注意事项:
- 关闭SELinux、IPv6、防火墙。
- OpenAM需要很大的内存建议最低2 GB。
- OpenAM内置的OpenDJ需要64K的File Descriptor。
- OpenAM的所有处理是基于domain的Cookie做的,所以不能通过localhost或IP来访问。
- Cookie Domain必须以点开头,比如".example.com"。但Tomcat8以后不允许Cookie Domain以点开头,改用Tomcat7即可。
- 配置完成如果只看到“Loading...”,多数和Servlet容器有关,看一下Console错误输出。
- 配置过程中会出现很多错误,可以删除/home/openam/openam、/usr/local/tomcat/webapps/openam两个文件夹后重启Tomcat从头开始配置。
引用
Server IP:192.168.21.177
Server URL:verify.example.com
Server URL:verify.example.com
■设置hosts
# cp /etc/hosts /etc/hosts.org
# vi /etc/hosts
192.168.21.177 verify.example.com
# diff /etc/hosts{,.org}
3,4d2
< 192.168.21.177 verify.example.com
■设置hostname
# hostname verify.example.com
# cp /etc/hostname /etc/hostname.org
# vi /etc/hostname
verify.example.com
# diff /etc/hostname{,.org}
1c1
< verify.example.com
---
> localhost.localdomain
■添加openam用户
# useradd -s /sbin/nologin openam # id openam uid=1000(openam) gid=1000(openam) groups=1000(openam)
■扩大文件打开数
# cp /etc/security/limits.conf /etc/security/limits.conf.org
# vi /etc/security/limits.conf
openam soft nofile 65536
openam hard nofile 131072
# diff /etc/security/limits.conf{,.org}
62,66d61
< openam soft nofile 65536
< openam hard nofile 131072
■安装JDK
# yum -y install java-1.8.0-openjdk # java -version
■安装Tomcat
# cd /usr/local/src
# wget http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.73/bin/apache-tomcat-7.0.73.tar.gz
# tar xzvf apache-tomcat-7.0.73.tar.gz
# mv apache-tomcat-7.0.73 /usr/local/tomcat
# vi /usr/local/tomcat/bin/setenv.sh
#!/bin/sh
JAVA_OPTS="-server -Xmx1024m"
export JAVA_OPTS
# keytool -genkey -alias tomcat -keyalg RSA -keystore /home/openam/.ssl
CN=verify.example.com
# vi /usr/local/tomcat/conf/server.xml
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/home/openam/.ssl"
keystorePass="123456" />
# chown -R openam. /usr/local/tomcat/
# chmod +x /usr/local/tomcat/bin/*.sh
# sudo -u openam /usr/local/tomcat/bin/startup.sh
■安装Apache
# yum -y install httpd mod_ssl # vi /etc/httpd/conf.d/openam.conf Proxypass / ajp://localhost:8009/ # systemctl restart httpd # systemctl enable httpd
■下载OpenAM
OpenAM Enterprise(OpenAM-13.0.0.zip)
https://backstage.forgerock.com/downloads/OpenAM/OpenAM%20Enterprise#browse
带"subscription only"标记的是收费版。
■安装OpenAM
# cd /usr/local/src/ # unzip OpenAM-13.0.0.zip # cp /usr/local/src/openam/OpenAM-13.0.0.war /usr/local/tomcat/webapps/openam.war # sudo -u openam /usr/local/tomcat/bin/shutdown.sh # sudo -u openam /usr/local/tomcat/bin/startup.sh # tail -f /usr/local/tomcat/logs/catalina.out
启动完成后通过浏览器访问:https://verify.example.com/openam,首次会进入初期配置页面。
引用
--- 设置Windows
C:\Windows\System32\drivers\etc\hosts
192.168.21.177 verify.example.com
C:\Windows\System32\drivers\etc\hosts
192.168.21.177 verify.example.com
■OpenAM的初期配置
参考: http://qiita.com/tkhm/items/260493729d07b012e0e2 http://qiita.com/advent-calendar/2016/openam-alone https://wikis.forgerock.org/confluence/pages/viewpage.action?pageId=29655440