TNS Internal:NDR/Administration/AddAgent
From NSDLWiki
Procedure for Adding a new Agent
Generating Agent for Internal Application
NDR staff performs the following steps...
- run TNS_Internal:NDR/Tools#Command Line Tool for Interacting with the Repository
- assumes correct repositoty selected and using root agent (can use options 1 and 2 to change is necessary)
- Please select a task: select Create a new Object
- Select object type to create: Agent
- Simple title: enter user friendly title
- Select a type of identifier for the agent...
- select Organization host name for an application agent
- select User's shibboleth login ID for a user agent
- identifier value: unique identifier for the agent
- typically domain for application agents (ex. test.mydomain.org)
- typically shibboleth or ldap id for user agents (ex. from ldap: jjones)
- Generate key pair...: y | n
- typically yes for application agents
- typically no for user agents if user agent doesn't interact directly as in the case where the application performs actions on behalf of the user agent
- File location: defaults to save the private key as a file in the location where the admin tool was launched
- NOTE: This private key is used to sign the API request sent to NDR.
- Is this a trusted agent? y | n
- typically no; although some of our internal applications are trusted, ex. NCS, WFI, Expert Voices
- You will see information about the new Agent object
- !!! WRITE DOWN HANDLE of new object !!!
- NOTE: This handle is used to sign the API request sent to NDR.
Generating Agent for External Application
External Application performs the following steps...
- generate a private key using command:
openssl genrsa -out test.pem- NOTE: This example stores the private key in file test.pem.
- NOTE: This private key is used to sign the API request sent to NDR.
- generate the related public key using command:
openssl rsa -in test.pem -out test.pub -pubout- NOTE: This example reads the private key from test.pem and stores the publickey in file test.pub.
- request a new agent by emailing the public key to NDR staff
NOTE: If the key is in the wrong format for the NDR, look at CVS project cvsroot/Tim... src/java/org/oneoff/certToKey java app
NDR staff performs the following steps...
- run TNS_Internal:NDR/Tools#Command Line Tool for Interacting with the Repository
- assumes correct repositoty selected and using root agent (can use options 1 and 2 to change is necessary)
- Please select a task: select Create a new Object
- Select object type to create: Agent
- Simple title: enter user friendly title
- Select a type of identifier for the agent...
- select Organization host name for an application agent
- select User's shibboleth login ID for a user agent
- identifier value: unique identifier for the agent
- typically domain for application agents (ex. test.mydomain.org)
- typically shibboleth or ldap id for user agents (ex. from ldap: jjones)
- Generate key pair...: y | n
- always no for external applications
- You will see information about the new Agent object
- !!! WRITE DOWN HANDLE of new object !!!
- NOTE: This handle is used to sign the API request sent to NDR.
- Email this handle to the external application.
- select Modify an object
- Handle of object to modify? enter the handle that you wrote down previously
- Select an operation to perform on the object: select Datastreams to modify datastreams
- Pick an action to perform: select Add a datastream
- Datastream name: PublicKey (required name)
- What is the nature of the Resource content? select Primary content that will live in the NDR
- Select a file to upload as the recource content: path to public key
- What is the MIME content type? text/plain
