Note: This version of the VDT (1.3.5) is no longer supported. Feel free to look through the documentation and install it, but we cannot guarantee support for it. The current stable release is 2.0.0.

Running VDT web services in a non-VDT Apache

The VDT installs several web services (VOMS-Admin, GUMS, jClarens) that need to run under Tomcat or Apache. By default, the VDT installs and configures these servers itself and will ignore any other Apache or Tomcat installations on your system.

Some people have asked us to make the VDT recognize and use existing Apache installations like we do for Condor. Unfortunatly, the web services require changes to the Apache configuration. Given the complexity of the average Apache configuration file it's not reasonable for the VDT to modify an arbitrary config during the install. If you wish to use these web services with an existing Apache or Tomcat you'll need to do the configuration by hand.

VOMS-Admin

1. Copy $VDT_LOCATION/voms/var/etc/edg-voms-admin/$VO/edg-voms-admin-$VO.xml to your Tomcat 4 webapps directory.
2. Add an SSL connector to your Tomcat configuration or, if you're using Apache and mod_jk, add this section to your Apache configuration:

   <Location /edg-voms-admin>
       SSLCACertificatePath $X509_CERT_DIR
       SSLVerifyClient require
       SSLVerifyDepth  10
       SSLOptions +StdEnvVars +ExportCertData
   </Location>
   

GUMS

1. Copy $VDT_LOCATION/gums-service/var/war to your Tomcat 5 webapps directory.
2. Add an SSL connector to your Tomcat configuration.
3. If you're using Apache and mod_jk you'll need to rebuild apache with the GSI authentication patch available at http://www.sve.man.ac.uk/Research/AtoZ/SAMD/Resources. Vanilla Apache can not autenticate proxy certificates because the issuer (your certificate) is not in the Apache CA list. After rebuilding Apache add these lines to your config file:

   <Location /gums>
       SSLCACertificatePath $X509_CERT_DIR
       SSLVerifyClient require
       SSLVerifyDepth  10
       SSLOptions +StdEnvVars +ExportCertData
   </Location>
   

jClarens

1. Copy $VDT_LOCATION/tomcat/v4/webapps/jclarens to your Tomcat 4 webapps directory.
2. Create the file all.policy in your Tomcat 4 conf directory with the following contents:

   grant {
     permission java.security.AllPermission "", "";
   };
   

3. Modify catalina.sh to use the new security policy. Append the following arguments to the command that starts Tomcat:

   -Djava.security.manager -Djava.security.policy="$CATALINA_BASE"/conf/all.policy
   

4. Add an SSL connector to your Tomcat configuration or, if you're using Apache and mod_jk, add this section to your Apache configuration:

   <Location /jclarens>
       SSLCACertificatePath $X509_CERT_DIR
       SSLVerifyClient require
       SSLVerifyDepth  10
       SSLOptions +StdEnvVars +ExportCertData
   </Location>