Mercurial > kallithea
comparison docs/installation_iis.rst @ 5788:2d89d49c30e8 stable
docs: add notes about IIS, Windows Authentication and Mercurial
(The original patch from Konstantin has been heavily copyedited and modified by
Mads Kiilerich but is still [based on] Konstantin's feedback and contribution.)
author | Konstantin Veretennicov <kveretennicov@gmail.com> |
---|---|
date | Wed, 30 Mar 2016 21:11:38 +0200 |
parents | ae9ab4c92d46 |
children | 5a47ce11427c de0a8b4fd5e0 |
comparison
equal
deleted
inserted
replaced
5757:c92b6787c843 | 5788:2d89d49c30e8 |
---|---|
4 Installing Kallithea on Microsoft Internet Information Services (IIS) | 4 Installing Kallithea on Microsoft Internet Information Services (IIS) |
5 ===================================================================== | 5 ===================================================================== |
6 | 6 |
7 The following is documented using IIS 7/8 terminology. There should be nothing | 7 The following is documented using IIS 7/8 terminology. There should be nothing |
8 preventing you from applying this on IIS 6 well. | 8 preventing you from applying this on IIS 6 well. |
9 | |
10 .. note:: | |
11 | |
12 Installing Kallithea under IIS can enable Single Sign-On to the Kallithea | |
13 web interface from web browsers that can authenticate to the web server. | |
14 (As an alternative to IIS, SSO is also possible with for example Apache and | |
15 mod_sspi.) | |
16 | |
17 Mercurial and Git do however by default not support SSO on the client side | |
18 and will still require some other kind of authentication. | |
19 (An extension like hgssoauthentication_ might solve that.) | |
9 | 20 |
10 .. note:: | 21 .. note:: |
11 | 22 |
12 For the best security, it is strongly recommended to only host the site over | 23 For the best security, it is strongly recommended to only host the site over |
13 a secure connection, e.g. using TLS. | 24 a secure connection, e.g. using TLS. |
46 ISAPI handler | 57 ISAPI handler |
47 ............. | 58 ............. |
48 | 59 |
49 The ISAPI handler can be generated using:: | 60 The ISAPI handler can be generated using:: |
50 | 61 |
51 paster install-iis my.ini --root=/ | 62 paster install-iis my.ini --virtualdir=/ |
52 | 63 |
53 This will generate a ``dispatch.py`` file in the current directory that contains | 64 This will generate a ``dispatch.py`` file in the current directory that contains |
54 the necessary components to finalize an installation into IIS. Once this file | 65 the necessary components to finalize an installation into IIS. Once this file |
55 has been generated, it is necessary to run the following command due to the way | 66 has been generated, it is necessary to run the following command due to the way |
56 that ISAPI-WSGI is made:: | 67 that ISAPI-WSGI is made:: |
57 | 68 |
58 python2 dispatch.py install | 69 python2 dispatch.py install |
59 | 70 |
60 This accomplishes two things: generating an ISAPI compliant DLL file, | 71 This accomplishes two things: generating an ISAPI compliant DLL file, |
61 ``_dispatch.dll``, and installing a script map handler into IIS for the | 72 ``_dispatch.dll``, and installing a script map handler into IIS for the |
62 ``--root`` specified above pointing to ``_dispatch.dll``. | 73 ``--virtualdir`` specified above pointing to ``_dispatch.dll``. |
63 | 74 |
64 The ISAPI handler is registered to all file extensions, so it will automatically | 75 The ISAPI handler is registered to all file extensions, so it will automatically |
65 be the one handling all requests to the specified root. When the website starts | 76 be the one handling all requests to the specified virtual directory. When the website starts |
66 the ISAPI handler, it will start a thread pool managed wrapper around the paster | 77 the ISAPI handler, it will start a thread pool managed wrapper around the paster |
67 middleware WSGI handler that Kallithea runs within and each HTTP request to the | 78 middleware WSGI handler that Kallithea runs within and each HTTP request to the |
68 site will be processed through this logic henceforth. | 79 site will be processed through this logic henceforth. |
69 | 80 |
70 Authentication with Kallithea using IIS authentication modules | 81 Authentication with Kallithea using IIS authentication modules |
71 .............................................................. | 82 .............................................................. |
72 | 83 |
73 The recommended way to handle authentication with Kallithea using IIS is to let | 84 The recommended way to handle authentication with Kallithea using IIS is to let |
74 IIS handle all the authentication and just pass it to Kallithea. | 85 IIS handle all the authentication and just pass it to Kallithea. |
86 | |
87 .. note:: | |
88 | |
89 As an alternative without SSO, you can also use LDAP authentication with | |
90 Active Directory, see :ref:`ldap-setup`. | |
75 | 91 |
76 To move responsibility into IIS from Kallithea, we need to configure Kallithea | 92 To move responsibility into IIS from Kallithea, we need to configure Kallithea |
77 to let external systems handle authentication and then let Kallithea create the | 93 to let external systems handle authentication and then let Kallithea create the |
78 user automatically. To do this, access the administration's authentication page | 94 user automatically. To do this, access the administration's authentication page |
79 and enable the ``kallithea.lib.auth_modules.auth_container`` plugin. Once it is | 95 and enable the ``kallithea.lib.auth_modules.auth_container`` plugin. Once it is |
106 python2 -m win32traceutil | 122 python2 -m win32traceutil |
107 | 123 |
108 and any exceptions occurring in the WSGI layer and below (i.e. in the Kallithea | 124 and any exceptions occurring in the WSGI layer and below (i.e. in the Kallithea |
109 application itself) that are uncaught, will be printed here complete with stack | 125 application itself) that are uncaught, will be printed here complete with stack |
110 traces, making it a lot easier to identify issues. | 126 traces, making it a lot easier to identify issues. |
127 | |
128 | |
129 .. _hgssoauthenticatio: https://bitbucket.org/domruf/hgssoauthentication |