Install the Moonshot SSP on a Windows Server

Owned by wqx+qmnstigwu5kzxaiskxnikzy@idp.company.ja.net
Last updated: Nov 11, 2015 by Stefan Paetow
3 min read

The Moonshot SSP is our implementation of a Windows Security Support Provider--see the Microsoft Dev Center section on the SSPI for more information--that allows many Microsoft Windows applications to make use of Moonshot for authentication with few, or no, modifications.

The Moonshot SSP is distributed as an MSI file - there is a 32 and a 64 bit version.

Contents

Current Version

The current latest version of the Moonshot SSP is v1.1.135

Compatibility

The Moonshot SSP typically works on Windows 7 onwards on the desktop end, and Windows Server 2008 onwards on the server end. See the Windows (Moonshot SSP) Compatibility List for full details.

Known Issues

  • Please check the Windows (Moonshot SSP) Compatibility List for details on supported versions of Windows; installing the SSP on an unsupported version of Windows may irrecoverably break your machine!
  • Anyone using v1.0.84 or earlier should upgrade to v1.0.85 or later - these versions contain fixes to the Heartbleed bug.
  • This version requires Microsoft security update KB2949927 to be installed. This update is usually installed for you by Windows Update.

Assumptions and Prerequisites

This guide assumes you have a compatible Windows system and a Moonshot RP Proxy available to connect to.

1. Get the SSP

For now, distribution of the Moonshot SSP is being controlled whilst it is being actively developed. Access will be given to those who are a part of the Janet or GÉANT Moonshot pilots, but also potentially others if you can demonstrate a link to the research and education sector.

To get access, email Rhys Smith or Stefan Paetow, who will give you details on how to get hold of the SSP.

2. Install the SSP

Once you have the SSP, installation is simply a matter of execute the MSI as a user with Administrator privileges by double clicking on it.

Screenshot of SSP Installer - Welcome Page

If you are happy to accept the license conditions, tick the box and click next. In the install options dialogue that appears, ensure the SSP is set to be installed. Core services such as CIFS will also require the Kernel SSP to be installed. You can also change the install location at this point; the default is C:\Program Files\Moonshot.

Screenshot of SSP Installer - Custom Setup

You are now ready to install the Moonshot SSP, so hit Install!

Screenshot of SSP Installer - Ready to Install

Once the SSP has been installed, you are requested to restart Windows.

Screenshot of SSP Installer - Restart the System

Since we are installing kernel level drivers, you really do need to restart the system for Moonshot to work.

3. Configure the connection to your Moonshot RP Proxy

The Moonshot GSS-EAP mechanism on needs to connect to a local Moonshot RP Proxy (RADIUS server) via RADIUS or RadSec in order to create the first hop between the service and the user's home IdP to allow authentication to happen.

To do this, you must configure the connection in the Moonshot SSP. For instructions on how to do this, see Configure the Moonshot SSP.

4. Next Steps

You now have all of the necessary Moonshot GSS-EAP libraries and configuration for the application/service on your machine to use Moonshot. The next step is to install/configure that application/service as necessary.