EMI STS Service Reference Card

Service Reference Card (STS 1.0.0 for EMI-3)

• Functional description: Transforms security tokens from one format into another
• Services running:
  • Java application org.glite.sts.standalone.StandaloneService
• Init scripts and options:
  • /etc/init.d/sts-service {start|stop|status|restart}
• Configuration files location with example:
  • Config directory: /etc/sts
    • Template: sts-server.ini
  • Logging directory: /var/log/sts
    • Logging configuration: /etc/sts/logging.xml
• Open ports:
  • Service port: *:8443
  • Admin port: localhost:8444
• Possible unit test of the service: None
• Where is service state held (and can it be rebuilt): The service state is in memory, no persistency provided.
• Cron jobs: None
• Security information
  • Access control mechanism (authentication & authorization):
    • Authentication: the incoming security token
    • Authorization: none
  • How to block/ban a user
    • Not suppoted, except via the source of the incoming security tokens (LDAP or SAML IDP)
  • Network Usage
    • TCP traffic to the service port, outgoing TCP traffic to the online CA and VOMS-Admin service.
  • Firewall configuration
    • The service port should be open for TCP traffic.
  • Security recommendations
  • Security incompatibilities
  • List of externals (packages are NOT maintained by Red Hat)
  • Other security relevant comments
• Utility scripts: None
• Location of reference documentation for users:
  • Configuration: none
  • User Guide: none
• Location of reference documentation for administrators:
  • Configuration: STSConfiguration
  • Operation: STSOperation