CentOS 安装 OpenAM

于 2017-01-23 15:59:44 发布
阅读量452 收藏
点赞数
分类专栏: Linux 文章标签: 运维 java 操作系统
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/wayne_ren/article/details/84854048
版权
官网:[url=https://forgerock.org/openam/]https://forgerock.org/openam/[/url]

注意事项:
[list]
[*]关闭SELinux、IPv6、防火墙。
[*]OpenAM需要很大的内存建议最低2 GB。
[*]OpenAM内置的OpenDJ需要64K的File Descriptor。
[*]OpenAM的所有处理是基于domain的Cookie做的,所以不能通过localhost或IP来访问。
[*]Cookie Domain必须以点开头,比如".example.com"。但Tomcat8以后不允许Cookie Domain以点开头,改用Tomcat7即可。
[*]配置完成如果只看到“Loading...”,多数和Servlet容器有关,看一下Console错误输出。
[*]配置过程中会出现很多错误,可以删除/home/openam/openam、/usr/local/tomcat/webapps/openam两个文件夹后重启Tomcat从头开始配置。
[/list]

[quote]Server IP:192.168.21.177
Server URL:verify.example.com[/quote]

■设置hosts 
# cp /etc/hosts /etc/hosts.org
# vi /etc/hosts
192.168.21.177 verify.example.com
# diff /etc/hosts{,.org}
3,4d2
< 192.168.21.177 verify.example.com


■设置hostname 
# hostname verify.example.com
# cp /etc/hostname /etc/hostname.org
# vi /etc/hostname
verify.example.com
# diff /etc/hostname{,.org}
1c1
< verify.example.com
---
> localhost.localdomain


■添加openam用户 
# useradd -s /sbin/nologin openam
# id openam
uid=1000(openam) gid=1000(openam) groups=1000(openam)


■扩大文件打开数 
# cp /etc/security/limits.conf /etc/security/limits.conf.org
# vi /etc/security/limits.conf
openam soft nofile 65536
openam hard nofile 131072
# diff /etc/security/limits.conf{,.org}
62,66d61
< openam soft nofile 65536
< openam hard nofile 131072


■安装JDK 
# yum -y install java-1.8.0-openjdk
# java -version


■安装Tomcat 
# cd /usr/local/src
# wget http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.73/bin/apache-tomcat-7.0.73.tar.gz
# tar xzvf apache-tomcat-7.0.73.tar.gz
# mv apache-tomcat-7.0.73 /usr/local/tomcat
# vi /usr/local/tomcat/bin/setenv.sh
#!/bin/sh

JAVA_OPTS="-server -Xmx1024m"

export JAVA_OPTS
# keytool -genkey -alias tomcat -keyalg RSA -keystore /home/openam/.ssl
CN=verify.example.com
# vi /usr/local/tomcat/conf/server.xml
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
	       keystoreFile="/home/openam/.ssl"
	       keystorePass="123456" />

# chown -R openam. /usr/local/tomcat/
# chmod +x /usr/local/tomcat/bin/*.sh
# sudo -u openam /usr/local/tomcat/bin/startup.sh


■安装Apache 
# yum -y install httpd mod_ssl
# vi /etc/httpd/conf.d/openam.conf
Proxypass / ajp://localhost:8009/
# systemctl restart httpd
# systemctl enable httpd


■下载OpenAM
OpenAM Enterprise(OpenAM-13.0.0.zip)
https://backstage.forgerock.com/downloads/OpenAM/OpenAM%20Enterprise#browse
[img]http://dl2.iteye.com/upload/attachment/0122/7703/63d5dbce-031d-3ac1-81d3-4b3a96f470df.png[/img]
带"subscription only"标记的是收费版。

■安装OpenAM 
# cd /usr/local/src/
# unzip OpenAM-13.0.0.zip
# cp /usr/local/src/openam/OpenAM-13.0.0.war /usr/local/tomcat/webapps/openam.war
# sudo -u openam /usr/local/tomcat/bin/shutdown.sh 
# sudo -u openam /usr/local/tomcat/bin/startup.sh 
# tail -f /usr/local/tomcat/logs/catalina.out

启动完成后通过浏览器访问:https://verify.example.com/openam,首次会进入初期配置页面。
[quote]--- 设置Windows
C:\Windows\System32\drivers\etc\hosts
192.168.21.177 verify.example.com[/quote]

■OpenAM的初期配置
[img]http://dl2.iteye.com/upload/attachment/0122/7705/5bd13a32-563c-3ee3-b18e-ade243bd1cf1.png[/img]
[img]http://dl2.iteye.com/upload/attachment/0122/7707/72b5da0b-7826-3b2e-b279-f7e6f1e1921d.png[/img]
[img]http://dl2.iteye.com/upload/attachment/0122/7709/e23fcd3e-fd00-3020-8d96-ff4d6e19df14.png[/img]
[img]http://dl2.iteye.com/upload/attachment/0122/7711/9c209a27-3547-34cf-9b41-4f85cd892404.png[/img]
[img]http://dl2.iteye.com/upload/attachment/0122/7713/9a6a47f6-5893-32ec-8aff-833432b4995d.png[/img]
[img]http://dl2.iteye.com/upload/attachment/0122/7715/272a36e6-92cd-3428-a723-e1831068453c.png[/img]
[img]http://dl2.iteye.com/upload/attachment/0122/7717/dec8c3bd-5649-3b8a-89d2-67a969d2b68f.png[/img]
[img]http://dl2.iteye.com/upload/attachment/0122/7719/971d67f4-63f0-35b1-be37-a3c8fdfdc2f6.png[/img]
[img]http://dl2.iteye.com/upload/attachment/0122/7721/bfb9c3b6-528c-3d6c-88d4-91e8f066c2a2.png[/img]
[img]http://dl2.iteye.com/upload/attachment/0122/7723/5a2bc547-91fd-39c0-b356-dfa635c5ec06.png[/img]
[img]http://dl2.iteye.com/upload/attachment/0122/7725/1d19ec43-274b-3200-bcfc-4f82dc27538f.png[/img]
[img]http://dl2.iteye.com/upload/attachment/0122/7727/f0c8548d-e365-3b69-86ba-0c73941c4374.png[/img]
[img]http://dl2.iteye.com/upload/attachment/0122/7729/a1b561cb-64bd-33f4-862b-2b08851bb940.png[/img]
[img]http://dl2.iteye.com/upload/attachment/0122/7731/6e09434f-6d3a-39bc-b019-e8c8897907b1.png[/img]
[img]http://dl2.iteye.com/upload/attachment/0122/7733/a7d6494b-a197-3588-9b14-d7cd4eeadab8.png[/img]

参考:
http://qiita.com/tkhm/items/260493729d07b012e0e2
http://qiita.com/advent-calendar/2016/openam-alone
https://wikis.forgerock.org/confluence/pages/viewpage.action?pageId=29655440
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值