OpenAM with tomcat6 on Ubuntu 11.04

OpenAM logo

Today I’m not working the netbook, and have the space and memory to put OpenAM in a VirtualBox VM running Ubuntu Server 11.04. So that’s what I did.

Downloaded and unzipped the OpenAM 9.5.2 archive inside the VM image. Then I installed sun-java6-jdk, tomcat6 and tomcat6-admin with apt-get. For Tomcat, I carried out the release notes suggestion about editing the JAVA_OPTS to include -Xmx1024m -XX:MaxPermSize=256m. I also added an admin user with a manager role.

As there is no GUI running in the image, I stopped the VM, and then gave myself access to port 8080 on the guest from port 8080 on the host.

$ VBoxManage modifyvm OpenAM --natpf1 "openamweb,tcp,,8080,,8080"

That way I could deploy and configure OpenAM through the browser on the host. Deployment of the .war went smoothly.

After that I ran into an issue that confused me. As I installed Tomcat from apt-get rather than downloading it from Apache, the user running Tomcat is tomcat6. That user has access to places in /var/lib/tomcat6/webapps where OpenAM was deployed. Yet the configure step complained it could not write to /usr/share/tomcat6$HOME for tomcat6 according to /etc/passwd.

A link in the resulting error page sent me to an explanation about changing the configuration.dir value in /var/lib/tomcat6/webapps/openam/WEB-INF/classes/bootstrap.properties. So I created a configuration directory where tomcat6 could already write, and edited the file. But I actually ended up running sudo chmod 777 /usr/share/tomcat6 to allow the configuration process to proceed. Not that the process seems to have written anything to /usr/share/tomcat6.

(Surely there’s a better way.)

One more note: 9.5.2 seems to be missing a patch to the schema for using OpenDJ as an external configuration directory. You must set the single structural objectclass behavior to warn, or accept, rather than reject (the default).

Advertisements

6 Comments

Filed under Access Management

6 responses to “OpenAM with tomcat6 on Ubuntu 11.04

  1. With the tomcat6 package, I never had to change the firewall.
    When installing tomcat separately, this time on CentOS 6, I had to open port 8080 with iptables. What follows is probably not the correct way to do this, but it worked for me.

    Stop the iptables service.

    # /etc/init.d/iptables stop

    Edit /etc/sysconfig/iptables to add the following line just after the line that opens port 22 for ssh, and before any REJECT lines:

    -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT

    Start the iptables service.

    # /etc/init.d/iptables start
  2. Pingback: OpenAM: Basic core docs for install | Margin Notes 2.0

  3. On Ubuntu 12.04 the problem was that the user tomcat7 (I guess the same would apply for tomcat6) who runs tomcat, is configured to have his home in /usr/share/tomcat7 (in /etc/passwd). However, this directory is owned by root, which makes in unwriteable for tomcat7. The fix is

    chown -R tomcat7:tomcat7 /usr/share/tomcat7

  4. Pablo

    I Just change the folder owner to tomcat6, $ chown tomcat6:tomcat6 -R /usr/share/tomcat6
    Thanks!

  5. Fat Bloke

    I had exactly this problem with Oracle Linux 6 too.
    Thanks for the fixes guys.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s