User Tools

Site Tools


ADUCID software

File and directory preparation

Prepare the aducid-aaa.service

# AAA modules need the following directories are created before installation:
mkdir -p /opt/aaa/install
mkdir /opt/aaa/logs
mkdir /opt/aaa/conf
mkdir /opt/aaa/conf/aducid
mkdir /opt/aaa/certs
mkdir /opt/aaa/aducid-error-pages
mkdir /opt/aaa/bin
mkdir -p /usr/lib64/openaaa/modules

Files for aducid-aaa-modules.

Export system variables

vi /etc/profile.d/

export OPENAAA_HANDLER=/usr/local/bin/tlsbinder
export OPENAAA_AUTHORITY=`hostname` 

Define the aducid-aaa.service

vi /usr/lib/systemd/system/aducid-aaa.service

Description=The ADUCID AAA Module
ExecStart=/opt/aaa/bin/ start
ExecReload=/opt/aaa/bin/ restart
ExecStop=/opt/aaa/bin/ stop

Create service files

vi /etc/sysconfig/aducid-aaa


vi /opt/aaa/bin/

#!/bin/bash -x
# Start stop or restart the ADUCID-AAA service
# PATH=/sbin:/usr/sbin:$PATH
# Check that networking is up.
. /etc/sysconfig/network
usage ()
        echo $"Usage: $0 {start|stop|restart}" 1>&2
start ()
/usr/bin/aaa -s -vv &
stop ()
kill -9 `cat /var/run/`
restart ()
case "$1" in
    stop) stop ;;
    status) status ;;
    start|restart|reload|force-reload) restart ;;
    *) usage ;;
exit $RETVAL

Directory to import info

mkdir -p ~/psqltools/myPEIG

Put the following files into the above directory and strip the “.file” extension:

cd ~/psqltools/myPEIG 
mv insert_home_aim_mypeig.sql.file insert_home_aim_mypeig.sql


Do one of the following:

  • Connect the ADUCID Server Kit DVD to virtual machine and mount it to /media/ADUCID
  • Copy the repository directory from the ADUCID Server Kit DVD to /media/ADUCID

Install the aducid-installer script (into /usr/local/bin) and start it

# in this directory, rpm files are located
cd /media/ADUCID/repository/el7/x86_64
# find the exact filename using the TAB key in the command prompt
yum localinstall aducid-repository-1.0-4.el7.centos.noarch.rpm
# dtto as above
yum localinstall aducid-installer-4.x.y-1.z.el7.centos.noarch.rpm   

The aducid-installer script (see /usr/local/bin/ asks about AIM server parameters:

AIM host Preferably whole DNS name
SPID (Service Provider ID) AIM machine inner identification. DNS hostname is a good candidate.
Display Name AIM identification that will be displayed on user PEIGs
Internal Network Network for R4 (Server App ↔ AIM) communication
AIM Sync Public/Private Key Certificates used to secure direct synchronization between two AIM servers (e.g. during identity link data transfers)
DB Password Password for DB access
Server icon 100×100 .png file that will be displayed on user PEIGs. This can be changed anytime, files are located in /usr/share/pixmaps
Proofing If you need to install sample proofing applications (Yes/No)

Post-install checks


Certificates for SSL comunication (like other parameters of SSL/TLS comunication) need to be set in /opt/aaa/conf/aducid-aaa.conf. It may happen that the install script rewrites your previous settings. Having corrected this settings, please restart the httpd24-httpd service.

SSLCertificateFile      /opt/aaa/certs/
SSLCertificateKeyFile   /opt/aaa/certs/
SSLCertificateChainFile /opt/aaa/certs/Thawte.CA.Intermediate.SHA256.crt
SSLCACertificateFile    /opt/aaa/certs/Thawte.CA.Primary.Root.G3.crt

Other certificates used by ADUCID server are listed in /opt/tomcat/conf/, see AIM Sync Public/Private Keys above. After you set this parameters to your certificate files, restart of the tomcat9.service is needed.


It is recommended to restart the server after installation.

Component checks

After restart, check main status of main components. postinstall checks

aim:~ root$ systemctl -l status httpd.service
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-11-07 23:11:21 CET; 2h 50min ago
 Main PID: 4800 (httpd)
   Status: “Total requests: 38; Idle/Busy workers 100/0;Requests/sec: 0.00373; Bytes served/sec:   7 B/sec”   CGroup: /system.slice/httpd.service
           ├─4800 /usr/sbin/httpd -DFOREGROUND
           ├─4801 /usr/sbin/httpd -DFOREGROUND
           ├─4802 /usr/sbin/httpd -DFOREGROUND
           ├─4803 /usr/sbin/httpd -DFOREGROUND
           ├─4804 /usr/sbin/httpd -DFOREGROUND
           ├─4806 /usr/sbin/httpd -DFOREGROUND
           └─5528 /usr/sbin/httpd -DFOREGROUND
aim:~ root$ systemctl -l status aducid-aaa.service
● aducid-aaa.service - The ADUCID AAA Module
   Loaded: loaded (/usr/lib/systemd/system/aducid-aaa.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2018-06-25 22:54:50 CEST; 11min ago
  Process: 890 ExecStart=/opt/aaa/bin/ start (code=exited, status=0/SUCCESS)
 Main PID: 901 (aaa)
   CGroup: /system.slice/aducid-aaa.service
           ├─901 aaad
           ├─905 aaa/1
           ├─906 aaa/2
           ├─907 aaa/3
           └─908 aaa/4
Jun 25 23:03:03 aaa[906]: sess.created:1529960583
Jun 25 23:03:03 aaa[906]: sess.modified:1529960583
Jun 25 23:03:03 aaa[906]: sess.expires:1529967783
Jun 25 23:03:03 aaa[906]: sent 168 byte(s)
Jun 25 23:03:03 aaa[905]: recv 94 byte(s)
Jun 25 23:03:03 aaa[905]:
Jun 25 23:03:03 aaa[905]: sess.created:1529960583
Jun 25 23:03:03 aaa[905]: sess.modified:1529960583
Jun 25 23:03:03 aaa[905]: sess.expires:1529967783
Jun 25 23:03:03 aaa[905]: sent 168 byte(s)
aim:~ root$ systemctl -l status tomcat9.service
● tomcat9.service - Apache Tomcat 9.0.6 Servlet Container
   Loaded: loaded (/usr/lib/systemd/system/tomcat9.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2018-06-25 22:54:50 CEST; 12min ago
  Process: 887 ExecStart=/opt/tomcat/bin/ (code=exited, status=0/SUCCESS)
 Main PID: 921 (java)
   CGroup: /system.slice/tomcat9.service
           └─921 /usr/java/default/bin/java -Djava.util.logging.config.file=/opt/tomcat/conf/ -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -server -Djava.awt.headless=true -Xms2g -Xmx2g -XX:+UseG1GC -XX:+UseStringDeduplication -XX:MaxGCPauseMillis=100 -Dignore.endorsed.dirs= -classpath /opt/tomcat/bin/bootstrap.jar:/opt/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/opt/tomcat -Dcatalina.home=/opt/tomcat org.apache.catalina.startup.Bootstrap start
Jun 25 22:54:50 systemd[1]: Starting Apache Tomcat 9.0.6 Servlet Container…Jun 25 22:54:50[887]: + cd /opt/tomcat
Jun 25 22:54:50[887]: + ./bin/
Jun 25 22:54:50 systemd[1]: Started Apache Tomcat 9.0.6 Servlet Container.

Compoment log checks

The system is fully ready after tomcat server start. This can be checked by looking into tomcat's catalina.out. tomcat log

aim:~ root$ tail -f /opt/tomcat/logs/catalina.out
Not found in 'org.owasp.esapi.resources' directory or file not readable: /opt/apache-tomcat-9.0.6/
Not found in SystemResource Directory/resourceDirectory: .esapi/
Not found in 'user.home' (/opt/tomcat) directory: /opt/tomcat/esapi/
Loading via file I/O failed.
Attempting to load via the classpath.
SUCCESSFULLY LOADED via the CLASSPATH from '/ (root)' using current thread context class loader!
25-Jun-2018 22:57:07.841 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/opt/apache-tomcat-9.0.6/webapps/qrtest.war] has finished in [3,228] ms
25-Jun-2018 22:57:07.861 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler [“http-nio-8080]
25-Jun-2018 22:57:07.884 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler [“ajp-nio-8009]
25-Jun-2018 22:57:07.889 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 133079 ms

Other log files:

AIM /opt/tomcat/log/aim.log
tomcat9.service /opt/tomcat/logs/*
aducid-aaa.service /var/log/messages
httpd.service /var/log/httpd/*

RPM Component summary

aducid-configurator.rpm installation and config script
aducid-repository.rpm yum repository file
aducid-aaa-modules.rpm Apache settings for ADUCID components
aim.rpm AIM and all basic components
aducid-proof.rpm Sample identity proofing apps

installation/03-aducid-software.txt · Last modified: 2021/02/19 14:55 by mpospisek