Mercurial > kallithea

comparison docs/installation_iis.rst @ 5788:2d89d49c30e8 stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
docs: add notes about IIS, Windows Authentication and Mercurial (The original patch from Konstantin has been heavily copyedited and modified by Mads Kiilerich but is still [based on] Konstantin's feedback and contribution.)
author Konstantin Veretennicov <kveretennicov@gmail.com>
date Wed, 30 Mar 2016 21:11:38 +0200
parents ae9ab4c92d46
children 5a47ce11427c de0a8b4fd5e0
comparison
equal deleted inserted replaced
5757:c92b6787c843 5788:2d89d49c30e8
4 Installing Kallithea on Microsoft Internet Information Services (IIS) 4 Installing Kallithea on Microsoft Internet Information Services (IIS)
5 ===================================================================== 5 =====================================================================
6 6
7 The following is documented using IIS 7/8 terminology. There should be nothing 7 The following is documented using IIS 7/8 terminology. There should be nothing
8 preventing you from applying this on IIS 6 well. 8 preventing you from applying this on IIS 6 well.
9
10 .. note::
11
12 Installing Kallithea under IIS can enable Single Sign-On to the Kallithea
13 web interface from web browsers that can authenticate to the web server.
14 (As an alternative to IIS, SSO is also possible with for example Apache and
15 mod_sspi.)
16
17 Mercurial and Git do however by default not support SSO on the client side
18 and will still require some other kind of authentication.
19 (An extension like hgssoauthentication_ might solve that.)
9 20
10 .. note:: 21 .. note::
11 22
12 For the best security, it is strongly recommended to only host the site over 23 For the best security, it is strongly recommended to only host the site over
13 a secure connection, e.g. using TLS. 24 a secure connection, e.g. using TLS.
46 ISAPI handler 57 ISAPI handler
47 ............. 58 .............
48 59
49 The ISAPI handler can be generated using:: 60 The ISAPI handler can be generated using::
50 61
51 paster install-iis my.ini --root=/ 62 paster install-iis my.ini --virtualdir=/
52 63
53 This will generate a ``dispatch.py`` file in the current directory that contains 64 This will generate a ``dispatch.py`` file in the current directory that contains
54 the necessary components to finalize an installation into IIS. Once this file 65 the necessary components to finalize an installation into IIS. Once this file
55 has been generated, it is necessary to run the following command due to the way 66 has been generated, it is necessary to run the following command due to the way
56 that ISAPI-WSGI is made:: 67 that ISAPI-WSGI is made::
57 68
58 python2 dispatch.py install 69 python2 dispatch.py install
59 70
60 This accomplishes two things: generating an ISAPI compliant DLL file, 71 This accomplishes two things: generating an ISAPI compliant DLL file,
61 ``_dispatch.dll``, and installing a script map handler into IIS for the 72 ``_dispatch.dll``, and installing a script map handler into IIS for the
62 ``--root`` specified above pointing to ``_dispatch.dll``. 73 ``--virtualdir`` specified above pointing to ``_dispatch.dll``.
63 74
64 The ISAPI handler is registered to all file extensions, so it will automatically 75 The ISAPI handler is registered to all file extensions, so it will automatically
65 be the one handling all requests to the specified root. When the website starts 76 be the one handling all requests to the specified virtual directory. When the website starts
66 the ISAPI handler, it will start a thread pool managed wrapper around the paster 77 the ISAPI handler, it will start a thread pool managed wrapper around the paster
67 middleware WSGI handler that Kallithea runs within and each HTTP request to the 78 middleware WSGI handler that Kallithea runs within and each HTTP request to the
68 site will be processed through this logic henceforth. 79 site will be processed through this logic henceforth.
69 80
70 Authentication with Kallithea using IIS authentication modules 81 Authentication with Kallithea using IIS authentication modules
71 .............................................................. 82 ..............................................................
72 83
73 The recommended way to handle authentication with Kallithea using IIS is to let 84 The recommended way to handle authentication with Kallithea using IIS is to let
74 IIS handle all the authentication and just pass it to Kallithea. 85 IIS handle all the authentication and just pass it to Kallithea.
86
87 .. note::
88
89 As an alternative without SSO, you can also use LDAP authentication with
90 Active Directory, see :ref:`ldap-setup`.
75 91
76 To move responsibility into IIS from Kallithea, we need to configure Kallithea 92 To move responsibility into IIS from Kallithea, we need to configure Kallithea
77 to let external systems handle authentication and then let Kallithea create the 93 to let external systems handle authentication and then let Kallithea create the
78 user automatically. To do this, access the administration's authentication page 94 user automatically. To do this, access the administration's authentication page
79 and enable the ``kallithea.lib.auth_modules.auth_container`` plugin. Once it is 95 and enable the ``kallithea.lib.auth_modules.auth_container`` plugin. Once it is
106 python2 -m win32traceutil 122 python2 -m win32traceutil
107 123
108 and any exceptions occurring in the WSGI layer and below (i.e. in the Kallithea 124 and any exceptions occurring in the WSGI layer and below (i.e. in the Kallithea
109 application itself) that are uncaught, will be printed here complete with stack 125 application itself) that are uncaught, will be printed here complete with stack
110 traces, making it a lot easier to identify issues. 126 traces, making it a lot easier to identify issues.
127
128
129 .. _hgssoauthenticatio: https://bitbucket.org/domruf/hgssoauthentication