This section provides installation and configuration tips. The following containers are supported.
Tomcat 6.x and 7.x
Jetty 6.x and 7.x
Glassfish 2.x and 3.x
JBoss 5.x
Weblogic 10.x
Tomcat reference links:
Download and install Sun Java SE JDK 6 Update 21 or later. At this time these are the only versions of any JDK supported with OpenIG.
Download and install Tomcat 6 or Tomcat 7.
$TOMCAT_HOME refers to the location where you have
installed Tomcat.
Configure Tomcat to listen on the same port and protocol of the application you are protecting with OpenIG. If your application listens on both an HTTP and an HTTPS port you must configure Tomcat to do so as well. If you are installing to run the samples you do not have to modify the Tomcat port configuration since both the Tomcat default and the samples use port 8080.
To configure Tomcat to use a port other than 8080 modify the defaults
in $TOMCAT_HOME/conf/server.xml. The quickest way to do
this is to search for the default value of 8080 and replace it with the new
port number.
If OpenIG accesses an SQL database you must configure Tomcat for JNDI. Once you have Tomcat configured you must add the jar for the database, and set up a JNDI data source and a reference to that data source in your web application. The following steps are for the MySQL Connector/J.
Download the
MySQL JDBC Driver
Connector/J. Add it to the class path by copying it to
$TOMCAT_HOME/lib.
Add a JNDI data source for your MySQL server and database in
$TOMCAT_HOME/conf/context.xml.
<Resource name="jdbc/forgerock" auth="Container" type="javax.sql.DataSource" maxActive="100" maxIdle="30" maxWait="10000" username="admin" password="11111111" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://localhost:3306/databasename"/>
Add a resource reference to the data source in
$TOMCAT_HOME/conf/web.xml.
<resource-ref>
<description>MySQL Connection<description>
<res-ref-name>jdbc/forgerock<res-ref-name>
<res-type>javax.sql.DataSource<res-type>
<res-auth>Container<res-auth>
<resource-ref>If you use OpenIG for more than a single application and those
applications are on different hosts, you must configure Tomcat to set domain
cookies. To do this add the following to your
$TOMCAT_HOME/conf/Catalina/ file.server/root.xml
<Context sessionCookieDomain=".forgerock.com" />
To get Tomcat up quickly on an SSL port you can add an entry similar
to the following in $TOMCAT_HOME/conf/server.xml.
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
address="10.0.1.6"
clientAuth="false" sslProtocol="TLS" keystorePass="11111111"/>You must also have to make sure you have create a key store along with a self-signed certificate. You can do that with the following UNIX command:
$ keytool -genkey -alias tomcat -keyalg RSA
Jetty reference links:
Download and install Sun Java SE JDK 6 Update 21 or later. At this time these are the only versions of any JDK supported with OpenIG.
Download and install Jetty.
The install directory is referred to as $JETTY_HOME
from now on.
Configure Jetty to listen on the same port and protocol of the application you are protecting with OpenIG. If you are configuring OpenIG for the samples you do not have to modify the Jetty port configuration since the default for Jetty is 8080 and the samples use port 8080.
To configure Jetty to use a port other than 8080 you must modify
the default $JETTY_HOME/etc/jetty.xml. The quickest way
to do that is to search for the default value of 8080 and replace it with the
new port number. The simplest way to get Jetty running on ports below 1024 is
to run the Jetty process as root. This is only appropriate for sample
purposes. Do not run Jetty as root in production.
If the application your are protecting is configured on an HTTPS port, you must configure Jetty for HTTPS as well.
If you are managing multiple applications in one domain you will need
to turn on domain cookies in Jetty. This can be done by adding the following
property to $JETTY_HOME/contexts/root.xml or to
$JETTY_HOME/etc/jetty.xml. Note that any changes to
jetty.xml impact all web applications running in the
container.
<Get name="sessionHandler">
<Get name="sessionManager">
<Set name="sessionDomain">example.com<Set>
<Get>
<Get>If OpenIG accesses an SQL database you must configure Jetty for JNDI or use the Jetty Hightide distribution, which comes pre-configured for JNDI. Once you have Jetty configured you must add the jar for the database, and set up a JNDI data source and a reference to that data source in your web application. The following steps are for the MySQL Connector/J.
Download the MySQL JDBC Driver
Connector/J Add it to the Jetty class path by copying it to
$JETTY_HOME/lib/jndi.
Add a JNDI data source for your MySQL server and database in
$JETTY_HOME/etc/jetty.xml.
<New id="jdbc/forgerock" class="org.eclipse.jetty.plus.jndi.Resource">
<Arg><Arg>
<Arg>jdbc/forgerock<Arg>
<Arg>
<New class="com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource">
<Set name="Url">jdbc:mysql://localhost:3306/databasename<Set>
<Set name="User">mysqladmin<Set>
<Set name="Password">11111111<Set>
<New>
<Arg>
<New>Add a resource reference to the data source in
$JETTY_HOME/etc/webdefault.xml.
<resource-ref>
<description>My DataSource Reference<description>
<res-ref-name>jdbc/forgerock<res-ref-name>
<res-type>javax.sql.DataSource<res-type>
<res-auth>Container<res-auth>
<resource-ref>JBoss reference links:
Download and install Sun Java SE JDK 6 Update 21 or later. At this time these are the only versions of any JDK supported with OpenIG.
Download and install the community version of JBoss 5.1. $JBOSS_HOME refers to the location you have installed JBoss. The assumption in this chapter is that you run the default server configuration.
Configure JBoss to listen on the same port and protocol of the application you are protecting with OpenIG. If your application listens on both an HTTP and an HTTPS port you must configure JBoss to do so as well. If you are installing to run the samples you do not have to modify the JBoss port configuration since both the Joss default and the samples use port 8080.
To configure JBoss to use a port other than 8080 modify
server.xml under your server configuration. For example,
if you are using the default server configuration,
server.xml is
$JBOSS_HOME/server/default/deploy/jbossweb.sar/server.xml.
The quickest way to do this is to search for the default value of 8080 and
replace it with the new port number.
If OpenIG accesses an SQL database you must configure JBoss for JNDI. Once you have JBOSS configured you must add the jar for the database, and set up a JNDI data source and a reference to that data source in your web application. The following steps are for the MySQL Connector/J.
Download the MySQL JDBC Driver
Connector/J Add it to the JBoss class path by copying it to
$JBOSS_HOME/server/default/lib.
Add a JNDI data source for your MySQL server and database in
$JBOSS_HOME/server/default/deploy/mysql-ds.xml.
<datasources>
<local-tx-datasource>
<jndi-name>jdbc/forgerock<jndi-name>
<connection-url>jdbc:mysql://localhost:3306/databasename<connection-url>
<driver-class>com.mysql.jdbc.Driver<driver-class>
<user-name>admin<user-name>
<password>11111111<password>
<min-pool-size>5<min-pool-size>
<max-pool-size>20<max-pool-size>
<idle-timeout-minutes>5<idle-timeout-minutes>
<exception-sorter-class-name>
com.mysql.jdbc.integration.jboss.ExtendedMysqlExceptionSorter
<exception-sorter-class-name>
<valid-connection-checker-class-name>
com.mysql.jdbc.integration.jboss.MysqlValidConnectionChecker
<valid-connection-checker-class-name>
<local-tx-datasource>
<datasources>Add a resource reference to the data source in
$JBOSS_HOME/server/default/deployers/jbossweb.deployer/web.xml.
<resource-ref>
<description>MySQL Connection<description>
<res-ref-name>jdbc/forgerock<res-ref-name>
<res-type>javax.sql.DataSource<res-type>
<res-auth>Container<res-auth>
<resource-ref>