Differences

This shows you the differences between two versions of the page.

--- installation:03-aducid-software [2019/08/01 09:09]
tjotov created
+++ installation:03-aducid-software [2021/02/19 14:55] (current)
mpospisek
@@ Line 3: / Line 3: @@
 **Prepare the aducid-aaa.service**
-<sxh bash>
+<codedoc code:bash>
-# --- AAA modules need the following directories are created before installation:
+# AAA modules need the following directories are created before installation:
 mkdir -p /opt/aaa/install
@@ Line 15: / Line 15: @@
 mkdir -p /usr/lib64/openaaa/modules
-# --- Files for aducid-aaa-modules.
+</codedoc>
-# **Please check your server hostname in these files, as indicated.**
+Files for aducid-aaa-modules.
-# --- Export system variables
+Export system variables
-# /etc/profile.d/openaaa.sh
+<codedoc>
-echo \
+vi /etc/profile.d/openaaa.sh
-"#!/bin/bash
+</codedoc>
+<sxh>
+#!/bin/bash
 export OPENAAA_PROTOCOL=aaa
-export OPENAAA_HANDLER=/usr/local/bin/aducid
+export OPENAAA_HANDLER=/usr/local/bin/tlsbinder
 export OPENAAA_AUTHORITY=`hostname`
-" > /etc/profile.d/openaaa.sh
+</sxh>
-# --- Define the aducid-aaa.service
+Define the aducid-aaa.service
-# /usr/lib/systemd/system/aducid-aaa.service
+<codedoc>
-echo \
+vi /usr/lib/systemd/system/aducid-aaa.service
-"[Unit]
+</codedoc>
+<sxh>
+[Unit]
 Description=The ADUCID AAA Module
 After=network.target remote-fs.target nss-lookup.target
@@ Line 43: / Line 48: @@
 [Install]
 WantedBy=multi-user.target
-" >/usr/lib/systemd/system/aducid-aaa.service
+</sxh>
-# --- Create service files
+Create service files
-# /etc/sysconfig/aducid-aaa
+<codedoc>
-echo \
+vi /etc/sysconfig/aducid-aaa
-"OPENAAA_PROTOCOL=aaa
+</codedoc>
-OPENAAA_HANDLER=/usr/local/bin/aducid
+<sxh>
+OPENAAA_PROTOCOL=aaa
+OPENAAA_HANDLER=/usr/local/bin/tlsbinder
 OPENAAA_AUTHORITY=`hostname`
-" > /etc/sysconfig/aducid-aaa
 </sxh>
 <codedoc>
@@ Line 101: / Line 108: @@
 **Directory to import mypeig.aducid.com info**
-<sxh>
+<codedoc>
 mkdir -p ~/psqltools/myPEIG
-</sxh>
+</codedoc>
 Put the following files into the above directory and strip the ".file" extension:
   * {{ :documentation:install:insert_home_aim_mypeig.sql.file |insert_home_aim_mypeig.sql.file}}
   * {{ :documentation:install:mypeig.aducid.com.crt.file |mypeig.aducid.com.crt.file}}
-<sxh>
+<codedoc>
 cd ~/psqltools/myPEIG
 mv insert_home_aim_mypeig.sql.file insert_home_aim_mypeig.sql
 mv mypeig.aducid.com.crt.file mypeig.aducid.com.crt
-</sxh>
+</codedoc>
@@ Line 122: / Line 129: @@
   * Copy the repository directory from the ADUCID Server Kit DVD to  /media/ADUCID
-Install and run the aducid-installer script
+Install the aducid-installer script (into /usr/local/bin) and start it
-<sxh>
+<codedoc code:bash>
 # in this directory, rpm files are located
 cd /media/ADUCID/repository/el7/x86_64
@@ Line 129: / Line 136: @@
 yum localinstall aducid-repository-1.0-4.el7.centos.noarch.rpm
 # dtto as above
-yum localinstall aducid-installer-4.1.0-1.rc1.el7.centos.noarch.rpm
+yum localinstall aducid-installer-4.x.y-1.z.el7.centos.noarch.rpm
-# now, the install script will be in the path (/usr/local/bin), invoke it
+#
 aducid-installer
-</sxh>
+</codedoc>
+{{ :installation:aim4_installer.png?600 |}}
 The aducid-installer script (see /usr/local/bin/aducid-installer.sh) asks about AIM server parameters:
-| hostname | Preferably whole DNS name |
+| AIM host | Preferably whole DNS name |
-| service provider ID | AIM machine inner identification. DNS hostname is a good candidate. |
+| SPID | (Service Provider ID) AIM machine inner identification. DNS hostname is a good candidate. |
-| icon file | 100x100 .png file that will be seen on client PEIGs. This can be changed anytime, files are located in /usr/share/pixmaps |
+| Display Name | AIM identification that will be displayed on user PEIGs |
-| replication password | In fact, DB access password for account created during install |
+| Internal Network | Network for R4 (Server App <-> AIM) communication |
+| AIM Sync Public/Private Key | Certificates used to secure direct synchronization between two AIM servers (e.g. during identity link data transfers) |
+| DB Password | Password for DB access |
+| Server icon | 100x100 .png file that will be displayed on user PEIGs. This can be changed anytime, files are located in /usr/share/pixmaps |
+| Proofing | If you need to install sample proofing applications (Yes/No) |
 ===== Post-install checks =====
@@ Line 152: / Line 165: @@
 </codedoc>
-Other certificates used by ADUCID server are listed in /opt/tomcat/conf/ADUCID.properties. After you set this parameters to your certificate files, restart of the tomcat9.service is needed.
+Other certificates used by ADUCID server are listed in /opt/tomcat/conf/ADUCID.properties, see AIM Sync Public/Private Keys above. After you set this parameters to your certificate files, restart of the tomcat9.service is needed.
 <sxh bash>
 PUBLIC_KEY=/opt/aaa/certs/wild.aducid.com.crt
@@ Line 165: / Line 178: @@
 postinstall checks
 <codedoc code:bash>
-orange-d3:~ root$ systemctl -l status httpd.service
+aim:~ root$ systemctl -l status httpd.service
 ● httpd.service - The Apache HTTP Server
    Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
@@ Line 180: / Line 193: @@
            └─5528 /usr/sbin/httpd -DFOREGROUND
-orange-d3:~ root$ systemctl -l status aducid-aaa.service
+aim:~ root$ systemctl -l status aducid-aaa.service
 ● aducid-aaa.service - The ADUCID AAA Module
    Loaded: loaded (/usr/lib/systemd/system/aducid-aaa.service; enabled; vendor preset: disabled)
@@ Line 193: / Line 206: @@
            └─908 aaa/4
-Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: sess.created:1529960583
+Jun 25 23:03:03 aim.aducid.com aaa[906]: sess.created:1529960583
-Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: sess.modified:1529960583
+Jun 25 23:03:03 aim.aducid.com aaa[906]: sess.modified:1529960583
-Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: sess.expires:1529967783
+Jun 25 23:03:03 aim.aducid.com aaa[906]: sess.expires:1529967783
-Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: 127.0.0.1:36274 sent 168 byte(s)
+Jun 25 23:03:03 aim.aducid.com aaa[906]: 127.0.0.1:36274 sent 168 byte(s)
-Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: 127.0.0.1:52677 recv 94 byte(s)
+Jun 25 23:03:03 aim.aducid.com aaa[905]: 127.0.0.1:52677 recv 94 byte(s)
-Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.id:a6ae3724b541fb22127a207882e99ee2d1b0c762922ceff78dd4839872a712ab
+Jun 25 23:03:03 aim.aducid.com aaa[905]: sess.id:a6ae3724b541fb22127a207882e99ee2d1b0c762922ceff78dd4839872a712ab
-Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.created:1529960583
+Jun 25 23:03:03 aim.aducid.com aaa[905]: sess.created:1529960583
-Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.modified:1529960583
+Jun 25 23:03:03 aim.aducid.com aaa[905]: sess.modified:1529960583
-Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.expires:1529967783
+Jun 25 23:03:03 aim.aducid.com aaa[905]: sess.expires:1529967783
-Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: 127.0.0.1:52677 sent 168 byte(s)
+Jun 25 23:03:03 aim.aducid.com aaa[905]: 127.0.0.1:52677 sent 168 byte(s)
-orange-d3:~ root$ systemctl -l status tomcat9.service
+aim:~ root$ systemctl -l status tomcat9.service
 ● tomcat9.service - Apache Tomcat 9.0.6 Servlet Container
    Loaded: loaded (/usr/lib/systemd/system/tomcat9.service; enabled; vendor preset: disabled)
@@ Line 211: / Line 224: @@
  Main PID: 921 (java)
    CGroup: /system.slice/tomcat9.service
-           └─921 /usr/java/default/bin/java -Djava.util.logging.config.file=/opt/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -server -Dcom.sun.management.jmxremote.port=8086 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Xms2g -Xmx2g -XX:+UseG1GC -XX:+UseStringDeduplication -XX:MaxGCPauseMillis=100 -Dignore.endorsed.dirs= -classpath /opt/tomcat/bin/bootstrap.jar:/opt/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/opt/tomcat -Dcatalina.home=/opt/tomcat -Djava.io.tmpdir=/opt/tomcat/temp org.apache.catalina.startup.Bootstrap start
+           └─921 /usr/java/default/bin/java -Djava.util.logging.config.file=/opt/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -server -Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Xms2g -Xmx2g -XX:+UseG1GC -XX:+UseStringDeduplication -XX:MaxGCPauseMillis=100 -Dignore.endorsed.dirs= -classpath /opt/tomcat/bin/bootstrap.jar:/opt/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/opt/tomcat -Dcatalina.home=/opt/tomcat -Djava.io.tmpdir=/opt/tomcat/temp org.apache.catalina.startup.Bootstrap start
-Jun 25 22:54:50 orange-d3.aducid.com systemd[1]: Starting Apache Tomcat 9.0.6 Servlet Container...
+Jun 25 22:54:50 aim.aducid.com systemd[1]: Starting Apache Tomcat 9.0.6 Servlet Container...
-Jun 25 22:54:50 orange-d3.aducid.com tomcat-startup.sh[887]: + cd /opt/tomcat
+Jun 25 22:54:50 aim.aducid.com tomcat-startup.sh[887]: + cd /opt/tomcat
-Jun 25 22:54:50 orange-d3.aducid.com tomcat-startup.sh[887]: + ./bin/startup.sh
+Jun 25 22:54:50 aim.aducid.com tomcat-startup.sh[887]: + ./bin/startup.sh
-Jun 25 22:54:50 orange-d3.aducid.com systemd[1]: Started Apache Tomcat 9.0.6 Servlet Container.
+Jun 25 22:54:50 aim.aducid.com systemd[1]: Started Apache Tomcat 9.0.6 Servlet Container.
 </codedoc>
@@ Line 226: / Line 239: @@
 <codedoc code:bash>
-orange-d3:~ root$ tail -f /opt/tomcat/logs/catalina.out
+aim:~ root$ tail -f /opt/tomcat/logs/catalina.out
 Not found in 'org.owasp.esapi.resources' directory or file not readable: /opt/apache-tomcat-9.0.6/validation.properties
 Not found in SystemResource Directory/resourceDirectory: .esapi/validation.properties
@@ Line 254: / Line 267: @@
+[<>]

ADUCID 4.x

User Tools

Site Tools

Differences

Page Tools