Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

How to set up generic json propagation.

1. The requestor prepares the server

Ask the requestor to prepare his server following the instructions https://servicedesk-muni.atlassian.net/wiki/spaces/services/pages/963379315/Just-in-case+provisioning+and+deprovisioning+Perun+IdM+propagation

2. Get the information you need

The requestor must provide the following information:

  1. List of entities he needs

  2. Server address, user’s name, port.

  3. Scope of members they will be propagated

  4. List of the facility managers

3. Map the attributes

Map the entities the requestor requires to the Perun attributes. e. g.

UČO = urn:perun:user:attribute-def:def:login-namespace:mu

4. Create Service

Name

generic_json_*

Use the prefix generic_json_ when creating a generic service, e. g. generic_json_threatdetection

Description

Describe the purpose for which the service is used, e. g. generic json used for threat detection by cybersecurity team at ICS.

Delay

Leave the default settings (10).

Recurrence

Leave the default settings (2).

Script path
./generic_json_gen

Status

Switch on if the requestor has preppared his server.

5. Add Required attributes of the service

In addition to the mapped attributes that were requested by the requestor add UUID of the entity the service will operate with, e. g.

urn:perun:facility:attribute-def:core:uuidcontent_copy

urn:perun:user:attribute-def:core:uuid

etc.

6. Create Facility

Name

Name of the facility should be the same as the given server name. If only IP address of the server is provided, come up with a nice name of the facility. e. g. ICS_cybersecurity_threat_detection

⚠️ If a name of the facility is created (the server’s name is not used) the requestor has to add the facility name to the server’s whitelist.

Description

e. g. threat detection by ICS cybersecurity team
--> Create and Configure

Owners

At MU instance are not used

Hosts

Represents address of the server (IP address or server’s name)

Services

Add the service you have created before.

Configure destination

Type: user@host:port

(If you only use "guest", you won't be able to change it in the future.)

(Default: root, port 22)

Managers

Add the list of the given managers.

7. Create resource

8. Add group(s) to the resource

9. Force the propagation

Facility - Service status - tick the appropriate checkbox - Force propagation

  • No labels

Support: perun@cesnet.cz