Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Higgins CardSpace Interop Deployment Notes"
(5 intermediate revisions by the same user not shown) | |||
Line 6: | Line 6: | ||
*** Install/Configure DNS server | *** Install/Configure DNS server | ||
**** Installed yast DNS config service and used that | **** Installed yast DNS config service and used that | ||
− | *** Added dns zone as master <something.com> | + | **** Added dns zone as master <something.com> |
− | *** Added an A record for the server's name <servername.something.com> set to 192.168.0.1 | + | **** Added an A record for the server's name <servername.something.com> set to 192.168.0.1 |
− | *** Set startup behavior to start when booting | + | **** Set startup behavior to start when booting |
− | *** Give this server a dns name and local address (like 192.168.0.1) | + | **** Give this server a dns name and local address (like 192.168.0.1) |
+ | *** Config this machine to get static address (like 192.168.0.1) | ||
+ | |||
* Create certificate for server | * Create certificate for server | ||
** used tinyCA | ** used tinyCA | ||
** Create a CA | ** Create a CA | ||
** Create a cert for <server dns name> | ** Create a cert for <server dns name> | ||
− | ** export cert | + | ** export cert as PEM (will be used for Apache) |
− | + | ** export key as PEM (will be used for Apache) | |
− | ** export key | + | *** without passphrase |
− | *** | + | ** export key as PKCS12 (will be imported into a Java keystore for Tomcat) |
+ | *** set export passphrase to "changeitagain" (or whatever you want -- just remember it for later) | ||
+ | *** doesn't matter whether you choose to include the CA's cert. | ||
** copy key and cert (see Configure Apache below) | ** copy key and cert (see Configure Apache below) | ||
− | + | ||
− | * Configure Apache | + | |
+ | * Install/Configure Apache | ||
** Create, Export, and Copy certificate and key to etc/apache2/ssl.crt and etc/apache2/ssl.key respectively | ** Create, Export, and Copy certificate and key to etc/apache2/ssl.crt and etc/apache2/ssl.key respectively | ||
** Edit etc/apache2/local.conf | ** Edit etc/apache2/local.conf | ||
*** Setup virtual servers | *** Setup virtual servers | ||
** Edit etc/apache2/sysconfig.d/local.conf | ** Edit etc/apache2/sysconfig.d/local.conf | ||
− | * | + | ** Enable ssl for apache |
− | * Configure Tomcat | + | ** Setup virtual host |
− | * Install PHP | + | *** Edit /etc/sysconfig/apache2 and set APACHE_CONF_INCLUDE_FILES="/etc/apache2/local.conf" |
− | * | + | *** Add /etc/apache2/local.conf which contains <look at the same file on wag.bandit-project.org> |
− | * Configure Higgins | + | |
+ | |||
+ | * Install/Configure Tomcat | ||
+ | ** Create /etc/apache2/conf.d/jk.conf <copy contents from wag.bandit-project.org> | ||
+ | ** Create /etc/apache2/conf.d/workers.properties <copy contents from wag.bandit-project.org> | ||
+ | ** Edit / | ||
+ | ** Certificate-related config | ||
+ | *** Create Java keystore | ||
+ | **** keytool -genkey -alias deletemelater -keyalg RSA -keystore /usr/share/tomcat5/.keystore | ||
+ | *** Import private key (PKCS12 format from "Create certificate for server" step above) | ||
+ | **** jwsdp-2.0/xws-security/bin/pkics12mport.sh -file <pkcs12 file from above> -keystore /usr/share/tomcat5/.keystore -alias tomcat | ||
+ | ***** pkics12mport.sh is in the JWSDP 2.0 package available from sun | ||
+ | *** Delete unneeded key from keystore | ||
+ | **** keytool -delete -alias deletemelater -keystore /usr/share/tomcat5/.keystore | ||
+ | ** Edit /usr/share/tomcat5/conf/server.xml. | ||
+ | *** Uncomment <Connector port 8443 .../> element, and add attribute keystorePass="changeitagain" (or whatever you set the keystore password to). | ||
+ | |||
+ | |||
+ | * Install/Configure PHP | ||
+ | ** We also had to install the PHP-Java bridge. | ||
+ | |||
+ | |||
+ | * Install/Configure STS | ||
+ | ** Deploy Higgins TokenService.war | ||
+ | *** Shutdown Tomcat (rctomcat5 stop) | ||
+ | *** Copy to /srv/www/tomcat5/base/webapps directory | ||
+ | *** Startup Tomcat (rctomcat5 start) | ||
+ | ** Create directory /usr/share/java/higgins-sts-config | ||
+ | ** Copy /srv/www/tomcat5/base/webapps/TokenService/ConfigurationFiles/Configuration.xml to /usr/share/java/higgins-sts-config/Configuration.xml | ||
+ | ** Edit /usr/share/java/higgins-sts-config/Configuration.xml and follow the instructions inside it | ||
+ | ** Edit /usr/share/tomcat5/bin/catalina.sh and insert CATALINA_OPTS="$CATALINA_OPTS -Dorg.eclipse.higgins.sts.conf=/usr/share/java/higgins-sts-config" at top of "Execute the requested command" section | ||
+ | ** For debugging, add a log4j.properties in /srv/www/tomcat5/base/webapps/TokenService/WEB-INF/classes. | ||
+ | *** TODO: upload a log4j.properties sample and refer to it from here. | ||
==Client== | ==Client== | ||
* Install / Configure Firefox | * Install / Configure Firefox | ||
* | * |
Latest revision as of 17:55, 13 March 2007
Server
These steps were followed to set the scenario up on two machines which were isolated from the Internet
- Install OpenSuse 10.2
- Configure Network
- Install/Configure DNS server
- Installed yast DNS config service and used that
- Added dns zone as master <something.com>
- Added an A record for the server's name <servername.something.com> set to 192.168.0.1
- Set startup behavior to start when booting
- Give this server a dns name and local address (like 192.168.0.1)
- Config this machine to get static address (like 192.168.0.1)
- Install/Configure DNS server
- Configure Network
- Create certificate for server
- used tinyCA
- Create a CA
- Create a cert for <server dns name>
- export cert as PEM (will be used for Apache)
- export key as PEM (will be used for Apache)
- without passphrase
- export key as PKCS12 (will be imported into a Java keystore for Tomcat)
- set export passphrase to "changeitagain" (or whatever you want -- just remember it for later)
- doesn't matter whether you choose to include the CA's cert.
- copy key and cert (see Configure Apache below)
- Install/Configure Apache
- Create, Export, and Copy certificate and key to etc/apache2/ssl.crt and etc/apache2/ssl.key respectively
- Edit etc/apache2/local.conf
- Setup virtual servers
- Edit etc/apache2/sysconfig.d/local.conf
- Enable ssl for apache
- Setup virtual host
- Edit /etc/sysconfig/apache2 and set APACHE_CONF_INCLUDE_FILES="/etc/apache2/local.conf"
- Add /etc/apache2/local.conf which contains <look at the same file on wag.bandit-project.org>
- Install/Configure Tomcat
- Create /etc/apache2/conf.d/jk.conf <copy contents from wag.bandit-project.org>
- Create /etc/apache2/conf.d/workers.properties <copy contents from wag.bandit-project.org>
- Edit /
- Certificate-related config
- Create Java keystore
- keytool -genkey -alias deletemelater -keyalg RSA -keystore /usr/share/tomcat5/.keystore
- Import private key (PKCS12 format from "Create certificate for server" step above)
- jwsdp-2.0/xws-security/bin/pkics12mport.sh -file <pkcs12 file from above> -keystore /usr/share/tomcat5/.keystore -alias tomcat
- pkics12mport.sh is in the JWSDP 2.0 package available from sun
- jwsdp-2.0/xws-security/bin/pkics12mport.sh -file <pkcs12 file from above> -keystore /usr/share/tomcat5/.keystore -alias tomcat
- Delete unneeded key from keystore
- keytool -delete -alias deletemelater -keystore /usr/share/tomcat5/.keystore
- Create Java keystore
- Edit /usr/share/tomcat5/conf/server.xml.
- Uncomment <Connector port 8443 .../> element, and add attribute keystorePass="changeitagain" (or whatever you set the keystore password to).
- Install/Configure PHP
- We also had to install the PHP-Java bridge.
- Install/Configure STS
- Deploy Higgins TokenService.war
- Shutdown Tomcat (rctomcat5 stop)
- Copy to /srv/www/tomcat5/base/webapps directory
- Startup Tomcat (rctomcat5 start)
- Create directory /usr/share/java/higgins-sts-config
- Copy /srv/www/tomcat5/base/webapps/TokenService/ConfigurationFiles/Configuration.xml to /usr/share/java/higgins-sts-config/Configuration.xml
- Edit /usr/share/java/higgins-sts-config/Configuration.xml and follow the instructions inside it
- Edit /usr/share/tomcat5/bin/catalina.sh and insert CATALINA_OPTS="$CATALINA_OPTS -Dorg.eclipse.higgins.sts.conf=/usr/share/java/higgins-sts-config" at top of "Execute the requested command" section
- For debugging, add a log4j.properties in /srv/www/tomcat5/base/webapps/TokenService/WEB-INF/classes.
- TODO: upload a log4j.properties sample and refer to it from here.
- Deploy Higgins TokenService.war
Client
- Install / Configure Firefox