{"id":11655,"date":"2016-10-13T10:17:45","date_gmt":"2016-10-13T15:17:45","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=11655"},"modified":"2016-10-25T09:26:47","modified_gmt":"2016-10-25T14:26:47","slug":"openam12-install-distributed-authentication-app","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=11655","title":{"rendered":"OpenAM12: Install Distributed Authentication App"},"content":{"rendered":"
\n

Contents<\/h2>\n
    \n\t
  1. \n\t\tOverview<\/a>\n\t<\/li>\n\t
  2. \n\t\tInstall Distributed Authentication Server<\/a>\n\t<\/li>\n\t
  3. \n\t\tPrepare OpenAM for Distributed Authentication<\/a>\n\t\t
      \n\t\t\t
    1. \n\t\t\t\tPrepare Cookie Domains<\/a>\n\t\t\t<\/li>\n\t\t\t
    2. \n\t\t\t\tPrepare Realm\/DNS Aliases<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
    3. \n\t\tConfigure Distributed Authentication Application<\/a>\n\t<\/li>\n\t
    4. \n\t\tTest<\/a>\n\t<\/li>\n\t
    5. \n\t\tReferences<\/a>\n\t<\/li>\n<\/ol>\n<\/ol>\n<\/div>\n
       <\/div>\n

      Overview<\/h2><\/span>\n

      * Distributed authentication app is used,e.g. in DMZ, to proxy to OpenAM server<\/p>\n

      Install Distributed Authentication Server<\/h2><\/span>\n

      * Create DNS name by adding to hosts file<\/p>\n

      \r\n127.0.0.1\tdmz.my.com\r\n<\/pre>\n
      * Install Tomcat:
      \n– Unzip apache-tomcat-7.0.72.zip<\/em> and rename as c:\\prog\\apache-tomcat-7.0.72.dmz<\/em>
      \n– Change listening ports from 8xxx to 11xxx, e.g. 8080 to 11080 in conf\\server.xml<\/em> file
      \n8005 > 11005
      \n8080 > 11080
      \n8443 > 11443
      \n8009 > 11009
      \n– Add setenv.bat<\/em> to bin <\/em>directory to contain:<\/p>\n
      \r\nset JAVA_OPTS=-Dfile.encoding=UTF-8 -Xms128m -Xmx1024m -XX:PermSize=64m -XX:MaxPermSize=256m\r\nset JAVA_HOME=C:\\prog\\jdk1.7.0_45\r\n<\/pre>\n
      – Start new Tomcat and point browser to: http:\/\/dmz.my.com:11080\/docs<\/a>
      \n* Deploy distributed authentication application
      \n– Extract OpenAM-DistAuth-12.0.0.war<\/em> from OpenAM-12.0.0.zip<\/em>
      \n– Move it to C:\\prog\\apache-tomcat-7.0.72.dmz\\webapps<\/em>
      \n– Rename it to openam-distauth.war<\/strong><\/p>\n
      Prepare OpenAM for Distributed Authentication<\/h2><\/span>\n
      Prepare Cookie Domains<\/h3><\/span>\n
      * Login OpenAM
      \n* Go to: Configuration > System > Platform<\/em>
      \n* Add domains for the distributed authentication server to cookie domains if it is different from OpenAM. In this case, both are my.com<\/em> so no need to add:<\/p>\n
      \"openam12_distauth_cookiedomains_1\"<\/a><\/h6><\/span>\n
      Prepare Realm\/DNS Aliases<\/h3><\/span>\n
      * Login OpenAM
      \n* Go to: Access Control > Top Realm > General<\/em>
      \n* Add DNS name, i.e. dmz.my.com, for the distributed authentication server:<\/p>\n
      \"openam12_distauth_dnsaliases_1\"<\/a><\/h6><\/span>\n
      Configure Distributed Authentication Application<\/h2><\/span>\n
      * Start Tomcat and point browser to http:\/\/dmz.my.com:11080\/openam-distauth\/distAuthConfigurator.jsp<\/a>
      \n* Enter values on the config page:
      \n– Use UrlAccessAgent <\/em>as application user name. It is setup during initial OpenAM setup.<\/p>\n
      \"openam12_distauth_config_1\"<\/a><\/h6><\/span>\n
      \"openam12_distauth_config_2\"<\/a><\/h6><\/span>\n
      * Configuration is saved in C:\\Users\\me\\FAMDistAuth\\_prog_apache-tomcat-7.0.72.dmz_webapps_openam-distauth_AMDistAuthConfig.properties<\/em><\/p>\n
      Test<\/h2><\/span>\n
      * Use URL format: PROTOCOL:\/\/DISTAUTH:PORT\/DEPLOYMENT-URI\/UI\/Login?goto=PROTECTEDCONTENT<\/em>
      \n* For example, point browser to:
      \n      http:\/\/dmz.my.com:11080\/openam-distauth\/UI\/Login?goto=http:\/\/tomcat6.my.com:10080\/docs<\/a>
      \n* Enter OpenAM username and password to login<\/p>\n
      References<\/h2><\/span>\n","protected":false},"excerpt":{"rendered":"
      Overview * Distributed authentication app is used,e.g. in DMZ, to proxy to OpenAM server Install Distributed Authentication Server * Create DNS name by adding to hosts file 127.0.0.1 dmz.my.com * Install Tomcat: – Unzip apache-tomcat-7.0.72.zip and rename as c:\\prog\\apache-tomcat-7.0.72.dmz – … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[720],"tags":[721],"class_list":["post-11655","post","type-post","status-publish","format-standard","hentry","category-openam","tag-openam"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-31Z","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11655","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11655"}],"version-history":[{"count":10,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11655\/revisions"}],"predecessor-version":[{"id":11699,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11655\/revisions\/11699"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11655"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11655"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11655"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}