OpenAM: Deploy 10.0.0 on GlassFish 3.1.2

OpenAM Community Logo GlassFish 3.1.2 and OpenAM 10.0.0 have some library conflicts that you can resolve. The key part of this explanation — removing glassfish-full-profile and metro packages — is from Peter Major.

Before You Deploy

Note that this is not currently a supported configuration. As Peter mentions in OPENAM-33, you might have problems in the Web Services parts of OpenAM.

Remove glassfish-full-profile and metro packages before deploying OpenAM 10.0.0. Do this either when you install GlassFish, or after you have stopped the server.

$ cd /path/to
$ unzip ~/Downloads/glassfish-3.1.2.zip
...
$ /path/to/glassfish3/bin/pkg uninstall glassfish-full-profile

The software needed for this command (pkg) is not installed.
...
Software successfully installed. You may now re-run this command (pkg).
$ /path/to/glassfish3/bin/pkg uninstall glassfish-full-profile
PHASE                                        ACTIONS
Removal Phase                                  19/19
$ /path/to/glassfish3/bin/pkg uninstall metro
PHASE                                        ACTIONS
Removal Phase                                  36/36
$ /path/to/glassfish3/bin/asadmin start-domain domain1
Waiting for domain1 to start ....
Successfully started the domain : domain1
domain  Location: /path/to/glassfish3/glassfish/domains/domain1
Log File: /path/to/glassfish3/glassfish/domains/domain1/logs/server.log
Admin Port: 4848
Command start-domain executed successfully.

Deploying OpenAM

  1. OpenAM needs an FQDN at configuration time.
    To get started quickly, fake an FQDN on your laptop or desktop by giving the system an alias such as laptop.example.com or desktop.example.com. If you have never done so before, it’s not too hard. See the Wikipedia entry on the hosts file.
  2. In your browser, open the GlassFish admin console.
  3. Under Common Tasks > Deployment, select Deploy an Application.
  4. Deploy the OpenAM .war. (I usually rename this one to openam.war.)
  5. Browse to OpenAM and configure your server.

Domain Settings

As mentioned in the Installation Guide, “OpenAM core services require a minimum JVM heap size of 1 GB, and a permanent generation size of 256 MB.”

$ /path/to/glassfish3/bin/asadmin stop-domain domain1
Waiting for the domain to stop ............
Command stop-domain executed successfully.
$ cp glassfish3/glassfish/domains/domain1/config/domain.xml glassfish3/glassfish/domains/domain1/config/domain.orig
$ vi glassfish3/glassfish/domains/domain1/config/domain.xml
$ diff glassfish3/glassfish/domains/domain1/config/domain.xml glassfish3/glassfish/domains/domain1/config/domain.orig
153c153
<         -XX:MaxPermSize=256m
---
>         -XX:MaxPermSize=192m
155c155
<         -server
---
>         -client
163c163
<         -Xmx1024m
---
>         -Xmx512m
$ /path/to/glassfish3/bin/asadmin start-domain domain1
Waiting for domain1 to start ......................................
Successfully started the domain : domain1
domain  Location: /path/to/glassfish3/glassfish/domains/domain1
Log File: /path/to/glassfish3/glassfish/domains/domain1/logs/server.log
Admin Port: 4848
Command start-domain executed successfully.

After the restart, OpenAM should be ready to use.

Advertisements

4 Comments

Filed under Access Management, Docs

4 responses to “OpenAM: Deploy 10.0.0 on GlassFish 3.1.2

  1. Couple of notes from me:
    * you can deploy openam.war without the admin console:
    asadmin deploy –name openam –contextroot /openam openam.war
    * the JVM settings does not seem to be necessary on GF boxes for some reason, I’m always using the defaults and they just work fine.
    * asadmin might fail the first time you start up after the package removals, but the second start-domain will succeed.

  2. There is one more thing I’d like to add:
    for some strange reason, GF 3.1.2 by default has this JVM option:
    -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as
    This means that if you are trying to connect to OpenDJ over LDAPS, then GlassFish will kindly include its certificate for client authentication resulting in very cryptic error messages… Remove this property in order to disable client cert authentication for outbound connections.

  3. ipsi

    If you would prefer not to muck around with this, I believe the above commands result in a Glassfish that is very similar to the ‘-web’ version (for example, glassfish-3.1.2.2-web-unix.sh) you can download. Depending on exactly what you need out of Glassfish, you might find it easier to just download that version, rather than the full version and then uninstall a lot of what makes it the full version. I can confirm that OpenAM 10.0.1 deploys successfully to Glassfish Web, and I seem to be able to get it configured. I can’t vouch that *everything* works, but it could be an option.

  4. John Harby

    Thank you so much for this information. It has been very valuable for me.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s