| OpenSSO Express 8 → OpenSSO Express 9β ─|→ Forge Rock OpenAM 9 ↓ | Sun OpenSSO Enterprise 8 ──────────|→ (開発中止) | Oracle による Sun 買収(2009)
$ cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 pine.hondou.homedns.org ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
$ sudo yum -y install java-1.6.0* (中略) Installed: java-1.6.0-openjdk-demo.x86_64 1:1.6.0.0-1.40.1.9.10.el6_1 java-1.6.0-openjdk-devel.x86_64 1:1.6.0.0-1.40.1.9.10.el6_1 java-1.6.0-openjdk-javadoc.x86_64 1:1.6.0.0-1.40.1.9.10.el6_1 java-1.6.0-openjdk-src.x86_64 1:1.6.0.0-1.40.1.9.10.el6_1
#!/bin/sh JAVA_HOME=/usr/lib/jvm/java-1.6.0/ export JAVA_HOME JAVA_OPTS="-Xmx1024m -XX:MaxPermSize=256m" export JAVA_OPTS最近は、 /etc/bashrc に直接記述するのではなく、/etc/profile.d に起動スクリプトを書くらしい。/etc/profile.d/java.sh を作成した。
Error occurred during deployment: Exception while loading the app : java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: org.apache.catalina.LifecycleException: javax.servlet.ServletException: com.sun.xml.ws.transport.http.servlet.WSServletException: WSSERVLET11: failed to parse runtime descriptor: javax.xml.ws.WebServiceException: WSP1007: Policy exception occured when finishing WSDL parsing.. Please see server.log for more details.
Tomcat 6 & JDK 6 | Tomcat 7 & JDK 7 | |
OpenAM サーバ | ○ | ○ |
OpenAM コマンドラインツール | ○ | × |
OpenAM Agent | ○ | × |
$ cd /opt $ sudo mkdir openam $ cd openam $ sudo tar -xf ~/ダウンロード/apache-tomcat-6.0.33.tar.gz
#!/bin/sh # # openam # # chkconfig: 35 84 16 # description: Manage OpenAM SSO Server CATALINA_HOME=/opt/openam/apache-tomcat-6.0.33 export CATALINA_HOME JAVA_HOME=/usr/lib/jvm/java-1.6.0/ export JAVA_HOME JAVA_OPTS="-Xmx1024m -XX:MaxPermSize=256m" export JAVA_OPTS CATALINA_OPTS="-Dcom.iplanet.am.cookie.c66Encode=true" export CATALINA_OPTS case "${1}" in start) "${CATALINA_HOME}/bin/startup.sh" exit ${?} ;; stop) "${CATALINA_HOME}/bin/shutdown.sh" exit ${?} ;; *) echo "Usage: $0 { start | stop }" exit 1 ;; esac
$ sudo chmod +x /etc/rc.d/init.d/openam $ sudo /sbin/chkconfig --add openam $ sudo /sbin/chkconfig --list openam openam 0:off 1:off 2:off 3:on 4:off 5:on 6:off
起動時 | tomcat(S84) → apache(S85) |
停止時 | apache(K15) → tomcat(K16) |
# ls /etc/rc*/* | grep httpd /etc/rc0.d/K15httpd /etc/rc1.d/K15httpd /etc/rc2.d/K15httpd /etc/rc3.d/S85httpd /etc/rc4.d/K15httpd /etc/rc5.d/S85httpd /etc/rc6.d/K15httpd
# ls /etc/rc*/* | grep openam /etc/rc0.d/K16openam /etc/rc1.d/K16openam /etc/rc2.d/K16openam /etc/rc3.d/S84openam /etc/rc4.d/K16openam /etc/rc5.d/S84openam /etc/rc6.d/K16openam
$ cd /opt/openam/apache-tomcat-6.0.33/conf $ sudo diff -u server.xml.original server.xml --- server.xml.original 2011-11-11 22:56:31.192690899 +0900 +++ server.xml 2011-11-11 22:57:22.313132730 +0900 @@ -19,7 +19,7 @@ define subcomponents such as "Valves" at this level. Documentation at /docs/config/server.html --> -<Server port="8005" shutdown="SHUTDOWN"> +<Server port="9005" shutdown="SHUTDOWN"> <!--APR library loader. Documentation at /docs/apr.html --> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> @@ -66,9 +66,9 @@ APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 --> - <Connector port="8080" protocol="HTTP/1.1" + <Connector port="9080" protocol="HTTP/1.1" connectionTimeout="20000" - redirectPort="8443" /> + redirectPort="9443" /> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatThreadPool" @@ -81,13 +81,13 @@ connector should be using the OpenSSL style configuration described in the APR documentation --> <!-- - <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" + <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> --> <!-- Define an AJP 1.3 Connector on port 8009 --> - <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> + <Connector port="9009" protocol="AJP/1.3" redirectPort="9443" /> <!-- An Engine represents the entry point (within Catalina) that processes
$ sudo cp openam_953.war /opt/openam/apache-tomcat-6.0.33/webapps/openam.war
$ sudo /etc/rc.d/init.d/openam start
# ls /root/openam/ amAuthSafeWord.xml bootstrap install.log openam template amAuthUnix.xml config ldif opends
Configuration Store | Identity Store | |
Sun Directory Server | ○ | ○ |
組み込み Open DS | ○ | ○ |
Active Directory | × | ○ |
IBM Tivoli DS | × | ○ |
外部 Open DS | × | ○ |
Open LDAP | × | △(*) |
# /opt/openam/tools/openam/bin/ssoadm --version OpenSSO 9.5.3 Build 934 (2011-July-29 00:15) Logging configuration class "com.sun.identity.log.s1is.LogConfigReader" failed java.lang.NullPointerException Exception in thread "main" java.lang.ExceptionInInitializerError at com.sun.identity.log.LogManagerUtil.<clinit>(LogManagerUtil.java:66) at com.sun.identity.log.Logger.<clinit>(Logger.java:84) at com.sun.identity.cli.CommandManager.destroySSOTokens(CommandManager.java:784) at com.sun.identity.cli.CommandManager.<init>(CommandManager.java:203) at com.sun.identity.cli.CommandManager.main(CommandManager.java:150) Caused by: java.lang.NullPointerException at com.sun.identity.log.LogManager.addLogger(LogManager.java:131) at java.util.logging.LogManager$1.run(LogManager.java:199) at java.security.AccessController.doPrivileged(Native Method) at java.util.logging.LogManager.<clinit>(LogManager.java:175) ... 5 more
$ sudo mkdir /opt/openam/ssoAdminTools $ cd ssoAdminTools/ $ sudo unzip ~/ダウンロード/ssoAdminTools_953.zip $ su # ./setup OpenAM サーバーの設定ファイルのパス (例: /opensso):/root/openam デバッグディレクトリ:/opt/openam/ssoAdminTools/debug ログディレクトリ:/opt/openam/ssoAdminTools/log スクリプトは次のディレクトリに正しく設定されています: /opt/openam/ssoAdminTools/openam デバッグディレクトリは /opt/openam/ssoAdminTools/debug です。 ログディレクトリは /opt/openam/ssoAdminTools/log です。 この tools.zip のバージョン: 9.5.3 Build 934 (2011-July-29 00:15) サーバーインスタンスのバージョン: 9.5.3 Build 934 (2011-July-29 00:15)${TOOLS_DIR}/${INSTANCE NAME}/bin に、該当する Open AM の INSTANCE を操作するためのコマンドが展開される。
URL | localhost:50389 |
管理ユーザ | cn=Directory Manager |
パスワード | ampassword (amadmin のパスワードと同じ) |
Base DN | dc=opensso,dc=java,dc=net |