Skip to main content
Jump to: navigation, search

Higgins CardSpace Interop Deployment Notes


These steps were followed to set the scenario up on two machines which were isolated from the Internet

  • Install OpenSuse 10.2
    • Configure Network
      • Install/Configure DNS server
        • Installed yast DNS config service and used that
        • Added dns zone as master <>
        • Added an A record for the server's name <> set to
        • Set startup behavior to start when booting
        • Give this server a dns name and local address (like
      • Config this machine to get static address (like
  • Create certificate for server
    • used tinyCA
    • Create a CA
    • Create a cert for <server dns name>
    • export cert as PEM (will be used for Apache)
    • export key as PEM (will be used for Apache)
      • without passphrase
    • export key as PKCS12 (will be imported into a Java keystore for Tomcat)
      • set export passphrase to "changeitagain" (or whatever you want -- just remember it for later)
      • doesn't matter whether you choose to include the CA's cert.
    • copy key and cert (see Configure Apache below)

  • Install/Configure Apache
    • Create, Export, and Copy certificate and key to etc/apache2/ssl.crt and etc/apache2/ssl.key respectively
    • Edit etc/apache2/local.conf
      • Setup virtual servers
    • Edit etc/apache2/sysconfig.d/local.conf
    • Enable ssl for apache
    • Setup virtual host
      • Edit /etc/sysconfig/apache2 and set APACHE_CONF_INCLUDE_FILES="/etc/apache2/local.conf"
      • Add /etc/apache2/local.conf which contains <look at the same file on>

  • Install/Configure Tomcat
    • Create /etc/apache2/conf.d/jk.conf <copy contents from>
    • Create /etc/apache2/conf.d/ <copy contents from>
    • Edit /
    • Certificate-related config
      • Create Java keystore
        • keytool -genkey -alias deletemelater -keyalg RSA -keystore /usr/share/tomcat5/.keystore
      • Import private key (PKCS12 format from "Create certificate for server" step above)
        • jwsdp-2.0/xws-security/bin/ -file <pkcs12 file from above> -keystore /usr/share/tomcat5/.keystore -alias tomcat
          • is in the JWSDP 2.0 package available from sun
      • Delete unneeded key from keystore
        • keytool -delete -alias deletemelater -keystore /usr/share/tomcat5/.keystore
    • Edit /usr/share/tomcat5/conf/server.xml.
      • Uncomment <Connector port 8443 .../> element, and add attribute keystorePass="changeitagain" (or whatever you set the keystore password to).

  • Install/Configure PHP
    • We also had to install the PHP-Java bridge.

  • Install/Configure STS
    • Deploy Higgins TokenService.war
      • Shutdown Tomcat (rctomcat5 stop)
      • Copy to /srv/www/tomcat5/base/webapps directory
      • Startup Tomcat (rctomcat5 start)
    • Create directory /usr/share/java/higgins-sts-config
    • Copy /srv/www/tomcat5/base/webapps/TokenService/ConfigurationFiles/Configuration.xml to /usr/share/java/higgins-sts-config/Configuration.xml
    • Edit /usr/share/java/higgins-sts-config/Configuration.xml and follow the instructions inside it
    • Edit /usr/share/tomcat5/bin/ and insert CATALINA_OPTS="$CATALINA_OPTS -Dorg.eclipse.higgins.sts.conf=/usr/share/java/higgins-sts-config" at top of "Execute the requested command" section
    • For debugging, add a in /srv/www/tomcat5/base/webapps/TokenService/WEB-INF/classes.
      • TODO: upload a sample and refer to it from here.


  • Install / Configure Firefox

Back to the top