/
Setting up generic propagation

Setting up generic propagation

Perun IdM controls dependent services by sending data and executing scripts on the target machines. This is called just-in-case provisioning (the creation of new users) and de-provisioning (the deletion of missing users).

If you want to control your server using Perun IdM, please follow the steps below.

1. Gather the information

When preparing a propagation scheme, you must sketch who, where and what will be propagated. Also, you need to consider who will be responsible for this propagation connection.

  1. List of entities you need (groups, users, etc.)

  2. Server address, user’s name, port.

  3. Scope of members who will be propagated (what attributes you will want to receive)

  4. List of the facility managers

  5. Description of purpose for which the service is used

2. Prepare the server

For Linux servers with SSH access (the most common case), follow Configuring a target machine (SSH-based propagation).

There is a manual on how to install packages for the services you require for both RPM and DEB-based systems.

The service’s name for the slave script is “generic_json_gen”.

3. Create a facility

Register your service in the required Service Provider Registry Administration. We will ask you for additional information from the step 1. Every registration and changes are manually approved.

e-INFRA.cz

Life Science Login

4. Setting up (on background)

We will map the entities that you require to Perun attributes e. g. user = urn:perun:user:attribute-def:def:login-namespace:your_vo

Afterward, we will create a generic_json_* service, where we will specify delay, recurrence, script path. If you confirm that your server is ready, we will turn on the propagation.

5. Create a resource

When your facility is set-up you will be able to create a resource.

This serves as “vehicle” to allow groups to access specific resources assigned on your server.

6. Add group(s) to the resource and forcing the propagation

When you confirm to us that your resource is ready, we will assign the group(s) that you specified in step no.3 and force the propagation.

This will start sending data to your server.

Support: perun@cesnet.cz