********************************** STEPS FOR THE DEMO OF SHIBBOLETH ********************************** The main URL to visit is https://pluto.seven.research.odu.edu/archon/index.jsp Depending on your browser configuration you may get some warnings that server certificates are not signed by a well-known certification authority or that cookies should be accepted by the browser. Read the messages and accept, they cause no harm. CASE 1: Un Registered User: -------------------------- By default Archon treats consider users as guest user. Access permissions for the guest user are very limited and restricted by the policy file (https://pluto.seven.research.odu.edu/archon/xacml/policy.xml). 1. When you perform a search operation using browse or search option. search is done. 2. Before displaying results, policy file is accessed and results are displayed accordingly to the guest user. 3. According to APS scenario, guest user can only see Title as link on results page and all the other services are not accessible. 4. On the single page guest user can see Title and Author fields of the Record. CASE 2. Registered User: ------------------------ Access permissions for the guest user are very limited and also restricted by the Access control file of the Resource owner. If the user wants to have access to more services and links on archon, he needs to login. 1. When you click on the login (lower top corner), your request is redirected to WAYF (where are you from) page of the shibboleth. 2. Choose the organization which you belong, (choose ODU here). 3. Then enter the login password. As the login process is integrated with Unix login of 128.82.7.131 machine, enter User Id and passwords for logging into machine combinations are : demo, demo (student access) zubair, zubair ( faculty access) phyl, phyl ( staff access) 4. After you enter valid User Id/password,you are redirected to simple search page. 5. When you perform a search operation using browse or search option. search is done. 6. Before displaying results, policy file is accessed and results are displayed according to logged user privileges. 7. The more differences can be viewed on the single page by clicking on the title of the record. 8. Repeat the procedure for different users to show the difference. Details for each group User: ---------------------------- 1. For Student user group, users can see Title as link on results page and all the other services are not accessible. On the single page student user can see all the metadata fields but not the Services(like Citation, DP9, Annotation services). 2. For Faculty user group, users can see title, and services like show equations, Similar Subject, Citations as links. On the single page faculty user can see all the metadata fields with all the services. Changing of permission: ----------------------- Steps to modify access policies of user group "student" from "test1.edu" The policy file that controls access to all resources is accessible in the web as "https://pluto.seven.research.odu.edu/archon/xacml/policy.xml" 1. The XACML file allows access policies to be managed in the form of a hierarchy as a policy and a set of rules.Every rule specified in this file describes the permissible resources for a particular user group belonging to a particular organization. Every user group is represented as @, and therefore the user group of interest is represented as student@test1.edu. 2. To modify privileges, open the file policy.xml located in "/usr/local/jakarta-tomcat-x.x.x/webapps/archon/xacml/" in the machine pluto.seven.research.odu.edu. Edit it manually by commenting one or more resources that student@test1.edu is currently permitted to access. Save the file. 4. Refresh the browser displaying policy.xml and the commented parts of the XACML file should be visible only in light grey. When you comment the resources student1@test1.edu would not be able to access the corresponding resources in his subsequent login. 5. Open a new browser from the desktop and follow the login procedure again. Click the link to browse and then click on the title of the record. The commented resources will no longer be available for student@test1.edu *********************************************************************** NOTE: YOU WILL SEE THE CERTIIFICATES POPPING UP IF YOU ARE ACCESSING THE SITE FOR THE FIRST TIME. For first time users: If the certificates popup, click on the "VIEW CERTIFICATE" and after that click on "INSTALL CERTIFICATE", which will install the certificate into your browser. Once you install certificates then from next time they will not show up. **********************************************************************