{"id":11650,"date":"2016-10-12T13:49:07","date_gmt":"2016-10-12T18:49:07","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=11650"},"modified":"2016-10-25T09:27:37","modified_gmt":"2016-10-25T14:27:37","slug":"openam12-secure-tomcat-7-on-a-different-domain","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=11650","title":{"rendered":"OpenAM12: Secure Tomcat 7 on a Different Domain"},"content":{"rendered":"

Install Tomcat 7<\/h2><\/span>\n

* Add to hosts file:
\n127.0.0.1\ttomcat7.my.local
\n* Unzip apache-tomcat-7.0.72.zip<\/em> and rename as c:\\prog\\apache-tomcat-7.0.72.local<\/em>
\n* Change listening ports from 8xxx to 9xxx, e.g. 808 to 9080 in conf\\server.xml file
\n8005 > 9005
\n8080 > 9080
\n8443 > 9443
\n8009 > 9009
\n* Add setenv.bat<\/em> to bin <\/em>directory to contain:<\/p>\n

\r\nset JAVA_OPTS=-Dfile.encoding=UTF-8 -Xms128m -Xmx1024m -XX:PermSize=64m -XX:MaxPermSize=256m\r\nset JAVA_HOME=C:\\prog\\jdk1.7.0_45\r\n<\/pre>\n
* Start new Tomcat and point browser to: http:\/\/tomcat7.my.local:9080\/docs<\/a>
\n* Shutdown Tomcat before installing agent!<\/p>\n
Create Tomcat7 Agent Profile<\/h2><\/span>\n
* Login OpenAM
\n* Add a new J2EE agent profile named Tomcat7<\/strong><\/p>\n
<\/h6><\/span>\n
* Select new agent
\n* Set Agent Filter Mode > Current Values<\/em> to SSO_ONLY<\/strong><\/p>\n
<\/h6><\/span>\n
* Also enable cross domain SSO<\/p>\n
<\/h6><\/span>\n
Install OpenAM Agent<\/h2><\/span>\n
* Extract tomcat_v6_agent<\/em> folder from Tomcat-v6-7-Agent-3.3.0.zip<\/em> into C:\\prog\\apache-tomcat-7.0.72.openam12.local<\/em>
\n* Create a new password file named tomcat7pass.txt<\/em>. Enter password in the file, e.g. Wx1
\n* Go to C:\\prog\\apache-tomcat-7.0.72.openam12.local\\tomcat_v6_agent\\bin<\/em> and run:<\/p>\n
\r\nagentadmin.bat --install\r\n\r\nTomcat conf directory: C:\\prog\\apache-tomcat-7.0.72.local\\conf\r\nOpenAM URL: http:\/\/openam.my.com:8080\/openam\r\n$CATALINA_HOME: C:\\prog\\apache-tomcat-7.0.72.local\r\nInstall agent filter in global web.xml ? [true]: true\r\nAgent URL: http:\/\/tomcat7.my.local:9080\/docs\r\nAgent profile name: Tomcat7\r\nPassword file: C:\\prog\\apache-tomcat-7.0.72.local\\tomcat_v6_agent\\tomcat7pass.txt\r\n<\/pre>\n
* Output:<\/p>\n
\r\n-----------------------------------------------\r\nSUMMARY OF YOUR RESPONSES\r\n-----------------------------------------------\r\nTomcat Server Config Directory :\r\nC:\\prog\\apache-tomcat-7.0.72.local\\conf\r\nOpenAM server URL : http:\/\/openam.my.com:8080\/openam\r\n$CATALINA_HOME environment variable :\r\nC:\\prog\\apache-tomcat-7.0.72.local\r\nTomcat global web.xml filter install : true\r\nAgent URL : http:\/\/tomcat7.my.local:9080\/docs\r\nAgent Profile name : Tomcat7\r\nAgent Profile Password file name :\r\nC:\\prog\\apache-tomcat-7.0.72.local\\tomcat_v6_agent\\tomcat7pass.txt\r\n\r\n\r\nVerify your settings above and decide from the choices below.\r\n1. Continue with Installation\r\n2. Back to the last interaction\r\n3. Start Over\r\n4. Exit\r\nPlease make your selection [1]:\r\n\r\nUpdating the C:\\prog\\apache-tomcat-7.0.72.local\/bin\/setenv.bat\r\nscript with the Agent configuration JVM option ...DONE.\r\nDONE.\r\n\r\nCreating directory layout and configuring Agent file for Agent_001\r\ninstance ...DONE.\r\n\r\nReading data from file\r\nC:\\prog\\apache-tomcat-7.0.72.local\\tomcat_v6_agent\\tomcat7pass.txt\r\nand encrypting it ...DONE.\r\n\r\nGenerating audit log file name ...DONE.\r\n\r\nCreating tag swapped OpenSSOAgentBootstrap.properties file for instance\r\nAgent_001 ...DONE.\r\n\r\nCreating a backup for file\r\nC:\\prog\\apache-tomcat-7.0.72.local\\conf\/server.xml ...DONE.\r\n\r\nCreating a backup for file\r\nC:\\prog\\apache-tomcat-7.0.72.local\\conf\/web.xml ...DONE.\r\n\r\nAdding OpenAM Tomcat Agent Realm to Server XML file :\r\nC:\\prog\\apache-tomcat-7.0.72.local\\conf\/server.xml ...DONE.\r\n\r\nAdding filter to Global deployment descriptor file :\r\nC:\\prog\\apache-tomcat-7.0.72.local\\conf\/web.xml ...DONE.\r\n\r\nAdding OpenAM Tomcat Agent Filter and Form login authentication to selected\r\nWeb applications ...DONE.\r\n\r\nSUMMARY OF AGENT INSTALLATION\r\n-----------------------------\r\nAgent instance name: Agent_001\r\nAgent Bootstrap file location:\r\nC:\/prog\/apache-tomcat-7.0.72.local\/tomcat_v6_agent\/Agent_001\/config\/OpenSSOAgentBootstrap.properties\r\nAgent Configuration file location\r\nC:\/prog\/apache-tomcat-7.0.72.local\/tomcat_v6_agent\/Agent_001\/config\/OpenSSOAgentConfiguration.properties\r\nAgent Audit directory location:\r\nC:\/prog\/apache-tomcat-7.0.72.local\/tomcat_v6_agent\/Agent_001\/logs\/audit\r\nAgent Debug directory location:\r\nC:\/prog\/apache-tomcat-7.0.72.local\/tomcat_v6_agent\/Agent_001\/logs\/debug\r\n\r\n\r\nInstall log file location:\r\nC:\/prog\/apache-tomcat-7.0.72.local\/tomcat_v6_agent\/installer-logs\/audit\/install.log\r\n\r\nThank you for using OpenAM Policy Agent\r\n<\/pre>\n
Test<\/h2><\/span>\n
* Start Tomcat for target app
\n* Point browser to http:\/\/tomcat7.my.local:9080\/docs<\/a>.
\n– Note, if you already login OpenAM with browser, e.g. Firefox, you need to use a different browser, e.g. IE. Otherwise, you won’t see the login page since you’re already authenticated.<\/p>\n","protected":false},"excerpt":{"rendered":"
Install Tomcat 7 * Add to hosts file: 127.0.0.1 tomcat7.my.local * Unzip apache-tomcat-7.0.72.zip and rename as c:\\prog\\apache-tomcat-7.0.72.local * Change listening ports from 8xxx to 9xxx, e.g. 808 to 9080 in conf\\server.xml file 8005 > 9005 8080 > 9080 8443 > … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[720],"tags":[721,466],"class_list":["post-11650","post","type-post","status-publish","format-standard","hentry","category-openam","tag-openam","tag-tomcat7"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-31U","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11650","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11650"}],"version-history":[{"count":4,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11650\/revisions"}],"predecessor-version":[{"id":11657,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11650\/revisions\/11657"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11650"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11650"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11650"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}