Install Tomcat 7
* Add to hosts file:
127.0.0.1 tomcat7.my.local
* Unzip apache-tomcat-7.0.72.zip and rename as c:\prog\apache-tomcat-7.0.72.local
* Change listening ports from 8xxx to 9xxx, e.g. 808 to 9080 in conf\server.xml file
8005 > 9005
8080 > 9080
8443 > 9443
8009 > 9009
* Add setenv.bat to bin directory to contain:
set JAVA_OPTS=-Dfile.encoding=UTF-8 -Xms128m -Xmx1024m -XX:PermSize=64m -XX:MaxPermSize=256m set JAVA_HOME=C:\prog\jdk1.7.0_45
* Start new Tomcat and point browser to: http://tomcat7.my.local:9080/docs
* Shutdown Tomcat before installing agent!
Create Tomcat7 Agent Profile
* Login OpenAM
* Add a new J2EE agent profile named Tomcat7
* Select new agent
* Set Agent Filter Mode > Current Values to SSO_ONLY
* Also enable cross domain SSO
Install OpenAM Agent
* Extract tomcat_v6_agent folder from Tomcat-v6-7-Agent-3.3.0.zip into C:\prog\apache-tomcat-7.0.72.openam12.local
* Create a new password file named tomcat7pass.txt. Enter password in the file, e.g. Wx1
* Go to C:\prog\apache-tomcat-7.0.72.openam12.local\tomcat_v6_agent\bin and run:
agentadmin.bat --install Tomcat conf directory: C:\prog\apache-tomcat-7.0.72.local\conf OpenAM URL: http://openam.my.com:8080/openam $CATALINA_HOME: C:\prog\apache-tomcat-7.0.72.local Install agent filter in global web.xml ? [true]: true Agent URL: http://tomcat7.my.local:9080/docs Agent profile name: Tomcat7 Password file: C:\prog\apache-tomcat-7.0.72.local\tomcat_v6_agent\tomcat7pass.txt
* Output:
----------------------------------------------- SUMMARY OF YOUR RESPONSES ----------------------------------------------- Tomcat Server Config Directory : C:\prog\apache-tomcat-7.0.72.local\conf OpenAM server URL : http://openam.my.com:8080/openam $CATALINA_HOME environment variable : C:\prog\apache-tomcat-7.0.72.local Tomcat global web.xml filter install : true Agent URL : http://tomcat7.my.local:9080/docs Agent Profile name : Tomcat7 Agent Profile Password file name : C:\prog\apache-tomcat-7.0.72.local\tomcat_v6_agent\tomcat7pass.txt Verify your settings above and decide from the choices below. 1. Continue with Installation 2. Back to the last interaction 3. Start Over 4. Exit Please make your selection [1]: Updating the C:\prog\apache-tomcat-7.0.72.local/bin/setenv.bat script with the Agent configuration JVM option ...DONE. DONE. Creating directory layout and configuring Agent file for Agent_001 instance ...DONE. Reading data from file C:\prog\apache-tomcat-7.0.72.local\tomcat_v6_agent\tomcat7pass.txt and encrypting it ...DONE. Generating audit log file name ...DONE. Creating tag swapped OpenSSOAgentBootstrap.properties file for instance Agent_001 ...DONE. Creating a backup for file C:\prog\apache-tomcat-7.0.72.local\conf/server.xml ...DONE. Creating a backup for file C:\prog\apache-tomcat-7.0.72.local\conf/web.xml ...DONE. Adding OpenAM Tomcat Agent Realm to Server XML file : C:\prog\apache-tomcat-7.0.72.local\conf/server.xml ...DONE. Adding filter to Global deployment descriptor file : C:\prog\apache-tomcat-7.0.72.local\conf/web.xml ...DONE. Adding OpenAM Tomcat Agent Filter and Form login authentication to selected Web applications ...DONE. SUMMARY OF AGENT INSTALLATION ----------------------------- Agent instance name: Agent_001 Agent Bootstrap file location: C:/prog/apache-tomcat-7.0.72.local/tomcat_v6_agent/Agent_001/config/OpenSSOAgentBootstrap.properties Agent Configuration file location C:/prog/apache-tomcat-7.0.72.local/tomcat_v6_agent/Agent_001/config/OpenSSOAgentConfiguration.properties Agent Audit directory location: C:/prog/apache-tomcat-7.0.72.local/tomcat_v6_agent/Agent_001/logs/audit Agent Debug directory location: C:/prog/apache-tomcat-7.0.72.local/tomcat_v6_agent/Agent_001/logs/debug Install log file location: C:/prog/apache-tomcat-7.0.72.local/tomcat_v6_agent/installer-logs/audit/install.log Thank you for using OpenAM Policy Agent
Test
* Start Tomcat for target app
* Point browser to http://tomcat7.my.local:9080/docs.
– Note, if you already login OpenAM with browser, e.g. Firefox, you need to use a different browser, e.g. IE. Otherwise, you won’t see the login page since you’re already authenticated.