Archer Security Provider

Archer Logo

Documentation and Source Code

Information regarding various components of the Archer Cert Provider can be found in the links below:

Shibboleth Desktop - documentation source

Archer Cert Provider Client - documentation (source included in the link above)

Archer Cert Provider Server - documentation source

Archer Group Management - documentation source

Shibboleth Cardspace - documentation source: Cardspace STS and Cardspace Relying Party

For Archer internal users, further information about ArcherSecurityProvider can be found at https://dev.archer.edu.au/plone/security/archercertprovider/.

Quick Demo/Setup

Demo Purposes Instructions
SP Access Accessing to an SP target using Desktop Shibboleth 1. Download the demo and extract it to some folder.
2. Go to a command line, cd to the demo folder and run runAccessSP(.bat or .sh).
3. Change the line java -cp %LB% au.edu.archer.desktopshibboleth.util.SPClientTest in the runAccessConfig script into
java -cp %LB% au.edu.archer.desktopshibboleth.util.SPClientTest YOUR_SP_TARGET to access any SP different to the default one (i.e. https://mersey.its.monash.edu.au/secure).
IDP Attributes Query Query Shibboleth attributes from an IDP. Debug an IDP's Attribute Release settings.
Note: This is an intesting one. In most of the time, you can get all attributes regardless of the attribute policy settings from the IDP side.
1. Download the demo and extract it to some folder as in the previous one.
2. Go to a command line, cd to the demo folder and run runGetAttributes(.bat or .sh).
3. Change the line java -cp %LB% au.edu.archer.desktopshibboleth.util.FederationTest into
java -cp %LB% au.edu.archer.desktopshibboleth.util.SPClientTest YOUR_CONFIG where YOUR_CONFIG is your properties file which sets the information of your IDP and SP that you want to test.
Archer Cert Client Download a proxy certificate from the Archer Cert Provider. 1. Download the demo and extract it to some folder as in the previous one.
2. Go to a command line, cd to the demo folder and run runGetProxyCred(.bat or .sh).
Archer CA client. Generate an encrypted private key and get a X509 certificate (not a proxy one) from Archer CA. These key and certificate can be used to generate proxy certificates for the client. 1. Download the demo and extract it to some folder as in the previous one.
2. Go to a command line, cd to the demo folder and run runGetCred(.bat or .sh).
Archer Cert Provider - Web Interface Get a proxy certificate from the Archer Cert Provider using normal Web interface. 1. Go to http://mersey.its.monash.edu.au/ArcherCertProvider/Certs
2. Login your home IDP using a valid credential, a proxy certificate will be generated based on the supplied Shibboleth credential.
Archer Cert Provider - Post back interface Test the postback interface for the ArcherCertProvider. 1. Go to http://mersey.its.monash.edu.au/ArcherCertProvider/jsp/
ArcherCertProvider.jsp?callback=PostBackTest.jsp

2. Login your home IDP using a valid credential, a proxy credential will be posted to the PostBackTest.jsp page which prints out the credential.
Archer Group Management Synchronize between the AAIgmt groups and SRB group.
Warning: This demo is still in a very early stage. It is recommended that you run it on a testing SRB server only since data which belonged to an obselete AAIgmt group will be destroyed.
1. Download and install the ArcherGroupSynch using this instruction note.
2. Go to https://daly.its.monash.edu.au/gmt and login using the super account (super/)
3. Run the ArcherGroupSynch on your SRB server.
4. Make a new group and add an existing user into the group. 5. Use SRBAdmin to observe the update from SRB.


Note: The demo ArcherCertProvider uses this CA certificate to sign certificate requests.


Copyright © Archer Project, Monash university