Difference between revisions of "Higgins CardSpace Interop Deployment Notes"

Latest revision as of 17:55, 13 March 2007

Server

These steps were followed to set the scenario up on two machines which were isolated from the Internet

Install OpenSuse 10.2
- Configure Network
  - Install/Configure DNS server
    - Installed yast DNS config service and used that
    - Added dns zone as master <something.com>
    - Added an A record for the server's name <servername.something.com> set to 192.168.0.1
    - Set startup behavior to start when booting
    - Give this server a dns name and local address (like 192.168.0.1)
  - Config this machine to get static address (like 192.168.0.1)

Create certificate for server
- used tinyCA
- Create a CA
- Create a cert for <server dns name>
- export cert as PEM (will be used for Apache)
- export key as PEM (will be used for Apache)
  - without passphrase
- export key as PKCS12 (will be imported into a Java keystore for Tomcat)
  - set export passphrase to "changeitagain" (or whatever you want -- just remember it for later)
  - doesn't matter whether you choose to include the CA's cert.
- copy key and cert (see Configure Apache below)

Install/Configure Apache
- Create, Export, and Copy certificate and key to etc/apache2/ssl.crt and etc/apache2/ssl.key respectively
- Edit etc/apache2/local.conf
  - Setup virtual servers
- Edit etc/apache2/sysconfig.d/local.conf
- Enable ssl for apache
- Setup virtual host
  - Edit /etc/sysconfig/apache2 and set APACHE_CONF_INCLUDE_FILES="/etc/apache2/local.conf"
  - Add /etc/apache2/local.conf which contains <look at the same file on wag.bandit-project.org>

Install/Configure Tomcat
- Create /etc/apache2/conf.d/jk.conf <copy contents from wag.bandit-project.org>
- Create /etc/apache2/conf.d/workers.properties <copy contents from wag.bandit-project.org>
- Edit /
- Certificate-related config
  - Create Java keystore
    - keytool -genkey -alias deletemelater -keyalg RSA -keystore /usr/share/tomcat5/.keystore
  - Import private key (PKCS12 format from "Create certificate for server" step above)
    - jwsdp-2.0/xws-security/bin/pkics12mport.sh -file <pkcs12 file from above> -keystore /usr/share/tomcat5/.keystore -alias tomcat
      - pkics12mport.sh is in the JWSDP 2.0 package available from sun
  - Delete unneeded key from keystore
    - keytool -delete -alias deletemelater -keystore /usr/share/tomcat5/.keystore
- Edit /usr/share/tomcat5/conf/server.xml.
  - Uncomment <Connector port 8443 .../> element, and add attribute keystorePass="changeitagain" (or whatever you set the keystore password to).

Install/Configure PHP
- We also had to install the PHP-Java bridge.

Install/Configure STS
- Deploy Higgins TokenService.war
  - Shutdown Tomcat (rctomcat5 stop)
  - Copy to /srv/www/tomcat5/base/webapps directory
  - Startup Tomcat (rctomcat5 start)
- Create directory /usr/share/java/higgins-sts-config
- Copy /srv/www/tomcat5/base/webapps/TokenService/ConfigurationFiles/Configuration.xml to /usr/share/java/higgins-sts-config/Configuration.xml
- Edit /usr/share/java/higgins-sts-config/Configuration.xml and follow the instructions inside it
- Edit /usr/share/tomcat5/bin/catalina.sh and insert CATALINA_OPTS="$CATALINA_OPTS -Dorg.eclipse.higgins.sts.conf=/usr/share/java/higgins-sts-config" at top of "Execute the requested command" section
- For debugging, add a log4j.properties in /srv/www/tomcat5/base/webapps/TokenService/WEB-INF/classes.
  - TODO: upload a log4j.properties sample and refer to it from here.

Client

Install / Configure Firefox

@@ Line 6: / Line 6: @@
 *** Install/Configure DNS server
 **** Installed yast DNS config service and used that
-*** Added dns zone as master <something.com>
+**** Added dns zone as master <something.com>
-*** Added an A record for the server's name <servername.something.com> set to 192.168.0.1
+**** Added an A record for the server's name <servername.something.com> set to 192.168.0.1
-*** Set startup behavior to start when booting
+**** Set startup behavior to start when booting
-*** Give this server a dns name and local address (like 192.168.0.1)
+**** Give this server a dns name and local address (like 192.168.0.1)
+*** Config this machine to get static address (like 192.168.0.1)
 * Create certificate for server
 ** used tinyCA
 ** Create a CA
 ** Create a cert for <server dns name>
-** export cert
+** export cert as PEM (will be used for Apache)
-*** export as PEM
+** export key as PEM (will be used for Apache)
-** export key
+*** without passphrase
-*** without a passphrase
+** export key as PKCS12 (will be imported into a Java keystore for Tomcat)
+*** set export passphrase to "changeitagain" (or whatever you want -- just remember it for later)
+*** doesn't matter whether you choose to include the CA's cert.
 ** copy key and cert (see Configure Apache below)
-* Install Apache
-* Configure Apache
+* Install/Configure Apache
 ** Create, Export, and Copy certificate and key to etc/apache2/ssl.crt and etc/apache2/ssl.key respectively
 ** Edit etc/apache2/local.conf
 *** Setup virtual servers
 ** Edit etc/apache2/sysconfig.d/local.conf
-* Install Tomcat
+** Enable ssl for apache
-* Configure Tomcat
+** Setup virtual host
-* Install PHP
+*** Edit /etc/sysconfig/apache2 and set APACHE_CONF_INCLUDE_FILES="/etc/apache2/local.conf"
-* Install Higgins components
+*** Add /etc/apache2/local.conf which contains <look at the same file on wag.bandit-project.org>
-* Configure Higgins components
+* Install/Configure Tomcat
+** Create /etc/apache2/conf.d/jk.conf <copy contents from wag.bandit-project.org>
+** Create /etc/apache2/conf.d/workers.properties <copy contents from wag.bandit-project.org>
+** Edit /
+** Certificate-related config
+*** Create Java keystore
+**** keytool -genkey -alias deletemelater -keyalg RSA -keystore /usr/share/tomcat5/.keystore
+*** Import private key (PKCS12 format from "Create certificate for server" step above)
+**** jwsdp-2.0/xws-security/bin/pkics12mport.sh -file <pkcs12 file from above> -keystore /usr/share/tomcat5/.keystore -alias tomcat
+***** pkics12mport.sh is in the JWSDP 2.0 package available from sun
+*** Delete unneeded key from keystore
+**** keytool -delete -alias deletemelater -keystore /usr/share/tomcat5/.keystore
+** Edit /usr/share/tomcat5/conf/server.xml.
+*** Uncomment <Connector port 8443 .../> element, and add attribute keystorePass="changeitagain" (or whatever you set the keystore password to).
+* Install/Configure PHP
+** We also had to install the PHP-Java bridge.
+* Install/Configure STS
+** Deploy Higgins TokenService.war
+*** Shutdown Tomcat (rctomcat5 stop)
+*** Copy to /srv/www/tomcat5/base/webapps directory
+*** Startup Tomcat (rctomcat5 start)
+** Create directory /usr/share/java/higgins-sts-config
+** Copy /srv/www/tomcat5/base/webapps/TokenService/ConfigurationFiles/Configuration.xml to /usr/share/java/higgins-sts-config/Configuration.xml
+** Edit /usr/share/java/higgins-sts-config/Configuration.xml and follow the instructions inside it
+** Edit /usr/share/tomcat5/bin/catalina.sh and insert CATALINA_OPTS="$CATALINA_OPTS -Dorg.eclipse.higgins.sts.conf=/usr/share/java/higgins-sts-config" at top of "Execute the requested command" section
+** For debugging, add a log4j.properties in /srv/www/tomcat5/base/webapps/TokenService/WEB-INF/classes.
+*** TODO: upload a log4j.properties sample and refer to it from here.
 ==Client==
 * Install / Configure Firefox
 *

Breadcrumbs

Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Difference between revisions of "Higgins CardSpace Interop Deployment Notes"

Latest revision as of 17:55, 13 March 2007

Server

Client