Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
tutorial:adm:czechidm_installation_win [2019/10/17 13:26]
urbanl Added changes in tomcat properties and logback spring for log rotation.
tutorial:adm:czechidm_installation_win [2020/06/10 17:01] (current)
apeterova fake certificate
Line 8: Line 8:
  
 ==== Create DB user and database in PostgreSQL ==== ==== Create DB user and database in PostgreSQL ====
-Open a **PSQL** binary from the Start menu. A windows-cmd-like window should appear with a prompt. Create a db user and a database for CzechIdM.+Open a **PSQL** binary from the Start menu (for the OpenSCG PostgreSQL) or fire-up the cmd terminal and run ''​psql.exe -U postgres''​ (for the EnterpriseDB PostgreSQL). A windows-cmd-like window should appear with a prompt. Create a db user and a database for CzechIdM.
  
-<​code>​+<​code ​sql>
 CREATE USER czechidm PASSWORD '​*****';​ CREATE USER czechidm PASSWORD '​*****';​
 +
 +-- Choose appropriate collation and create database.
 +-- with english collation (we expect the default windows installation with cp1250/​cp1252 and "​English_United States"​ collation).
 CREATE DATABASE "​czechidm"​ WITH OWNER '​czechidm'​ ENCODING '​UTF8'​ template '​template0';​ CREATE DATABASE "​czechidm"​ WITH OWNER '​czechidm'​ ENCODING '​UTF8'​ template '​template0';​
 +-- with czech collation
 +CREATE DATABASE "​czechidm"​ WITH OWNER '​czechidm'​ ENCODING '​UTF8'​ LC_COLLATE = '​czech_czech'​ LC_CTYPE = '​czech_czech'​ template '​template0';​
 </​code>​ </​code>​
  
 Use the pgAdmin or PSQL to test the database connection under the ''​czechidm''​ user. Use the pgAdmin or PSQL to test the database connection under the ''​czechidm''​ user.
 ==== JDBC driver installation ==== ==== JDBC driver installation ====
-Download the PostgreSQL JDBC driver from the [[https://​jdbc.postgresql.org/​download.html|this URL]] and move it to the C:\CzechIdM\lib\ directory ​(create the directory if it does not exist).+Download the PostgreSQL JDBC driver from the [[https://​jdbc.postgresql.org/​download.html|this URL]] and move it to the ''​C:\Program Files\Apache Software Foundation\Tomcat 8.5\lib\'' ​directory.
 ==== Configure environment properties. Select application profile ==== ==== Configure environment properties. Select application profile ====
 Run the **Monitor Tomcat** application from the Start menu. Configure following settings: Run the **Monitor Tomcat** application from the Start menu. Configure following settings:
   * Add ''​C:​\CzechIdM\etc;​C:​\CzechIdM\lib;​C:​\CzechIdM\lib\\*;''​ to the **beginning of the** ''​CLASSPATH''​. If you followed the [[tutorial:​adm:​server_preparation_win|]] guide, this should already be in place.   * Add ''​C:​\CzechIdM\etc;​C:​\CzechIdM\lib;​C:​\CzechIdM\lib\\*;''​ to the **beginning of the** ''​CLASSPATH''​. If you followed the [[tutorial:​adm:​server_preparation_win|]] guide, this should already be in place.
-  * Add ''​-Dspring.profiles.active=production''​ and ''​-Djava.util.Arrays.useLegacyMergeSort=true''​to the ''​Java options''​.+  * Add ''​-Dspring.profiles.active=production''​ to the ''​Java options''​.
  
 === Change Tomat logging properties === === Change Tomat logging properties ===
Line 27: Line 32:
 In order to set-up log rotation we need stop logging to stdout and start logging to catalina.log . In order to set-up log rotation we need stop logging to stdout and start logging to catalina.log .
  
-Make these changes in file "/​c/​Program\ Files/Apache\ SoftwareFoundation/Tomcat\ 8.5/conf/logging.properties"+Make these changes in file ''​C:​\Program ​Files\Apache ​Software Foundation\Tomcat ​8.5\conf\logging.properties'':​
 Comment out console handler. We don't want tomcat to log to stdout or stderr. Comment out console handler. We don't want tomcat to log to stdout or stderr.
 <​code>​ <​code>​
Line 69: Line 74:
 ==== Create SSL truststore ==== ==== Create SSL truststore ====
 Open the Git Bash and navigate to the ''/​c/​czechidm/​etc''​. Then create fake certificate which will be, for this time, the only certificate in the truststore. Open the Git Bash and navigate to the ''/​c/​czechidm/​etc''​. Then create fake certificate which will be, for this time, the only certificate in the truststore.
-<​code>​+<​code ​bash>
 openssl genrsa -out fakecert.key openssl genrsa -out fakecert.key
 +# if the following command fails, remove the parameter -subj and supply the values interactively
 openssl req -new -key fakecert.key -out fakecert.csr -subj "/​C=CZ/​ST=Czech Republic/​L=Prague/​O=BCV/​CN=CzechIdM placeholder cert" openssl req -new -key fakecert.key -out fakecert.csr -subj "/​C=CZ/​ST=Czech Republic/​L=Prague/​O=BCV/​CN=CzechIdM placeholder cert"
 openssl x509 -req -in fakecert.csr -signkey fakecert.key -days 1 -sha256 -out fakecert.crt openssl x509 -req -in fakecert.csr -signkey fakecert.key -days 1 -sha256 -out fakecert.crt
Line 164: Line 170:
 flyway.enabled=true flyway.enabled=true
    
-scheduler.enabled=true +
-scheduler.task.queue.process=1000 +
-scheduler.event.queue.process=1000+
 scheduler.properties.location=quartz-production.properties scheduler.properties.location=quartz-production.properties
 +
 logging.config=c:/​czechidm/​etc/​logback-spring.xml logging.config=c:/​czechidm/​etc/​logback-spring.xml
 +
 idm.sec.core.demo.data.enabled=false idm.sec.core.demo.data.enabled=false
    
-#spring.cache.ehcache.config=classpath:​ehcache.xml +attachments will be stored under this path
-  +# new directories for attachment will be created in this folder (permissions has to be added) 
-spring.activiti.processDefinitionLocationPrefix=classpath*:/​eu/​bcvsolutions/​idm/​workflow+# System.getProperty("​user.home")/idm_data will be used if no path is given 
-idm.sec.core.notification.template.folder=classpath*:/eu/​bcvsolutions/​idm/​templates/​ +idm.sec.core.attachment.storagePath=c:/czechidm/data
-idm.sec.core.script.folder=classpath*:/​eu/​bcvsolutions/​idm/​scripts/+
 # configuration property for default backup ​ # configuration property for default backup ​
 idm.sec.core.backups.default.folder.path=c:/​czechidm/​backup idm.sec.core.backups.default.folder.path=c:/​czechidm/​backup
-  + 
- +
 idm.pub.security.allowed-origins=http://​localhost idm.pub.security.allowed-origins=http://​localhost
 # Generate JWT token security string as "cat /​dev/​urandom | tr -dc '​a-z0-9'​ | head -c VALUE" where VALUE can be from 1 to 255. # Generate JWT token security string as "cat /​dev/​urandom | tr -dc '​a-z0-9'​ | head -c VALUE" where VALUE can be from 1 to 255.
Line 185: Line 190:
 idm.sec.security.jwt.secret.token=********** TODO ********* idm.sec.security.jwt.secret.token=********** TODO *********
 idm.sec.security.jwt.expirationTimeout=36000000 idm.sec.security.jwt.expirationTimeout=36000000
- 
-# recaptcha 
-# - recaptchaservice endpoint ​ 
-#​idm.sec.security.recaptcha.url=https://​www.google.com/​recaptcha/​api/​siteverify 
-# - secret key, can be generated here https://​www.google.com/​recaptcha/​admin 
-idm.sec.security.recaptcha.secretKey=xxx 
-# Proxy for HTTP requests 
-#​idm.sec.core.http.proxy=12.34.56.78:​1234 
    
 # Cipher secret key for crypt values in confidential storage # Cipher secret key for crypt values in confidential storage
Line 199: Line 196:
 cipher.crypt.secret.keyPath=c:/​czechidm/​etc/​secret.key cipher.crypt.secret.keyPath=c:/​czechidm/​etc/​secret.key
    
- +# Defaults for: emailer.* 
 +# test.enabled=true means mail WILL NOT be sent
 idm.sec.core.emailer.test.enabled=true idm.sec.core.emailer.test.enabled=true
 # http://​camel.apache.org/​mail.html # http://​camel.apache.org/​mail.html
Line 208: Line 206:
 # idm.sec.core.emailer.password=password # idm.sec.core.emailer.password=password
 idm.sec.core.emailer.from=czechidm@localhost idm.sec.core.emailer.from=czechidm@localhost
-  
-## Global property that allow disable or enable sending notification from WF 
-idm.sec.core.wf.notification.send=false 
-  
-  
-# supports delete identity 
-idm.pub.core.identity.delete=true 
-# 
-# default password change type for custom users, one of values: ​ 
-# DISABLED - password change is disable 
-# ALL_ONLY - users can change passwords only for all accounts 
-# CUSTOM - users can choose for which accounts change password 
-idm.pub.core.identity.passwordChange=ALL_ONLY 
-# 
-# required old password for change password 
-idm.pub.core.identity.passwordChange.requireOldPassword=true 
-# 
-# create default identity'​s contract, when identity is created 
-idm.pub.core.identity.create.defaultContract.enabled=true 
-  
    
 # Default user role will be added automatically,​ after an identity is logged in # Default user role will be added automatically,​ after an identity is logged in
Line 236: Line 214:
 idm.sec.core.role.admin=superAdminRole idm.sec.core.role.admin=superAdminRole
    
-  +Max file size of uploaded file. Values can use the suffixed "​MB"​ or "​KB" ​to indicate a Megabyte or Kilobyte size. 
-ID system against which to authenticate +spring.servlet.multipart.max-file-size=100MB 
-idm.sec.security.auth.systemId+spring.servlet.multipart.max-request-size=100MB
- +
-# attachments will be stored under this path. +
-# new directories for attachment will be created in this folder (permissions has to be added) +
-# System.getProperty("​user.home"​)/​idm_data will be used if no path is given +
-idm.sec.core.attachment.storagePath=c:/​czechidm/​data+
 </​file>​ </​file>​