{"id":11648,"date":"2016-10-12T13:05:31","date_gmt":"2016-10-12T18:05:31","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=11648"},"modified":"2016-10-25T09:28:19","modified_gmt":"2016-10-25T14:28:19","slug":"openam12-secure-tomcat-6","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=11648","title":{"rendered":"OpenAM12: Secure Tomcat 6"},"content":{"rendered":"

Install Tomcat 6<\/h2><\/span>\n

* Add to hosts file:
\n127.0.0.1\ttomcat6.my.com
\n* Unzip apache-tomcat-6.0.45.zip<\/em> and rename as c:\\prog\\apache-tomcat-6.0.45.com<\/em>
\n* Change listening ports from 8xxx to 9xxx, e.g. 808 to 10080 in conf\\server.xml file
\n8005 > 10005
\n8080 > 10080
\n8443 > 10443
\n8009 > 10009
\n* Add setenv.bat<\/em> to bin <\/em>directory to contain:<\/p>\n

\r\nset JAVA_OPTS=-Dfile.encoding=UTF-8 -Xms128m -Xmx1024m -XX:PermSize=64m -XX:MaxPermSize=256m\r\nset JAVA_HOME=C:\\prog\\jdk1.7.0_45\r\n<\/pre>\n
* Start new Tomcat and point browser to: http:\/\/tomcat6.my.com:10080\/docs<\/a>
\n* Shutdown Tomcat to install agent!<\/p>\n
Create Tomcat6 Agent Profile<\/h2><\/span>\n
* Login OpenAM
\n* Add a new J2EE agent named Tomcat6<\/strong><\/p>\n
\"openam13_agenttocmat6_1_create\"<\/a><\/h6><\/span>\n
* Select new agent and enable SSO Only Mode<\/em>:<\/p>\n
\"openam13_agentapache2_2_ssoonly\"<\/a><\/h6><\/span>\n
Install OpenAM Agent<\/h2><\/span>\n
* Download Tomcat Policy Agent from Forgerock<\/a>, e.g. Tomcat-v6-Agent_3.3.0.zip<\/em>
\n* Extract tomcat_v6_agent<\/em> folder to C:\\prog\\apache-tomcat-6.0.45.com<\/em>
\n* Create a new password file named tomcat6pass.txt<\/em>. Enter password in the file, e.g. Wx1
\n* Go to C:\\prog\\apache-tomcat-6.0.45.com\\tomcat_v6_agent\\bin<\/em> and run:<\/p>\n
\r\nagentadmin.bat --install\r\n\r\nTomcat conf directory: C:\\prog\\apache-tomcat-6.0.45.com\\conf\r\nOpenAM URL: http:\/\/openam.my.com:8080\/openam\r\n$CATALINA_HOME: C:\\prog\\apache-tomcat-6.0.45.com\r\nInstall agent filter in global web.xml ? [true]: true\r\nAgent URL: http:\/\/tomcat6.my.com:10080\/docs\r\nAgent profile name: Tomcat6\r\nPassword file: C:\\prog\\apache-tomcat-6.0.45.com\\tomcat_v6_agent\\tomcat6pass.txt\r\n<\/pre>\n
* Install output:<\/p>\n
\r\n-----------------------------------------------\r\nSUMMARY OF YOUR RESPONSES\r\n-----------------------------------------------\r\nTomcat Server Config Directory : C:\\prog\\apache-tomcat-6.0.45.com\\conf\r\n\r\nOpenAM server URL : http:\/\/openam.my.com:8080\/openam\r\n$CATALINA_HOME environment variable :\r\nC:\\prog\\apache-tomcat-6.0.45.com\r\nTomcat global web.xml filter install : true\r\nAgent URL : http:\/\/tomcat6.my.com:10080\/docs\r\nAgent Profile name : Tomcat6\r\nAgent Profile Password file name :\r\nC:\\prog\\apache-tomcat-6.0.45.com\\tomcat_v6_agent\\tomcat6pass.txt\r\n\r\nVerify your settings above and decide from the choices below.\r\n1. Continue with Installation\r\n2. Back to the last interaction\r\n3. Start Over\r\n4. Exit\r\nPlease make your selection [1]:\r\n\r\nUpdating the C:\\prog\\apache-tomcat-6.0.45.com\/bin\/setenv.bat script\r\nwith the Agent configuration JVM option ...DONE.\r\nDONE.\r\n\r\nCreating directory layout and configuring Agent file for Agent_001\r\ninstance ...DONE.\r\n\r\nReading data from file\r\nC:\\prog\\apache-tomcat-6.0.45.com\\tomcat_v6_agent\\tomcat6pass.txt\r\nand encrypting it ...DONE.\r\n\r\nGenerating audit log file name ...DONE.\r\n\r\nCreating tag swapped OpenSSOAgentBootstrap.properties file for instance\r\nAgent_001 ...DONE.\r\n\r\nCreating a backup for file\r\nC:\\prog\\apache-tomcat-6.0.45.com\\conf\/server.xml ...DONE.\r\n\r\nCreating a backup for file\r\nC:\\prog\\apache-tomcat-6.0.45.com\\conf\/web.xml ...DONE.\r\n\r\nAdding OpenAM Tomcat Agent Realm to Server XML file :\r\nC:\\prog\\apache-tomcat-6.0.45.com\\conf\/server.xml ...DONE.\r\n\r\nAdding filter to Global deployment descriptor file :\r\nC:\\prog\\apache-tomcat-6.0.45.com\\conf\/web.xml ...DONE.\r\n\r\nAdding OpenAM Tomcat Agent Filter and Form login authentication to selected\r\nWeb applications ...DONE.\r\n\r\n\r\nSUMMARY OF AGENT INSTALLATION\r\n-----------------------------\r\nAgent instance name: Agent_001\r\nAgent Bootstrap file location:\r\nC:\/prog\/apache-tomcat-6.0.45.com\/tomcat_v6_agent\/Agent_001\/config\/OpenSSOAgentBootstrap.properties\r\nAgent Configuration file location\r\nC:\/prog\/apache-tomcat-6.0.45.com\/tomcat_v6_agent\/Agent_001\/config\/OpenSSOAgentConfiguration.properties\r\nAgent Audit directory location:\r\nC:\/prog\/apache-tomcat-6.0.45.com\/tomcat_v6_agent\/Agent_001\/logs\/audit\r\nAgent Debug directory location:\r\nC:\/prog\/apache-tomcat-6.0.45.com\/tomcat_v6_agent\/Agent_001\/logs\/debug\r\n\r\nInstall log file location:\r\nC:\/prog\/apache-tomcat-6.0.45.com\/tomcat_v6_agent\/installer-logs\/audit\/install.log\r\n\r\nThank you for using OpenAM Policy Agent\r\n<\/pre>\n
* Changes made:
\n– conf\/Server.xml<\/em>:
\nReplaced:<\/p>\n
\r\n      \r\n<\/pre>\n
with<\/p>\n
\r\n    \r\n<\/pre>\n
conf\/web.xml<\/em>:
\nAdded:<\/p>\n
\r\n    \r\n        Agent<\/filter-name>\r\n        Agent<\/display-name>\r\n        SJS Access Manager Tomcat Policy Agent Filter<\/description>\r\n        com.sun.identity.agents.filter.AmAgentFilter<\/filter-class>\r\n    <\/filter>\r\n\r\n    \r\n        Agent<\/filter-name>\r\n        \/*<\/url-pattern>\r\n        REQUEST<\/dispatcher>\r\n        INCLUDE<\/dispatcher>\r\n        FORWARD<\/dispatcher>\r\n        ERROR<\/dispatcher>\r\n    <\/filter-mapping>\r\n<\/pre>\n
Test<\/h2><\/span>\n
* Start Tomcat for target app
\n* Point browser to http:\/\/tomcat6.my.com:10080\/docs<\/a>.
\n– Note, if you already login OpenAM with browser, e.g. Firefox, you need to use a different browser, e.g. IE. Otherwise, you won’t see the login page since you’re already authenticated.<\/p>\n","protected":false},"excerpt":{"rendered":"
Install Tomcat 6 * Add to hosts file: 127.0.0.1 tomcat6.my.com * Unzip apache-tomcat-6.0.45.zip and rename as c:\\prog\\apache-tomcat-6.0.45.com * Change listening ports from 8xxx to 9xxx, e.g. 808 to 10080 in conf\\server.xml file 8005 > 10005 8080 > 10080 8443 > … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[720],"tags":[721,578],"class_list":["post-11648","post","type-post","status-publish","format-standard","hentry","category-openam","tag-openam","tag-tomcat"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-31S","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11648","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11648"}],"version-history":[{"count":3,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11648\/revisions"}],"predecessor-version":[{"id":11686,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11648\/revisions\/11686"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11648"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11648"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11648"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}