tag/zcml.html">zcml</a><a href="http://davidjb.com/tag/zope.html">zope</a></p>
+</footer><!-- /.post-info --> <p>Unsurprisingly, specifying a z3c.autoinclude entry point in your Plone
+product egg means your <span class="caps">ZCML</span> gets automatically included. That&#8217;s great
+because it means you don&#8217;t have to specify your product under the <span class="caps">ZCML</span>
+section of your instance in buildout. One thing that isn&#8217;t so obvious
+(it&#8217;s ...</p>
+ <a class="readmore" href="http://davidjb.com/blog/2010/07/plone-overrides-zcml-gets-auto-included-with-z3c-autoinclude/">read more</a>
+ <p>There are <a href="http://davidjb.com/blog/2010/07/plone-overrides-zcml-gets-auto-included-with-z3c-autoinclude/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
+ </article></li>
+
+
+
+ <li><article class="hentry">
+ <header>
<h1><a href="http://davidjb.com/blog/2008/11/plone-page-template-redirects/" rel="bookmark"
title="Permalink to Plone: Page Template Redirects">Plone: Page Template&nbsp;Redirects</a></h1>
</header>
@@ -279,40 +307,10 @@
<a class="readmore" href="http://davidjb.com/blog/2010/07/plone-running-plone-without-copies-of-blobs/">read more</a>
<p>There are <a href="http://davidjb.com/blog/2010/07/plone-running-plone-without-copies-of-blobs/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
</article></li>
-
-
-
- <li><article class="hentry">
- <header>
- <h1><a href="http://davidjb.com/blog/2010/06/plone-sitemanager-leftovers-not-the-good-kind/" rel="bookmark"
- title="Permalink to Plone: SiteManager leftovers; not the good kind">Plone: SiteManager leftovers; not the good&nbsp;kind</a></h1>
- </header>
-
- <div class="entry-content">
- <footer class="post-info">
- <abbr class="published" title="2010-06-28T14:35:00">
- Mon 28 June 2010
- </abbr>
-
- <address class="vcard author">
- By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
- </address>
- <p>In <a href="http://davidjb.com/category/plone.html">Plone</a>. </p>
-<p>tags: <a href="http://davidjb.com/tag/egg.html">egg</a><a href="http://davidjb.com/tag/error.html">error</a><a href="http://davidjb.com/tag/install.html">install</a><a href="http://davidjb.com/tag/plone.html">plone</a><a href="http://davidjb.com/tag/problem.html">problem</a><a href="http://davidjb.com/tag/site.html">site</a><a href="http://davidjb.com/tag/update.html">update</a><a href="http://davidjb.com/tag/zope.html">zope</a></p>
-</footer><!-- /.post-info --> <div class="note">
-<p class="first admonition-title">Note</p>
-<p class="last"><strong>Update:</strong> You should check out <a class="reference external" href="http://pypi.python.org/pypi/wildcard.fixpersistentutilities">wildcard.fixpersistentutilities</a>
-- it&#8217;s a fantastic solution to problems like this. Many thanks to
-Nathan Van Gheem, the author of the add on. Check out the link and
-see how to install it (temporarily) on your Plone instance that
-needs its site manager cleaned ...</p></div>
- <a class="readmore" href="http://davidjb.com/blog/2010/06/plone-sitemanager-leftovers-not-the-good-kind/">read more</a>
- <p>There are <a href="http://davidjb.com/blog/2010/06/plone-sitemanager-leftovers-not-the-good-kind/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
- </article></li>
</ol><!-- /#posts-list -->
<p class="paginator">
<a href="http://davidjb.com/author/davidjb7.html">&laquo;</a>
- Page 8 / 12
+ Page 8 / 13
<a href="http://davidjb.com/author/davidjb9.html">&raquo;</a>
</p>
</section><!-- /#content -->
View
59 author/davidjb9.html
@@ -35,6 +35,36 @@
<ol id="posts-list" class="hfeed" start="9">
<li><article class="hentry">
<header>
+ <h1><a href="http://davidjb.com/blog/2010/06/plone-sitemanager-leftovers-not-the-good-kind/" rel="bookmark"
+ title="Permalink to Plone: SiteManager leftovers; not the good kind">Plone: SiteManager leftovers; not the good&nbsp;kind</a></h1>
+ </header>
+
+ <div class="entry-content">
+ <footer class="post-info">
+ <abbr class="published" title="2010-06-28T14:35:00">
+ Mon 28 June 2010
+ </abbr>
+
+ <address class="vcard author">
+ By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
+ </address>
+ <p>In <a href="http://davidjb.com/category/plone.html">Plone</a>. </p>
+<p>tags: <a href="http://davidjb.com/tag/egg.html">egg</a><a href="http://davidjb.com/tag/error.html">error</a><a href="http://davidjb.com/tag/install.html">install</a><a href="http://davidjb.com/tag/plone.html">plone</a><a href="http://davidjb.com/tag/problem.html">problem</a><a href="http://davidjb.com/tag/site.html">site</a><a href="http://davidjb.com/tag/update.html">update</a><a href="http://davidjb.com/tag/zope.html">zope</a></p>
+</footer><!-- /.post-info --> <div class="note">
+<p class="first admonition-title">Note</p>
+<p class="last"><strong>Update:</strong> You should check out <a class="reference external" href="http://pypi.python.org/pypi/wildcard.fixpersistentutilities">wildcard.fixpersistentutilities</a>
+- it&#8217;s a fantastic solution to problems like this. Many thanks to
+Nathan Van Gheem, the author of the add on. Check out the link and
+see how to install it (temporarily) on your Plone instance that
+needs its site manager cleaned ...</p></div>
+ <a class="readmore" href="http://davidjb.com/blog/2010/06/plone-sitemanager-leftovers-not-the-good-kind/">read more</a>
+ <p>There are <a href="http://davidjb.com/blog/2010/06/plone-sitemanager-leftovers-not-the-good-kind/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
+ </article></li>
+
+
+
+ <li><article class="hentry">
+ <header>
<h1><a href="http://davidjb.com/blog/2009/01/plone-url-encoding-in-a-script/" rel="bookmark"
title="Permalink to Plone: URL Encoding In A Script">Plone: <span class="caps">URL</span> Encoding In A&nbsp;Script</a></h1>
</header>
@@ -277,37 +307,10 @@
<a class="readmore" href="http://davidjb.com/blog/2011/01/python-eggs-and-missing-files-like-docs/">read more</a>
<p>There are <a href="http://davidjb.com/blog/2011/01/python-eggs-and-missing-files-like-docs/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
</article></li>
-
-
-
- <li><article class="hentry">
- <header>
- <h1><a href="http://davidjb.com/blog/2010/12/replace-your-logitech-premium-notebook-headset-foam-ear-pads/" rel="bookmark"
- title="Permalink to DIY - Replace your Logitech Premium Notebook Headset foam ear pads"><span class="caps">DIY</span> - Replace your Logitech Premium Notebook Headset foam ear&nbsp;pads</a></h1>
- </header>
-
- <div class="entry-content">
- <footer class="post-info">
- <abbr class="published" title="2010-12-04T00:56:00">
- Sat 04 December 2010
- </abbr>
-
- <address class="vcard author">
- By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
- </address>
- <p>In <a href="http://davidjb.com/category/hardware.html">Hardware</a>. </p>
-<p>tags: <a href="http://davidjb.com/tag/foam.html">foam</a><a href="http://davidjb.com/tag/headphones.html">headphones</a><a href="http://davidjb.com/tag/logitech.html">logitech</a><a href="http://davidjb.com/tag/maths.html">maths</a><a href="http://davidjb.com/tag/pads.html">pads</a><a href="http://davidjb.com/tag/problem.html">problem</a><a href="http://davidjb.com/tag/solution.html">solution</a></p>
-</footer><!-- /.post-info --> <p>So, I&#8217;m the proud owner of a set of a <a class="reference external" href="http://www.logitech.com/en-gb/speakers-audio/headphones/devices/223">Logitech Premium Notebook
-Headset</a>. I purchased these headphones a fair while ago - around 2
-years - and just like any set of headphones, the foam ear pads
-deteriorated away when I took them out to use them after a long ...</p>
- <a class="readmore" href="http://davidjb.com/blog/2010/12/replace-your-logitech-premium-notebook-headset-foam-ear-pads/">read more</a>
- <p>There are <a href="http://davidjb.com/blog/2010/12/replace-your-logitech-premium-notebook-headset-foam-ear-pads/#disqus_thread">comments</a>.</p> </div><!-- /.entry-content -->
- </article></li>
</ol><!-- /#posts-list -->
<p class="paginator">
<a href="http://davidjb.com/author/davidjb8.html">&laquo;</a>
- Page 9 / 12
+ Page 9 / 13
<a href="http://davidjb.com/author/davidjb10.html">&raquo;</a>
</p>
</section><!-- /#content -->
View
426 blog/2013/04/integrating-nginx-and-a-shibboleth-sp-with-fastcgi/index.html
@@ -0,0 +1,426 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <title>Integrating Nginx and a Shibboleth SP with FastCGI</title>
+ <meta charset="utf-8" />
+ <link rel="stylesheet" href="http://davidjb.com/theme/css/main.css" type="text/css" />
+ <link href="http://davidjb.com/feeds/all.atom.xml" type="application/atom+xml" rel="alternate" title="DavidJB.com Atom Feed" />
+
+ <!--[if IE]>
+ <script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
+
+ <!--[if lte IE 7]>
+ <link rel="stylesheet" type="text/css" media="all" href="http://davidjb.com/css/ie.css"/>
+ <script src="http://davidjb.com/js/IE8.js" type="text/javascript"></script><![endif]-->
+
+ <!--[if lt IE 7]>
+ <link rel="stylesheet" type="text/css" media="all" href="http://davidjb.com/css/ie6.css"/><![endif]-->
+
+</head>
+
+<body id="index" class="home">
+ <header id="banner" class="body">
+ <h1><a href="http://davidjb.com/">DavidJB.com <strong>Ramblings about Plone, Pyramid, Python, the web, Linux, roses and more, by David Beitey.</strong></a></h1>
+ <nav><ul>
+ <li><a href="http://davidjb.com/about.html">About&nbsp;me</a></li>
+ <li><a href="http://davidjb.com/blog/index.html">Blog</a></li>
+ <li><a href="http://davidjb.com/projects.html">Projects</a></li>
+ </ul></nav>
+ </header><!-- /#banner -->
+ <section id="content" class="body">
+ <article>
+ <header>
+ <h1 class="entry-title">
+ <a href="http://davidjb.com/blog/2013/04/integrating-nginx-and-a-shibboleth-sp-with-fastcgi/" rel="bookmark"
+ title="Permalink to Integrating Nginx and a Shibboleth SP with FastCGI">Integrating Nginx and a Shibboleth <span class="caps">SP</span> with&nbsp;FastCGI</a></h1>
+ <a href="http://twitter.com/share" class="twitter-share-button" data-count="horizontal" data-via="davidjb_">Tweet</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
+ </header>
+
+ <div class="entry-content">
+ <footer class="post-info">
+ <abbr class="published" title="2013-04-22T00:00:00">
+ Mon 22 April 2013
+ </abbr>
+
+ <address class="vcard author">
+ By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
+ </address>
+ <p>In <a href="http://davidjb.com/category/web.html">Web</a>. </p>
+<p>tags: <a href="http://davidjb.com/tag/nginx.html">Nginx</a><a href="http://davidjb.com/tag/shibboleth.html">Shibboleth</a><a href="http://davidjb.com/tag/fastcgi.html">FastCGI</a></p>
+</footer><!-- /.post-info --> <p><strong>tl;dr</strong>: You can have Nginx with Shibboleth. Rebuild Shibboleth with
+FastCGI support, and recompile Nginx with a custom module:
+<a class="reference external" href="https://bitbucket.org/davidjb/ngx_http_auth_request_module">https://bitbucket.org/davidjb/ngx_http_auth_request_module</a>. You can now
+run the Shibboleth FastCGI authorizer and responder applications and
+successfully&nbsp;authenticate!</p>
+<div class="contents local topic" id="contents">
+<ul class="simple">
+<li><a class="reference internal" href="#background" id="id2">Background</a><ul>
+<li><a class="reference internal" href="#cautionary-note" id="id3">Cautionary&nbsp;note</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#install-the-shibboleth-sp-with-fastcgi-support" id="id4">Install the Shibboleth <span class="caps">SP</span> with FastCGI&nbsp;support</a></li>
+<li><a class="reference internal" href="#nginx-with-fastcgi-authorizer-support" id="id5">Nginx with FastCGI Authorizer&nbsp;support</a></li>
+<li><a class="reference internal" href="#configuring-shibboleth-to-recognise-secured-paths" id="id6">Configuring Shibboleth to recognise secured&nbsp;paths</a></li>
+<li><a class="reference internal" href="#warning" id="id7">Warning</a></li>
+<li><a class="reference internal" href="#conclusion" id="id8">Conclusion</a></li>
+</ul>
+</div>
+<div class="section" id="background">
+<h2>Background</h2>
+<p>There&#8217;s a <strong>lot</strong> of posts around the web asking about integrating
+Shibboleth and Nginx, and so far as I can ascertain, the responses have
+been fairly empty and a resounding &#8220;<span class="caps">NO</span>&#8221;. Here&#8217;s what I&#8217;ve gathered so&nbsp;far.</p>
+<p>Shibboleth supports Apache and <span class="caps">IIS</span> by default, but not Nginx. The closest one
+gets to support is via FastCGI, which Shibboleth <a class="reference external" href="https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPFastCGIConfig">does have</a>
+but the default distribution needs to be rebuilt to support it. Nginx has
+support for FastCGI responders, but not for <cite>FastCGI authorizers
+&lt;http://www.fastcgi.com/drupal/node/22#S6.3&gt;_</cite>. This is where things get
+interesting (and eventually&nbsp;change).</p>
+<p>So, that said, Nginx does have support for sub-requests for allowing access,
+and the <a class="reference external" href="http://mdounin.ru/hg/ngx_http_auth_request_module/">Auth Request</a>
+gets very close in terms of providing the functionality we need for a FastCGI
+authorizer. However, that module only allow(ed) for the
+sub-request to respond with an <em>allow</em> or <em>deny</em> response. But, some minor
+changes I was able to make to my
+<a class="reference external" href="https://bitbucket.org/davidjb/ngx_http_auth_request_module">own fork</a> of
+that Auth Request module allows the auth request to follow the&nbsp;specification.</p>
+<div class="section" id="cautionary-note">
+<h3>Cautionary&nbsp;note</h3>
+<p>I should note that my custom Auth Request module for Nginx doesn&#8217;t
+presently feature support for sending the FastCGI authorizer the original
+request body, and likewise, doesn&#8217;t support sending the authorizer&#8217;s response
+body back to the client. For Shibboleth authorisation, however, these two
+are inconsequential as only <span class="caps">HTTP</span> redirections and <span class="caps">HTTP</span> headers (cookies)
+are used for authentication to&nbsp;succeed.</p>
+<p>Contributions are welcome at the above repository. I&#8217;m currently looking to
+have my improvements merged back into the main plugin,&nbsp;too.</p>
+</div>
+</div>
+<div class="section" id="install-the-shibboleth-sp-with-fastcgi-support">
+<h2>Install the Shibboleth <span class="caps">SP</span> with FastCGI&nbsp;support</h2>
+<p>Check out my post regarding <a class="reference external" href="http://davidjb.com/blog/2013/04/setting-up-a-shibboleth-sp-with-fastcgi-support/">Shibboleth and FastCGI</a>. It will step you though either how to install or build
+the Shibboleth <span class="caps">SP</span> for your system and get the FastCGI applications up and&nbsp;running.</p>
+<p>Once you&#8217;re done, make a note of the socket where the applications can be
+accessed. We&#8217;ll use this information&nbsp;next.</p>
+</div>
+<div class="section" id="nginx-with-fastcgi-authorizer-support">
+<h2>Nginx with FastCGI Authorizer&nbsp;support</h2>
+<p>The next step is sorting out Nginx with suitable support for FastCGI
+authorizers. As mentioned above, I was able to delve into Nginx and make my
+<a class="reference external" href="https://bitbucket.org/davidjb/ngx_http_auth_request_module">own fork</a> of
+that Auth Request module allows the auth request to follow the specification
+(see caveat above about request/response&nbsp;bodies).</p>
+<ol class="arabic">
+<li><p class="first">Compile Nginx with the custom Auth request module and the
+<a class="reference external" href="http://wiki.nginx.org/HttpHeadersMoreModule">Headers More</a> module
+(take a look at
+<a class="reference external" href="https://github.com/jcu-eresearch/nginx-custom-build">https://github.com/jcu-eresearch/nginx-custom-build</a> for how) or
+if you&#8217;re on <span class="caps">RHEL</span> or CentOS 6 and trust my
+<span class="caps">RPM</span> building skills, then install from this <span class="caps">RPM</span>&nbsp;repository:</p>
+<blockquote>
+<p><a class="reference external" href="https://www.hpc.jcu.edu.au/rpm/">https://www.hpc.jcu.edu.au/rpm/</a></p>
+</blockquote>
+<p>You can either install the RPMs manually, or add it as another repository
+for Yum to&nbsp;use:</p>
+<pre class="code ini literal-block">
+<span class="k">[jcu-eresearch]</span>
+<span class="na">name</span><span class="o">=</span><span class="s"><span class="caps">JCU</span> eResearch Custom Repo</span>
+<span class="na">baseurl</span><span class="o">=</span><span class="s">https://www.hpc.jcu.edu.au/rpm/</span>
+<span class="na">gpgcheck</span><span class="o">=</span><span class="s">0</span>
+<span class="na">enabled</span><span class="o">=</span><span class="s">1</span>
+<span class="na">priority</span><span class="o">=</span><span class="s">1</span>
+</pre>
+<p>You should probably ensure that your other Nginx repo has a lower
+priority (such as <tt class="docutils literal">priority=2</tt>) so it doesn&#8217;t take precedence over
+these custom&nbsp;packages.</p>
+</li>
+<li><p class="first">Once you&#8217;ve successfully got Nginx compiled with my custom auth request
+module, then you&#8217;re ready to configure it all&nbsp;up.</p>
+</li>
+<li><p class="first">Configure one or more servers within your Nginx configuration like so.
+You&#8217;ll need the socket information for your FastCGI Shibboleth <span class="caps">SP</span>&nbsp;applications.</p>
+<pre class="code nginx literal-block">
+<span class="k">server</span> <span class="p">{</span>
+ <span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span><span class="p">;</span>
+ <span class="kn">...</span>
+
+ <span class="c1">#FastCGI authorizer for Auth Request module
+</span> <span class="s">location</span> <span class="p">=</span> <span class="s">/shibauthorizer</span> <span class="p">{</span>
+ <span class="kn">internal</span><span class="p">;</span>
+ <span class="kn">include</span> <span class="s">fastcgi_params</span><span class="p">;</span>
+ <span class="kn">fastcgi_pass</span> <span class="s">unix:/opt/shibboleth/shibauthorizer.sock</span><span class="p">;</span>
+ <span class="p">}</span>
+
+ <span class="c1">#FastCGI responder for <span class="caps">SSO</span>
+</span> <span class="kn">location</span> <span class="s">/Shibboleth.sso</span> <span class="p">{</span>
+ <span class="kn">include</span> <span class="s">fastcgi_params</span><span class="p">;</span>
+ <span class="kn">fastcgi_pass</span> <span class="s">unix:/opt/shibboleth/shibresponder.sock</span><span class="p">;</span>
+ <span class="p">}</span>
+
+ <span class="c1">#Resources for the Shibboleth error pages. This can be customised.
+</span> <span class="kn">location</span> <span class="s">/shibboleth-sp</span> <span class="p">{</span>
+ <span class="kn">alias</span> <span class="s">/usr/share/shibboleth/</span><span class="p">;</span>
+ <span class="p">}</span>
+
+ <span class="c1">#A secured location. Here all incoming requests query the
+</span> <span class="c1">#FastCGI authorizer. Watch out for performance issues and spoofing.
+</span> <span class="kn">location</span> <span class="s">/secure</span> <span class="p">{</span>
+ <span class="kn">more_clear_input_headers</span> <span class="s">'Variable-*'</span> <span class="s">'Shib-*'</span> <span class="s">'Remote-User'</span> <span class="s">'REMOTE_USER'</span> <span class="s">'Auth-Type'</span> <span class="s">'AUTH_TYPE'</span><span class="p">;</span>
+
+ <span class="c1">#Add your attributes here. They get introduced as headers
+</span> <span class="c1">#by the FastCGI authorizer so we must prevent spoofing.
+</span> <span class="kn">more_clear_input_headers</span> <span class="s">'displayName'</span> <span class="s">'mail'</span> <span class="s">'persistent-id'</span><span class="p">;</span>
+ <span class="kn">auth_request</span> <span class="s">/shibauthorizer</span> <span class="s">authorizer=on</span><span class="p">;</span>
+ <span class="kn">proxy_pass</span> <span class="s">http://localhost:8080</span><span class="p">;</span>
+ <span class="p">}</span>
+
+ <span class="c1">#A secured location, but only a specific sub-path causes Shibboleth
+</span> <span class="c1">#authentication.
+</span> <span class="kn">location</span> <span class="s">/secure2</span> <span class="p">{</span>
+ <span class="kn">proxy_pass</span> <span class="s">http://localhost:8080</span><span class="p">;</span>
+
+ <span class="kn">location</span> <span class="p">=</span> <span class="s">/secure2/shibboleth</span> <span class="p">{</span>
+ <span class="kn">more_clear_input_headers</span> <span class="s">'Variable-*'</span> <span class="s">'Shib-*'</span> <span class="s">'Remote-User'</span> <span class="s">'REMOTE_USER'</span> <span class="s">'Auth-Type'</span> <span class="s">'AUTH_TYPE'</span><span class="p">;</span>
+ <span class="c1">#Add your attributes here. They get introduced as headers
+</span> <span class="c1">#by the FastCGI authorizer so we must prevent spoofing.
+</span> <span class="kn">more_clear_input_headers</span> <span class="s">'displayName'</span> <span class="s">'mail'</span> <span class="s">'persistent-id'</span><span class="p">;</span>
+ <span class="kn">auth_request</span> <span class="s">/shibauthorizer</span> <span class="s">authorizer=on</span><span class="p">;</span>
+ <span class="kn">proxy_pass</span> <span class="s">http://localhost:8080</span><span class="p">;</span>
+ <span class="p">}</span>
+ <span class="p">}</span>
+<span class="p">}</span>
+</pre>
+<p>An explanation about the above is provided in the comments. I should note&nbsp;that:</p>
+<ul>
+<li><p class="first">The first 3 locations are pure boilerplate for any host that requires
+Shibboleth authentication, so you can (and should!) put these into an
+<tt class="docutils literal">include</tt>-able configuration file and reuse&nbsp;them.</p>
+</li>
+<li><p class="first">The <tt class="docutils literal"><span class="pre">/shibboleth-sp</span></tt> location is purely there to help your default
+install. If you customise your error pages, feel free to change or delete
+this&nbsp;location.</p>
+</li>
+<li><p class="first">Take note of the <tt class="docutils literal">more_clear_input_headers</tt> calls. As the Shibboleth
+authorizer will inject headers into the request before passing the
+request onto the final upstream endpoint, you <strong>must</strong>
+use these directives to protect from spoofing. You should expand the
+second call to this directive when you have more incoming attributes
+from the Shibboleth authorizer. Or else&nbsp;beware&#8230;</p>
+</li>
+<li><p class="first">The <tt class="docutils literal">/secure</tt> location will ask the FastCGI authorizer for attributes
+for <strong>every</strong> request that comes in. This may or may not be what you
+want. Keep in mind this means that each request will have Shibboleth
+attributes dropped into the request for sending onto backend services,
+and this will happen every time. Did I mention for <strong>every request</strong>?</p>
+</li>
+<li><p class="first">The <tt class="docutils literal">/secure2</tt> location only asks the FastCGI authorizer for auth
+on a (very) specific sub-path. Only upon the user hitting this specific
+<span class="caps">URL</span> will the authentication process be triggered. This is a smarter
+authentication technique to avoid extra overhead &#8212; set the upstream
+for the specific sub-path to be somewhere an application session is
+created, and have that application session capture the Shibboleth&nbsp;attributes.</p>
+<p>Notice how the rest of the application doesn&#8217;t refer to the authorizer.
+This means the application can be used anonymously, too. Alternatively,
+you can configure the <tt class="docutils literal">requireSession</tt> option to be&nbsp;fa</p>
+</li>
+<li><p class="first">Adding the <tt class="docutils literal">auth_request</tt> line into a location isn&#8217;t all you need to
+do to get the FastCGI authorizer to recognise your path as Shibboleth
+protected. You need to follow the instructions below and take&nbsp;care.</p>
+</li>
+</ul>
+</li>
+<li><p class="first">Save the configuration and follow the next section. You&#8217;re almost&nbsp;done.</p>
+</li>
+</ol>
+</div>
+<div class="section" id="configuring-shibboleth-to-recognise-secured-paths">
+<h2>Configuring Shibboleth to recognise secured&nbsp;paths</h2>
+<p>Typically, within Apache, you can tell Shibboleth which paths to secure by
+using something&nbsp;like:</p>
+<pre class="code apache literal-block">
+<span class="nt">&lt;Location</span> <span class="s">/secure</span><span class="nt">&gt;</span>
+ <span class="nb">ShibRequestSetting</span> authType shibboleth
+ <span class="nb">ShibRequestSetting</span> requireSession false
+<span class="nt">&lt;/Location&gt;</span>
+</pre>
+<p>However, the FastCGI authorizer for Shibboleth operates without such directives
+and thus path protection needs to be configured like it would be for <span class="caps">IIS</span>,
+using the <tt class="docutils literal">&lt;RequestMapper&gt;</tt> configuration. The same options are accepted
+within this section of the <tt class="docutils literal">shibboleth2.xml</tt> configuration file, it&#8217;s just
+that you need to know where to put them. So let&#8217;s do&nbsp;that.</p>
+<ol class="arabic">
+<li><p class="first">Configure your <tt class="docutils literal">shibboleth2.xml</tt> file like so. Find the <tt class="docutils literal">RequestMapper</tt>
+element and replace it with something like the&nbsp;following:</p>
+<pre class="code xml literal-block">
+<span class="nt">&lt;RequestMapper</span> <span class="na">type=</span><span class="s">&quot;<span class="caps">XML</span>&quot;</span><span class="nt">&gt;</span>
+ <span class="nt">&lt;RequestMap&gt;</span>
+ <span class="nt">&lt;Host</span> <span class="na">name=</span><span class="s">&quot;eresearch.jcu.edu.au&quot;</span>
+ <span class="na">authType=</span><span class="s">&quot;shibboleth&quot;</span>
+ <span class="na">requireSession=</span><span class="s">&quot;true&quot;</span>
+ <span class="na">redirectToSSL=</span><span class="s">&quot;443&quot;</span><span class="nt">&gt;</span>
+ <span class="nt">&lt;Path</span> <span class="na">name=</span><span class="s">&quot;/secure&quot;</span> <span class="nt">/&gt;</span>
+ <span class="nt">&lt;Path</span> <span class="na">name=</span><span class="s">&quot;/secure2/shibboleth&quot;</span> <span class="nt">/&gt;</span>
+ ...
+ <span class="nt">&lt;/Host&gt;</span>
+ ...
+ <span class="nt">&lt;/RequestMap&gt;</span>
+<span class="nt">&lt;/RequestMapper&gt;</span>
+</pre>
+<p>Some&nbsp;notes:</p>
+<ul>
+<li><p class="first">The Shibboleth FastCGI authorizer needs to see <tt class="docutils literal">authType</tt> <strong>and</strong>
+<tt class="docutils literal">requireSession</tt> configured for the resultant path. If they are not
+present, then the authorizer will ignore the path it is passed and
+the user will not be prompted for authentication (and you <strong>will</strong>
+tear your hair out because no logging takes&nbsp;place!).</p>
+</li>
+<li><p class="first"><tt class="docutils literal">&lt;Path&gt;</tt> names are <strong>case sensitive</strong> here. You have hereby been warned!
+&#8212; although this shouldn&#8217;t be too surprising to you&nbsp;hopefully.</p>
+</li>
+<li><p class="first">You can use other configuration items like <tt class="docutils literal">&lt;HostRegex&gt;</tt> and
+<tt class="docutils literal">&lt;PathRegex&gt;</tt> and <tt class="docutils literal">&lt;AccessControl</tt>&gt; to configure what happens to
+requests. Check out the documentation below - there&#8217;s lots to&nbsp;learn.</p>
+</li>
+<li><p class="first">An interesting aspect here is that configuration is inherited downwards
+in the <span class="caps">XML</span> tree. So, you could configure something like the <tt class="docutils literal">authType</tt>
+on a <tt class="docutils literal">&lt;Host&gt;</tt> and have it apply to all paths beneath&nbsp;it.</p>
+<p>You don&#8217;t need to do this, though. You may put all the configuration
+attributes onto the <tt class="docutils literal">&lt;Path&gt;</tt> element, or even move them up to
+higher levels in the tree if you want to reduce&nbsp;duplication.</p>
+</li>
+<li><p class="first">Nested <tt class="docutils literal">&lt;Path&gt;</tt> elements will see their path segments being greedy.
+So putting a path with <tt class="docutils literal"><span class="pre">name=&#8221;shibboleth&#8221;</span></tt> within a path with
+<tt class="docutils literal"><span class="pre">name=&#8221;secure&#8221;</span></tt> really translates to a path with
+<tt class="docutils literal"><span class="pre">name=&#8221;secure/shibboleth&#8221;</span></tt>. Whatever takes your fancy&nbsp;here.</p>
+</li>
+</ul>
+</li>
+<li><p class="first">Once you&#8217;re done, then restart the Shibboleth daemon, ensure that you
+restart the Shibboleth FastCGI applications, and hard restart Nginx
+just to make sure it finds those&nbsp;sockets:</p>
+<pre class="literal-block">
+service shibd restart
+supervisorctl restart shibauthorizer shibresponder
+service nginx restart
+</pre>
+<p>Assuming, of course, that you&#8217;re using Supervisor to run your applications.
+You should. It&#8217;s easy to work with and&nbsp;fun.</p>
+</li>
+<li><p class="first">Try loading up your Shibboleth protected <span class="caps">URL</span>. If all goes well, then you
+should get a complete authentication cycle. If not, check carefully through
+everything&nbsp;above.</p>
+</li>
+</ol>
+<p>Take a look at
+<a class="reference external" href="https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPRequestMapper">https://wiki.shibboleth.net/confluence/display/<span class="caps">SHIB2</span>/NativeSPRequestMapper</a>
+and
+<a class="reference external" href="https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPRequestMap">https://wiki.shibboleth.net/confluence/display/<span class="caps">SHIB2</span>/NativeSPRequestMap</a>
+for more&nbsp;information.</p>
+</div>
+<div class="section" id="warning">
+<h2>Warning</h2>
+<p>In order to stop yourself from tearing your hair out (very important to me
+as I&#8217;m male), remember these&nbsp;things:</p>
+<ul class="simple">
+<li>The Shibboleth authorizer requires a <tt class="docutils literal">&lt;Path&gt;</tt> to be correctly configured
+with <tt class="docutils literal">authType</tt> and <tt class="docutils literal">requireSession</tt> for auth to take place. If you
+don&#8217;t (or you do and forget to restart <tt class="docutils literal">shibd</tt>), then the authorizer will
+blindly return a <tt class="docutils literal">200 <span class="caps">OK</span></tt> status response, which equates to blindly
+allowing&nbsp;access.</li>
+<li>No logs will get issued anywhere by the way for anything related to the
+FastCGI applications (standard <tt class="docutils literal">shibd</tt> logging does apply, however) so if
+you&#8217;re testing for why the redirect cycle doesn&#8217;t start, try killing your
+FastCGI authorizer and make sure you see a <tt class="docutils literal">502</tt> error come back. If you
+still get a <tt class="docutils literal">200</tt>, then your <tt class="docutils literal">auth_request</tt> configuration in Nginx is
+probably wrong and the authorizer isn&#8217;t being&nbsp;contacted.</li>
+<li>When in doubt, hard restart the entire stack, and use something like <tt class="docutils literal">curl</tt>
+to avoid browser&nbsp;caching.</li>
+</ul>
+<p>Ahh, I feel calmer&nbsp;already.</p>
+</div>
+<div class="section" id="conclusion">
+<h2>Conclusion</h2>
+<p>Phew. That was an effort, wasn&#8217;t it. Please feel for me as I&#8217;ve had to type
+all this up. Feel free to help out with this documentation (my blog is open
+source) or else feel free to shout links about it far and&nbsp;wide.</p>
+<p>If you&#8217;re skilled in the ways of Nginx, or else would (could) like to learn,
+I&#8217;d like to improve on the work I&#8217;ve done with the auth request module.
+If you&#8217;re keen on saying thank you, your help participating on this would
+be greatly&nbsp;appreciated.</p>
+<p>So that&#8217;s it. Shibboleth and Nginx using the FastCGI Authorizer and Responder
+specifications. It works and can be&nbsp;done.</p>
+<p>Look ma, no&nbsp;Apache!</p>
+</div>
+
+ </div><!-- /.entry-content -->
+ <div class="comments">
+ <h2>Comments !</h2>
+ <div id="disqus_thread"></div>
+ <script type="text/javascript">
+ var disqus_identifier = "blog/2013/04/integrating-nginx-and-a-shibboleth-sp-with-fastcgi/";
+ var disqus_url = "http://davidjb.com/blog/2013/04/integrating-nginx-and-a-shibboleth-sp-with-fastcgi/";
+ (function() {
+ var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
+ dsq.src = 'http://davidjb.disqus.com/embed.js';
+ (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
+ })();
+ </script>
+ </div>
+
+ </article>
+</section>
+ <section id="extras" class="body">
+ <div class="blogroll">
+ <h2>blogroll</h2>
+ <ul>
+ <li><a href="http://planet.plone.org">Planet Plone</a></li>
+ <li><a href="http://jcu.me">jcu.me Research Porfolio</a></li>
+ <li><a href="http://xckd.com">XKCD</a></li>
+ <li><a href="http://appleinsider.com/">Apple Insider</a></li>
+ <li><a href="http://git.io/djb">Latest coding activity</a></li>
+ <li><a href="http://www.ozbargain.com.au">OzBargain</a></li>
+ </ul>
+ </div><!-- /.blogroll -->
+ <div class="social">
+ <h2>social</h2>
+ <ul>
+ <li><a href="http://davidjb.com/feeds/all.atom.xml" type="application/atom+xml" rel="alternate">atom feed</a></li>
+
+ <li><a href="http://git.io/djb">GitHub</a></li>
+ <li><a href="http://twitter.com/davidjb_">Twitter</a></li>
+ <li><a href="http://linkedin.com/in/davidbeitey">LinkedIn</a></li>
+ <li><a href="http://facebook.com/david.beitey">Facebook</a></li>
+ <li><a href="https://plus.google.com/u/0/106527454335411502430">Google+</a></li>
+ </ul>
+ </div><!-- /.social -->
+ </section><!-- /#extras -->
+
+ <footer id="contentinfo" class="body">
+ <address id="about" class="vcard body">
+ Proudly powered by <a href="http://getpelican.com/">Pelican</a>, which takes great advantage of <a href="http://python.org">Python</a>.
+ </address><!-- /#about -->
+
+ <p>The theme is by <a href="http://coding.smashingmagazine.com/2009/08/04/designing-a-html-5-layout-from-scratch/">Smashing Magazine</a>, thanks!</p>
+ </footer><!-- /#contentinfo -->
+
+ <script type="text/javascript">
+ var _gaq = _gaq || [];
+ _gaq.push(['_setAccount', 'UA-24253455-1']);
+ _gaq.push(['_trackPageview']);
+ (function() {
+ var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+ ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+ var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+ })();
+ </script>
+<script type="text/javascript">
+ var disqus_shortname = 'davidjb';
+ (function () {
+ var s = document.createElement('script'); s.async = true;
+ s.type = 'text/javascript';
+ s.src = 'http://' + disqus_shortname + '.disqus.com/count.js';
+ (document.getElementsByTagName('HEAD')[0] || document.getElementsByTagName('BODY')[0]).appendChild(s);
+ }());
+</script>
+</body>
+</html>
View
201 blog/2013/04/setting-up-a-shibboleth-sp-with-fastcgi-support/index.html
@@ -0,0 +1,201 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <title>Setting up a Shibboleth SP with FastCGI support</title>
+ <meta charset="utf-8" />
+ <link rel="stylesheet" href="http://davidjb.com/theme/css/main.css" type="text/css" />
+ <link href="http://davidjb.com/feeds/all.atom.xml" type="application/atom+xml" rel="alternate" title="DavidJB.com Atom Feed" />
+
+ <!--[if IE]>
+ <script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
+
+ <!--[if lte IE 7]>
+ <link rel="stylesheet" type="text/css" media="all" href="http://davidjb.com/css/ie.css"/>
+ <script src="http://davidjb.com/js/IE8.js" type="text/javascript"></script><![endif]-->
+
+ <!--[if lt IE 7]>
+ <link rel="stylesheet" type="text/css" media="all" href="http://davidjb.com/css/ie6.css"/><![endif]-->
+
+</head>
+
+<body id="index" class="home">
+ <header id="banner" class="body">
+ <h1><a href="http://davidjb.com/">DavidJB.com <strong>Ramblings about Plone, Pyramid, Python, the web, Linux, roses and more, by David Beitey.</strong></a></h1>
+ <nav><ul>
+ <li><a href="http://davidjb.com/about.html">About&nbsp;me</a></li>
+ <li><a href="http://davidjb.com/blog/index.html">Blog</a></li>
+ <li><a href="http://davidjb.com/projects.html">Projects</a></li>
+ </ul></nav>
+ </header><!-- /#banner -->
+ <section id="content" class="body">
+ <article>
+ <header>
+ <h1 class="entry-title">
+ <a href="http://davidjb.com/blog/2013/04/setting-up-a-shibboleth-sp-with-fastcgi-support/" rel="bookmark"
+ title="Permalink to Setting up a Shibboleth SP with FastCGI support">Setting up a Shibboleth <span class="caps">SP</span> with FastCGI&nbsp;support</a></h1>
+ <a href="http://twitter.com/share" class="twitter-share-button" data-count="horizontal" data-via="davidjb_">Tweet</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
+ </header>
+
+ <div class="entry-content">
+ <footer class="post-info">
+ <abbr class="published" title="2013-04-22T00:00:00">
+ Mon 22 April 2013
+ </abbr>
+
+ <address class="vcard author">
+ By <a class="url fn" href="http://davidjb.com/author/davidjb.html">davidjb</a>
+ </address>
+ <p>In <a href="http://davidjb.com/category/web.html">Web</a>. </p>
+<p>tags: <a href="http://davidjb.com/tag/shibboleth.html">Shibboleth</a><a href="http://davidjb.com/tag/fastcgi.html">FastCGI</a></p>
+</footer><!-- /.post-info --> <p>Good news! The Shibboleth <span class="caps">SP</span> software features FastCGI authorizer and
+responder applications for use with your favourite non-Apache and non-<span class="caps">IIS</span>
+web server. Unfortunately, the default distributions don&#8217;t come with it
+built by default. I&#8217;m looking into why this is the case, but for now
+here&#8217;s how to rebuild the RPMs&nbsp;yourself.</p>
+<p><strong>Note</strong>: if you&#8217;re just looking to download something that works and don&#8217;t
+want to rebuild things yourself, we have <span class="caps">RHEL</span> 6, x86_64 packages available
+in a Yum repo at <a class="reference external" href="https://www.hpc.jcu.edu.au/rpm/">https://www.hpc.jcu.edu.au/rpm/</a>. You&#8217;ll also need to trust
+my <span class="caps">RPM</span> building&nbsp;skills.</p>
+<p>For starters, download the latest Shibboleth <span class="caps">SP</span> package and recompile it
+with FastCGI support. Instructions below are for <span class="caps">RHEL</span> 6 or CentOS 6,
+64 bit. Feel free to contribute how to rebuild for your platform and where
+your FastCGI applications&nbsp;live.</p>
+<ol class="arabic">
+<li><p class="first">Visit
+<a class="reference external" href="http://download.opensuse.org/repositories/security://shibboleth/RHEL_6/">http://download.opensuse.org/repositories/security://shibboleth/RHEL_6/</a>
+and find your latest&nbsp;<span class="caps">SRPM</span>.</p>
+</li>
+<li><p class="first">Rebuild the&nbsp;package:</p>
+<pre class="code console literal-block">
+<span class="go">yum install libxerces-c-devel libxml-security-c-devel libxmltooling-devel libsaml-devel liblog4shib-devel chrpath boost-devel doxygen unixODBC-devel fcgi-devel httpd-devel redhat-rpm-config pcre-devel zlib-devel
+wget http://download.opensuse.org/repositories/security://shibboleth/RHEL_6/src/shibboleth-2.5.1-1.2.el6.src.rpm
+rpmbuild --rebuild shibboleth*.src.rpm --with fastcgi
+ls ~/rpmbuild/<span class="caps">RPMS</span></span>
+</pre>
+</li>
+<li><p class="first">Install the resulting package onto your target&nbsp;machine.</p>
+</li>
+<li><p class="first">Test the FastCGI applications by running the&nbsp;following:</p>
+<pre class="code console literal-block">
+<span class="go">/usr/lib64/shibboleth/shibauthorizer
+/usr/lib64/shibboleth/shibresponder</span>
+</pre>
+<p>They will run and then end immediately. This is normal when running them
+on the command line and not under&nbsp;FastCGI.</p>
+</li>
+<li><p class="first">Configure something (<a class="reference external" href="http://supervisord.org">Supervisor</a>, <tt class="docutils literal"><span class="pre">spawn-fcgi</span></tt>,
+or similar) to run both of the above FastCGI applications and start them
+running. My Supervisor configuration looks like&nbsp;this:</p>
+<pre class="code ini literal-block">
+<span class="k">[fcgi-program:shibauthorizer]</span>
+<span class="na">command</span><span class="o">=</span><span class="s">/usr/lib64/shibboleth/shibauthorizer</span>
+<span class="na">socket</span><span class="o">=</span><span class="s">unix:///opt/shibboleth/shibauthorizer.sock</span>
+<span class="na">socket_owner</span><span class="o">=</span><span class="s">shibd:shibd</span>
+<span class="na">socket_mode</span><span class="o">=</span><span class="s">0660</span>
+<span class="na">user</span><span class="o">=</span><span class="s">shibd</span>
+<span class="na">stdout_logfile</span><span class="o">=</span><span class="s">/var/log/supervisord/shibauthorizer.log</span>
+<span class="na">stderr_logfile</span><span class="o">=</span><span class="s">/var/log/supervisord/shibauthorizer.error.log</span>
+
+<span class="k">[fcgi-program:shibresponder]</span>
+<span class="na">command</span><span class="o">=</span><span class="s">/usr/lib64/shibboleth/shibresponder</span>
+<span class="na">socket</span><span class="o">=</span><span class="s">unix:///opt/shibboleth/shibresponder.sock</span>
+<span class="na">socket_owner</span><span class="o">=</span><span class="s">shibd:shibd</span>
+<span class="na">socket_mode</span><span class="o">=</span><span class="s">0660</span>
+<span class="na">user</span><span class="o">=</span><span class="s">shibd</span>
+<span class="na">stdout_logfile</span><span class="o">=</span><span class="s">/var/log/supervisord/shibresponder.log</span>
+<span class="na">stderr_logfile</span><span class="o">=</span><span class="s">/var/log/supervisord/shibresponder.error.log</span>
+</pre>
+</li>
+<li><p class="first">Note the <tt class="docutils literal">socket_*</tt> options above. I went ahead and put the <tt class="docutils literal">nginx</tt>
+user into the <tt class="docutils literal">shibd</tt> group to allow group access to the given&nbsp;sockets:</p>
+<pre class="code console literal-block">
+<span class="go">usermod -G shibd -a nginx
+service supervisor restart
+service nginx restart</span>
+</pre>
+<p>If you want, you could configure them to run on a <span class="caps">TCP</span> socket instead,
+but then you&#8217;ll need to think about firewall considerations rather than
+Unix permissions. Fun either&nbsp;way.</p>
+</li>
+<li><p class="first">Start the FastCGI applications. In the case of using Supervisor, then
+this is what you should start; it will then automatically start the
+processes for you as per the above&nbsp;configuration.</p>
+</li>
+<li><p class="first">Configure your front-end webserver to talk to these FastCGI&nbsp;applications.</p>
+</li>
+</ol>
+<p>If you&#8217;re an Nginx user, then you&#8217;ll probably be interested in the post
+that I&#8217;ve written about <a class="reference external" href="http://davidjb.com/blog/2013/04/integrating-nginx-and-a-shibboleth-sp-with-fastcgi/">Nginx and Shibboleth</a>.</p>
+
+ </div><!-- /.entry-content -->
+ <div class="comments">
+ <h2>Comments !</h2>
+ <div id="disqus_thread"></div>
+ <script type="text/javascript">
+ var disqus_identifier = "blog/2013/04/setting-up-a-shibboleth-sp-with-fastcgi-support/";
+ var disqus_url = "http://davidjb.com/blog/2013/04/setting-up-a-shibboleth-sp-with-fastcgi-support/";
+ (function() {
+ var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
+ dsq.src = 'http://davidjb.disqus.com/embed.js';
+ (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
+ })();
+ </script>
+ </div>
+
+ </article>
+</section>
+ <section id="extras" class="body">
+ <div class="blogroll">
+ <h2>blogroll</h2>
+ <ul>
+ <li><a href="http://planet.plone.org">Planet Plone</a></li>
+ <li><a href="http://jcu.me">jcu.me Research Porfolio</a></li>
+ <li><a href="http://xckd.com">XKCD</a></li>
+ <li><a href="http://appleinsider.com/">Apple Insider</a></li>
+ <li><a href="http://git.io/djb">Latest coding activity</a></li>
+ <li><a href="http://www.ozbargain.com.au">OzBargain</a></li>
+ </ul>
+ </div><!-- /.blogroll -->
+ <div class="social">
+ <h2>social</h2>
+ <ul>
+ <li><a href="http://davidjb.com/feeds/all.atom.xml" type="application/atom+xml" rel="alternate">atom feed</a></li>
+
+ <li><a href="http://git.io/djb">GitHub</a></li>
+ <li><a href="http://twitter.com/davidjb_">Twitter</a></li>
+ <li><a href="http://linkedin.com/in/davidbeitey">LinkedIn</a></li>
+ <li><a href="http://facebook.com/david.beitey">Facebook</a></li>
+ <li><a href="https://plus.google.com/u/0/106527454335411502430">Google+</a></li>
+ </ul>
+ </div><!-- /.social -->
+ </section><!-- /#extras -->
+
+ <footer id="contentinfo" class="body">
+ <address id="about" class="vcard body">
+ Proudly powered by <a href="http://getpelican.com/">Pelican</a>, which takes great advantage of <a href="http://python.org">Python</a>.
+ </address><!-- /#about -->
+
+ <p>The theme is by <a href="http://coding.smashingmagazine.com/2009/08/04/designing-a-html-5-layout-from-scratch/">Smashing Magazine</a>, thanks!</p>
+ </footer><!-- /#contentinfo -->
+