Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Higgins CardSpace Interop Deployment Notes
Server
These steps were followed to set the scenario up on two machines which were isolated from the Internet
- Install OpenSuse 10.2
- Configure Network
- Install/Configure DNS server
- Installed yast DNS config service and used that
- Added dns zone as master <something.com>
- Added an A record for the server's name <servername.something.com> set to 192.168.0.1
- Set startup behavior to start when booting
- Give this server a dns name and local address (like 192.168.0.1)
- Config this machine to get static address (like 192.168.0.1)
- Install/Configure DNS server
- Configure Network
- Create certificate for server
- used tinyCA
- Create a CA
- Create a cert for <server dns name>
- export cert as PEM (will be used for Apache)
- export key as PEM (will be used for Apache)
- without passphrase
- export key as PKCS12 (will be imported into a Java keystore for Tomcat)
- set export passphrase to "changeitagain" (or whatever you want -- just remember it for later)
- doesn't matter whether you choose to include the CA's cert.
- copy key and cert (see Configure Apache below)
- Install/Configure Apache
- Create, Export, and Copy certificate and key to etc/apache2/ssl.crt and etc/apache2/ssl.key respectively
- Edit etc/apache2/local.conf
- Setup virtual servers
- Edit etc/apache2/sysconfig.d/local.conf
- Enable ssl for apache
- Setup virtual host
- Edit /etc/sysconfig/apache2 and set APACHE_CONF_INCLUDE_FILES="/etc/apache2/local.conf"
- Add /etc/apache2/local.conf which contains <look at the same file on wag.bandit-project.org>
- Install/Configure Tomcat
- Create /etc/apache2/conf.d/jk.conf <copy contents from wag.bandit-project.org>
- Create /etc/apache2/conf.d/workers.properties <copy contents from wag.bandit-project.org>
- Edit /
- Certificate-related config
- Create Java keystore
- keytool -genkey -alias deletemelater -keyalg RSA -keystore /usr/share/tomcat5/.keystore
- Import private key (PKCS12 format from "Create certificate for server" step above)
- jwsdp-2.0/xws-security/bin/pkics12mport.sh -file <pkcs12 file from above> -keystore /usr/share/tomcat5/.keystore -alias tomcat
- pkics12mport.sh is in the JWSDP 2.0 package available from sun
- jwsdp-2.0/xws-security/bin/pkics12mport.sh -file <pkcs12 file from above> -keystore /usr/share/tomcat5/.keystore -alias tomcat
- Delete unneeded key from keystore
- keytool -delete -alias deletemelater -keystore /usr/share/tomcat5/.keystore
- Create Java keystore
- Edit /usr/share/tomcat5/conf/server.xml.
- Uncomment <Connector port 8443 .../> element, and add attribute keystorePass="changeitagain" (or whatever you set the keystore password to).
- Install/Configure PHP
- We also had to install the PHP-Java bridge.
- Install/Configure STS
- Deploy Higgins TokenService.war
- Shutdown Tomcat (rctomcat5 stop)
- Copy to /srv/www/tomcat5/base/webapps directory
- Startup Tomcat (rctomcat5 start)
- Create directory /usr/share/java/higgins-sts-config
- Copy /srv/www/tomcat5/base/webapps/TokenService/ConfigurationFiles/Configuration.xml to /usr/share/java/higgins-sts-config/Configuration.xml
- Edit /usr/share/java/higgins-sts-config/Configuration.xml and follow the instructions inside it
- Edit /usr/share/tomcat5/bin/catalina.sh and insert CATALINA_OPTS="$CATALINA_OPTS -Dorg.eclipse.higgins.sts.conf=/usr/share/java/higgins-sts-config" at top of "Execute the requested command" section
- For debugging, add a log4j.properties in /srv/www/tomcat5/base/webapps/TokenService/WEB-INF/classes.
- TODO: upload a log4j.properties sample and refer to it from here.
- Deploy Higgins TokenService.war
Client
- Install / Configure Firefox