Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
tutorial:adm:modules_openam [2017/12/06 17:53]
apeterova openam - note about secured cookie 		tutorial:adm:modules_openam [2020/06/22 16:52]
apeterova mostly moved to admin guide, added info about OpenAM version
Line 1: Line 1:
 +====== Modules - OpenAM: installation and configuration ======
  
 +This tutorial will help you easily install and configure the OpenAM module for CzechIdM. To read more about the module, please see [[devel:documentation:modules_openam|OpenAM module documentation]].
 +
 +===== Installation =====
 +Download the idm-openam module distribution package. The package contains a backend folder. Your IdM Tomcat installation we call IDM in the following example.
 +  - Copy content of the backend folder into your tomcat IdM installation - [IDM]/WEB-INF/lib
 +  - Set correct access rights to the files if needed (''chown tomcat:tomcat [IDM]/WEB-INF/lib/*'')
 +  - Restart the IdM application server (''service tomcat restart'')
 +  - Log in to CzechIdM as an privileged user and go to Settings -> Modules and enable the openam module.
 +  - Go to the configuration and configure the properties needed for the communication with OpenAM (see below).
 +
 +===== Basic configuration =====
 +
 +First, you need to know the address of your running OpenAM instance (or instances) and its version.
 +
 +Based on that, set the following configuration properties:
 +  * ''idm.sec.openam.base.url'': if your OpenAM instance runs at ''https://amhost.domain.tld'', this property should be either ''https://amhost.domain.tld/openam/json'' (for OpenAM 13 and newer), or ''https://amhost.domain.tld/openam/identity'' (for OpenAM 12 and older).
 +  * ''idm.sec.openam.api.type'': set ''OPENAM13'' or ''OPENAM12'' based on the OpenAM version
 +
 +If your OpenAM installation uses realms for the users, you may need to set ''idm.sec.openam.login.payload'' - e.g. ''uri=realm=/customers'' for the realm "/customers". But the information about realm may be already included in the URL of the OpenAM instance (for OpenAM v. 13 and newer), so you may not need to set this property.
 +
 +If you run multiple instances (or need to support multiple realms), set as many values as you need to the above mentioned properties and separate the values with a comma.
 +
 +That's it! You probably don't need to set anything else. 
 +
 +All available properties are documented in the [[devel:documentation:adm:openam#configuration|Admin guide]].
  • by apeterova