OpenAM: Deploy on JBoss 7

OpenAM Community Logo OpenAM 10.0.0 supports JBoss 7 as a container. Victor Ake wrote a Wiki article that I followed to prepare this.

You must get JBoss 7 ready to deploy OpenAM by editing the modules it uses. You must also edit the OpenAM .war file before you deploy to specify where OpenAM stores its configuration.

Prepare JBoss 7

  1. Stop JBoss.
  2. Add the Sun x509 security module path to the JBoss 7 configuration.
    The following example uses JBoss 7.1.1.

    $ cp /path/to/jboss7/modules/sun/jdk/main/module.xml  /path/to/jboss7/modules/sun/jdk/main/module.orig
    $ vi /path/to/jboss7/modules/sun/jdk/main/module.xml
    $ diff -c /path/to/jboss7/modules/sun/jdk/main/module.orig /path/to/jboss7/modules/sun/jdk/main/module.xml
    *** /path/to/jboss7/modules/sun/jdk/main/module.orig     2012-04-18 14:55:21.766012573 +0200
    --- /path/to/jboss7/modules/sun/jdk/main/module.xml     2012-04-18 14:56:46.426012174 +0200
    ***************
    *** 38,43 ****
    --- 38,44 ----
    <path name="com/sun/security/auth"/>
    <path name="com/sun/security/auth/login"/>
    <path name="com/sun/security/auth/module"/>
    +                 <path name="sun/security/x509"/>
    <path name="sun/misc"/>
    <path name="sun/io"/>
    <path name="sun/nio"/>
  3. Disable modules that conflict with OpenAM.
    • The following example uses JBoss 7.1.1 standalone.
      $ cp /path/to/jboss7/standalone/configuration/standalone.xml /path/to/jboss7/standalone/configuration/standalone.orig
      $ vi /path/to/jboss7/standalone/configuration/standalone.xml
      $ diff -c /path/to/jboss7/standalone/configuration/standalone.orig /path/to/jboss7/standalone/configuration/standalone.xml
      *** /path/to/jboss7/standalone/configuration/standalone.orig     2012-04-18 15:00:03.190016793 +0200
      --- /path/to/jboss7/standalone/configuration/standalone.xml     2012-04-18 15:05:12.362011635 +0200
      ***************
      *** 9,15 ****
      <extension module="org.jboss.as.deployment-scanner"/>
      <extension module="org.jboss.as.ee"/>
      <extension module="org.jboss.as.ejb3"/>
      -         <extension module="org.jboss.as.jaxrs"/>
      <extension module="org.jboss.as.jdr"/>
      <extension module="org.jboss.as.jmx"/>
      <extension module="org.jboss.as.jpa"/>
      --- 9,14 ----
      ***************
      *** 24,30 ****
      <extension module="org.jboss.as.threads"/>
      <extension module="org.jboss.as.transactions"/>
      <extension module="org.jboss.as.web"/>
      -         <extension module="org.jboss.as.webservices"/>
      <extension module="org.jboss.as.weld"/>
      </extensions>
      
      --- 23,28 ----
      ***************
      *** 163,169 ****
      </local-cache>
      </cache-container>
      </subsystem>
      -         <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
      <subsystem xmlns="urn:jboss:domain:jca:1.1">
      <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
      <bean-validation enabled="true"/>
      --- 161,166 ----
      ***************
      *** 262,277 ****
      <alias name="example.com"/>
      </virtual-server>
      </subsystem>
      -         <subsystem xmlns="urn:jboss:domain:webservices:1.1">
      -             <modify-wsdl-address>true</modify-wsdl-address>
      -             <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
      -             <endpoint-config name="Standard-Endpoint-Config"/>
      -             <endpoint-config name="Recording-Endpoint-Config">
      -                 <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
      -                     <handler name="RecordingHandler"/>
      -                 </pre-handler-chain>
      -             </endpoint-config>
      -         </subsystem>
      <subsystem xmlns="urn:jboss:domain:weld:1.0"/>
      </profile>
      
      --- 259,264 ----
    • The following example uses JBoss 7.1.1 for a managed domain.
      $ cp /path/to/jboss7/domain/configuration/domain.xml /path/to/jboss7/domain/configuration/domain.orig
      $ vi /path/to/jboss7/domain/configuration/domain.xml
      $ diff -c /path/to/jboss7/domain/configuration/domain.orig /path/to/jboss7/domain/configuration/domain.xml
      *** /path/to/jboss7/domain/configuration/domain.orig     2012-04-18 15:06:35.406024942 +0200
      --- /path/to/jboss7/domain/configuration/domain.xml     2012-04-18 15:08:13.114010802 +0200
      ***************
      *** 11,17 ****
      <extension module="org.jboss.as.ejb3"/>
      <extension module="org.jboss.as.jacorb"/>
      <extension module="org.jboss.as.jaxr"/>
      -         <extension module="org.jboss.as.jaxrs"/>
      <extension module="org.jboss.as.jdr"/>
      <extension module="org.jboss.as.jmx"/>
      <extension module="org.jboss.as.jpa"/>
      --- 11,16 ----
      ***************
      *** 29,35 ****
      <extension module="org.jboss.as.threads"/>
      <extension module="org.jboss.as.transactions"/>
      <extension module="org.jboss.as.web"/>
      -         <extension module="org.jboss.as.webservices"/>
      <extension module="org.jboss.as.weld"/>
      </extensions>
      <system-properties>
      --- 28,33 ----
      ***************
      *** 146,152 ****
      </local-cache>
      </cache-container>
      </subsystem>
      -             <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
      <subsystem xmlns="urn:jboss:domain:jca:1.1">
      <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
      <bean-validation enabled="true"/>
      --- 144,149 ----
      ***************
      *** 246,261 ****
      <alias name="example.com"/>
      </virtual-server>
      </subsystem>
      -             <subsystem xmlns="urn:jboss:domain:webservices:1.1">
      -                 <modify-wsdl-address>true</modify-wsdl-address>
      -                 <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
      -                 <endpoint-config name="Standard-Endpoint-Config"/>
      -                 <endpoint-config name="Recording-Endpoint-Config">
      -                     <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
      -                         <handler name="RecordingHandler"/>
      -                     </pre-handler-chain>
      -                 </endpoint-config>
      -             </subsystem>
      <subsystem xmlns="urn:jboss:domain:weld:1.0"/>
      </profile>
      <profile name="ha">
      --- 243,248 ----
      ***************
      *** 544,559 ****
      <alias name="example.com"/>
      </virtual-server>
      </subsystem>
      -             <subsystem xmlns="urn:jboss:domain:webservices:1.1">
      -                 <modify-wsdl-address>true</modify-wsdl-address>
      -                 <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
      -                 <endpoint-config name="Standard-Endpoint-Config"/>
      -                 <endpoint-config name="Recording-Endpoint-Config">
      -                     <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
      -                         <handler name="RecordingHandler"/>
      -                     </pre-handler-chain>
      -                 </endpoint-config>
      -             </subsystem>
      <subsystem xmlns="urn:jboss:domain:weld:1.0"/>
      </profile>
      <profile name="full">
      --- 531,536 ----
      ***************
      *** 859,874 ****
      <alias name="example.com"/>
      </virtual-server>
      </subsystem>
      -             <subsystem xmlns="urn:jboss:domain:webservices:1.1">
      -                 <modify-wsdl-address>true</modify-wsdl-address>
      -                 <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
      -                 <endpoint-config name="Standard-Endpoint-Config"/>
      -                 <endpoint-config name="Recording-Endpoint-Config">
      -                     <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
      -                         <handler name="RecordingHandler"/>
      -                     </pre-handler-chain>
      -                 </endpoint-config>
      -             </subsystem>
      <subsystem xmlns="urn:jboss:domain:weld:1.0"/>
      </profile>
      <profile name="full-ha">
      --- 836,841 ----
      ***************
      *** 1275,1290 ****
      <alias name="example.com"/>
      </virtual-server>
      </subsystem>
      -             <subsystem xmlns="urn:jboss:domain:webservices:1.1">
      -                 <modify-wsdl-address>true</modify-wsdl-address>
      -                 <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
      -                 <endpoint-config name="Standard-Endpoint-Config"/>
      -                 <endpoint-config name="Recording-Endpoint-Config">
      -                     <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
      -                         <handler name="RecordingHandler"/>
      -                     </pre-handler-chain>
      -                 </endpoint-config>
      -             </subsystem>
      <subsystem xmlns="urn:jboss:domain:weld:1.0"/>
      </profile>
      </profiles>
      --- 1242,1247 ----

Prepare the OpenAM .war File

Edit the bootstrap.properties file to specify the configuration.dir where OpenAM stores its configuration.

$ mkdir /tmp/unpack-openam
$ cd /tmp/unpack-openam
$ jar -xf ~/Downloads/openam.war
$ vi WEB-INF/classes/bootstrap.properties
$ grep ^configuration.dir WEB-INF/classes/bootstrap.properties
configuration.dir=/home/username/openam
$ jar -cf ~/openam.war *

Deploy OpenAM

Deploy the updated .war file to JBoss 7.

  1. OpenAM needs an FQDN at configuration time.
    To get started quickly, fake an FQDN on your laptop or desktop by giving the system an alias such as laptop.example.com or desktop.example.com. If you have never done so before, it’s not too hard. See the Wikipedia entry on the hosts file.
  2. Start JBoss, and login to the admin console.
  3. Manage Deployments > Add Content, and then choose the .war file you prepared.
  4. Enable OpenAM to complete deployment of the .war file.
  5. Browse to the OpenAM console and proceed to configure OpenAM.
    If you are not sure what to configure, see the Install Guide for hints.

When you reach this point, you can start working with OpenAM.


Notes

If like me you are not too familiar with JBoss, and want to access the console from another host, try adding -b ip-listen-address to the startup command, such as -b 0.0.0.0 to listen on all interfaces. Then in the admin console, you can set this for the admin console itself, Admin GUI > Profile > Interfaces > management > Edit… > Inet Address: Change 127.0.0.1 to 0.0.0.0. (Not a recommendation for production, but it might save you some time getting started with your evaluation.)

Advertisements

1 Comment

Filed under Access Management, Docs

One response to “OpenAM: Deploy on JBoss 7

  1. Also set -Dorg.apache.tomcat.util.http.ServerCookie.ALWAYS_ADD_EXPIRES=true as described in https://bugster.forgerock.org/jira/browse/OPENAM-1359

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s