Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:czechidm_installation_tmp [2020/07/24 12:07] fiserp [Installation of CzechIdM - Linux - CentOS8] |
tutorial:adm:czechidm_installation_tmp [2020/07/24 12:52] fiserp [10. Final Steps] |
||
---|---|---|---|
Line 92: | Line 92: | ||
Now we will create configuration files the CzechIdM will use. | Now we will create configuration files the CzechIdM will use. | ||
< | < | ||
- | * The **/ | + | * The **/ |
- | cat / | + | cat / |
</ | </ | ||
* The **/ | * The **/ | ||
Line 123: | Line 123: | ||
</ | </ | ||
- | < | + | < |
- | <logger name=" | + | |
- | <logger name=" | + | |
- | <logger name=" | + | |
- | <logger name=" | + | |
- | <logger name=" | + | |
- | </ | + | |
- | + | ||
- | < | + | |
< | < | ||
< | < | ||
Line 151: | Line 143: | ||
</ | </ | ||
- | <logger name=" | + | <logger name=" |
< | < | ||
</ | </ | ||
<logger name=" | <logger name=" | ||
- | <logger name=" | + | <logger name=" |
- | <logger name=" | + | <logger name=" |
- | <logger name=" | + | <logger name=" |
- | </ | + | |
- | < | ||
- | <logger name=" | ||
- | <logger name=" | ||
- | <logger name=" | ||
- | <logger name=" | ||
- | <logger name=" | ||
</ | </ | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | |||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | </ | ||
- | </ | ||
- | |||
- | < | ||
- | < | ||
- | < | ||
- | </ | ||
- | <logger name=" | ||
- | < | ||
- | </ | ||
- | <logger name=" | ||
- | <logger name=" | ||
- | <logger name=" | ||
- | <logger name=" | ||
- | |||
- | </ | ||
</ | </ | ||
Line 287: | Line 244: | ||
There are two properties in application-production.properties that influence the confidential storage: | There are two properties in application-production.properties that influence the confidential storage: | ||
- | * You can set the 128bit (16byte) | + | * You can set the key directly in the property file using **cipher.crypt.secret.key** property |
- | * you can create separate file (in our case **secret.key**) containing a random string. Then you reference this file with **cipher.crypt.secret.keyPath** property. | + | * or (better) |
<note warning> | <note warning> | ||
- | Confidential storage uses AES/ | + | Confidential storage uses AES/ |
+ | < | ||
+ | Length of the key determines the cipher which will be used. If you use 128b (16byte) key, CzechIdM will use AES-128. If you use 256b (32byte) key, CzechIdM will use AES-256. | ||
+ | |||
+ | * OpenJDK/JDK 1.8u161 and all higher versions support AES-256 by default. | ||
+ | * Older versions (below 1.8u161) do not offer it. On those Java distributions, | ||
+ | |||
+ | </ | ||
=== Attachment store === | === Attachment store === | ||
Line 316: | Line 280: | ||
==== 6. Set correct permissions on CzechIdM files ==== | ==== 6. Set correct permissions on CzechIdM files ==== | ||
- | **CentOS** | ||
< | < | ||
chown tomcat: | chown tomcat: | ||
Line 325: | Line 288: | ||
==== 7. Adjust Tomcat' | ==== 7. Adjust Tomcat' | ||
- | Apache Tomcat has to know where the new configuration is. Because CzechIdM uses SpringBoot project, we simply add the **/ | + | Apache Tomcat has to know where the new configuration is. Because CzechIdM uses SpringBoot project, we simply add the '' |
- | Create new file **/ | + | Create new file '' |
<code bash:> | <code bash:> | ||
Line 366: | Line 329: | ||
</ | </ | ||
==== 9. Deploy the CzechIdM ==== | ==== 9. Deploy the CzechIdM ==== | ||
- | Download the latest CzechIdM version. Currently it is idm-app-9.4.0.war. | + | Download the latest CzechIdM version. Currently it is idm-app-10.4.1.war. |
Ensure Tomcat is stopped: | Ensure Tomcat is stopped: | ||
Line 372: | Line 335: | ||
systemctl stop tomcat.service | systemctl stop tomcat.service | ||
</ | </ | ||
- | Copy the identity manager WAR into webapps folder in Tomcat and name it **idm.war**: | + | Copy the identity manager WAR into webapps folder in Tomcat and name it '' |
< | < | ||
- | cp idm-app-9.4.0.war / | + | cp idm-app-10.4.1.war / |
- | chown tomcat: | + | |
</ | </ | ||
Start the Tomcat container:< | Start the Tomcat container:< | ||
systemctl start tomcat.service | systemctl start tomcat.service | ||
</ | </ | ||
- | If everything is set up right, the CzechIdM will deploy. Default log is **/ | + | If everything is set up right, the CzechIdM will deploy. Default log is '' |
Line 389: | Line 351: | ||
<code bash> | <code bash> | ||
+ | firewall-cmd --permanent --add-port=80/ | ||
firewall-cmd --permanent --add-port=443/ | firewall-cmd --permanent --add-port=443/ | ||
firewall-cmd --reload | firewall-cmd --reload |