This is an old revision of the document!

ADUCID software

Directories for aducid-aaa-modules

AAA modules need the following directories are created before installation:

mkdir /opt/aaa/install
mkdir /opt/aaa/logs
mkdir /opt/aaa/conf
mkdir /opt/aaa/conf/aducid
mkdir /opt/aaa/certs
mkdir /opt/aaa/aducid-error-pages
mkdir /opt/aaa/bin
mkdir -p /usr/lib64/openaaa/modules

Files for aducid-aaa-modules. Please adjust your server hostname in these files, as indicated.

vi /etc/profile.d/

export OPENAAA_HANDLER=/usr/local/bin/aducid
export OPENAAA_AUTHORITY=`hostname`

vi /usr/lib/systemd/system/aducid-aaa.service

Description=The ADUCID AAA Module
ExecStart=/opt/aaa/bin/ start
ExecReload=/opt/aaa/bin/ restart
ExecStop=/opt/aaa/bin/ stop

vi /etc/sysconfig/aducid-aaa

# This file can be used to set additional environment variables for
# the httpd process, or pass additional options to the httpd
# executable.
# Note: With previous versions of httpd, the MPM could be changed by
# editing an "HTTPD" variable here.  With the current version, that
# variable is now ignored.  The MPM is a loadable module, and the
# choice of MPM can be changed by editing the configuration file
# /etc/httpd/conf.modules.d/00-mpm.conf.
# To pass additional options (for instance, -D definitions) to the
# httpd binary at startup, set OPTIONS here.
# This setting ensures the httpd process is started in the "C" locale
# by default.  (Some modules will not behave correctly if
# case-sensitive string comparisons are performed in a different
# locale.)

vi /opt/aaa/bin/

#!/bin/bash -x
# Start stop or restart the ADUCID-AAA service
# PATH=/sbin:/usr/sbin:$PATH
# Check that networking is up.
. /etc/sysconfig/network
usage ()
        echo $"Usage: $0 {start|stop|restart}" 1>&2
start ()
/usr/bin/aaa -s -vv &
stop ()
kill -9 `cat /var/run/`
restart ()
case "$1" in
    stop) stop ;;
    status) status ;;
    start|restart|reload|force-reload) restart ;;
    *) usage ;;
exit $RETVAL

Do one of the following:

  • Connect the ADUCID Server Kit DVD to virtual machine and mount it to /media/ADUCID
  • Copy the repository directory from the ADUCID Server Kit DVD to /media/ADUCID

Install and run the aducid-installer script

# in this directory, rpm files are located
cd /media/ADUCID/repository/el7/x86_64
# find the exact filename using the TAB key in the command prompt
yum localinstall aducid-repository-
# dtto as above
yum localinstall aducid-installer-   
# now, the install script will be in the path (/usr/local/bin), invoke it

The aducid-installer script (see /usr/local/bin/ asks about AIM server parameters:

hostname Preferably whole DNS name
service provider ID AIM machine inner identification. DNS hostname is a good candidate.
icon file 100×100 .png file that will be seen on client PEIGs. This can be changed anytime, files are located in /usr/share/pixmaps
replication password In fact, DB access password for account created during install

Post-install checks


Certificates for SSL comunication (like other parameters of SSL/TLS comunication) need to be set in /opt/aaa/conf/aducid-aaa.conf. It may happen that the install script rewrites your previous settings. Having corrected this settings, please restart the httpd24-httpd service.

SSLCertificateFile      /opt/aaa/certs/
SSLCertificateKeyFile   /opt/aaa/certs/
SSLCertificateChainFile /opt/aaa/certs/Thawte.CA.Intermediate.SHA256.crt
SSLCACertificateFile    /opt/aaa/certs/Thawte.CA.Primary.Root.G3.crt

Other certificates used by ADUCID server are listed in /opt/tomcat/conf/ After you set this parameters to your certificate files, restart of the tomcat9.service is needed.


It is recommended to restart the server after installation.

Component checks

After restart, check main status of main components. postinstall checks

orange-d3:~ root$ systemctl -l status httpd24-httpd.service
● httpd24-httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd24-httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2018-06-25 22:54:51 CEST; 9min ago
 Main PID: 913 (httpd)
   Status: “Total requests: 11; Idle/Busy workers 100/0;Requests/sec: 0.0187; Bytes served/sec:  37 B/sec”   CGroup: /system.slice/httpd24-httpd.service
           ├─ 913 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
           ├─1129 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
           ├─1130 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
           ├─1131 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
           ├─1132 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
           ├─1133 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
           └─1697 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
Jun 25 23:03:03 [1697]: msg:accept:SSLv3 read certificate verify A
Jun 25 23:03:03 [1697]: msg:accept:SSLv3 read finished A
Jun 25 23:03:03 [1697]: msg:accept:SSLv3 write change cipher spec A
Jun 25 23:03:03 [1697]: msg:accept:SSLv3 write finished A
Jun 25 23:03:03 [1697]: msg:accept:SSLv3 flush data
Jun 25 23:03:03 [1697]: msg:negotiate:SSL negotiation finished successfully
Jun 25 23:03:03 [1697]: id=a6ae3724b541fb22127a207882e99ee2d1b0c762922ceff78dd4839872a712ab hash=8112 index=0
Jun 25 23:03:03 [1697]: sent 94 byte(s)
Jun 25 23:03:03 [1697]: recv 168 byte(s)
Jun 25 23:03:03 [1697]: msg:alert write:warning:close notify
# do not be confused with the following message: “The ADUCID Apache HTTP Server”orange-d3:~ root$ systemctl -l status aducid-aaa.service
● aducid-aaa.service - The ADUCID Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/aducid-aaa.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2018-06-25 22:54:50 CEST; 11min ago
  Process: 890 ExecStart=/opt/aaa/bin/ start (code=exited, status=0/SUCCESS)
 Main PID: 901 (aaa)
   CGroup: /system.slice/aducid-aaa.service
           ├─901 aaad
           ├─905 aaa/1
           ├─906 aaa/2
           ├─907 aaa/3
           └─908 aaa/4
Jun 25 23:03:03 aaa[906]: sess.created:1529960583
Jun 25 23:03:03 aaa[906]: sess.modified:1529960583
Jun 25 23:03:03 aaa[906]: sess.expires:1529967783
Jun 25 23:03:03 aaa[906]: sent 168 byte(s)
Jun 25 23:03:03 aaa[905]: recv 94 byte(s)
Jun 25 23:03:03 aaa[905]:
Jun 25 23:03:03 aaa[905]: sess.created:1529960583
Jun 25 23:03:03 aaa[905]: sess.modified:1529960583
Jun 25 23:03:03 aaa[905]: sess.expires:1529967783
Jun 25 23:03:03 aaa[905]: sent 168 byte(s)
orange-d3:~ root$ systemctl -l status tomcat9.service
● tomcat9.service - Apache Tomcat 9.0.6 Servlet Container
   Loaded: loaded (/usr/lib/systemd/system/tomcat9.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2018-06-25 22:54:50 CEST; 12min ago
  Process: 887 ExecStart=/opt/tomcat/bin/ (code=exited, status=0/SUCCESS)
 Main PID: 921 (java)
   CGroup: /system.slice/tomcat9.service
           └─921 /usr/java/default/bin/java -Djava.util.logging.config.file=/opt/tomcat/conf/ -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -server -Djava.awt.headless=true -Xms2g -Xmx2g -XX:+UseG1GC -XX:+UseStringDeduplication -XX:MaxGCPauseMillis=100 -Dignore.endorsed.dirs= -classpath /opt/tomcat/bin/bootstrap.jar:/opt/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/opt/tomcat -Dcatalina.home=/opt/tomcat org.apache.catalina.startup.Bootstrap start
Jun 25 22:54:50 systemd[1]: Starting Apache Tomcat 9.0.6 Servlet Container…Jun 25 22:54:50[887]: + cd /opt/tomcat
Jun 25 22:54:50[887]: + ./bin/
Jun 25 22:54:50 systemd[1]: Started Apache Tomcat 9.0.6 Servlet Container.

Compoment log checks

The system is fully ready after tomcat server start. This can be checked by looking into tomcat's catalina.out. tomcat log

orange-d3:~ root$ tail -f /opt/tomcat/logs/catalina.out
Not found in 'org.owasp.esapi.resources' directory or file not readable: /opt/apache-tomcat-9.0.6/
Not found in SystemResource Directory/resourceDirectory: .esapi/
Not found in 'user.home' (/opt/tomcat) directory: /opt/tomcat/esapi/
Loading via file I/O failed.
Attempting to load via the classpath.
SUCCESSFULLY LOADED via the CLASSPATH from '/ (root)' using current thread context class loader!
25-Jun-2018 22:57:07.841 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/opt/apache-tomcat-9.0.6/webapps/qrtest.war] has finished in [3,228] ms
25-Jun-2018 22:57:07.861 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler [“http-nio-8080]
25-Jun-2018 22:57:07.884 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler [“ajp-nio-8009]
25-Jun-2018 22:57:07.889 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 133079 ms

Other log files:

AIM /opt/tomcat/log/aim.log
tomcat9.service /opt/tomcat/logs/*
aducid-aaa.service /var/log/messages
httpd.service /var/log/httpd/*

RPM Component summary

aducid-configurator.rpm installation and config script
aducid-repository.rpm yum repository file
aducid-aaa-modules.rpm Apache settings for ADUCID components
aim.rpm AIM and all basic components
aducid-proof.rpm Sample identity proofing apps
  • documentation/server-install-aducid.1541639064.txt.gz
  • Last modified: 2018/11/08 01:04
  • by mpospisek