Sunday, May 2, 2010

Deploying WSO2 IS-3.0.0 on Apache tomcat



PLEASE NOTE THAT THIS FEATURE IS NOT GOING TO BE SUPPORTED BY WSO2 FROM CARBON 4.0.0 ONWARDS.


WSO2 Identity Server is an open source server which provides Identity and Entitlement management facilities. WSO2 IS-3.0.0 also supports OpenIS, Information cards, XACML, XMPP based Multifactor Authentication, Security Token Service and many more features.

Another main feature is that it can be deployed on most of the application servers such as Apache Tomcat, Jboss, WebLogic and WebSphere. Here I've described how to deploy WSO2 IS-3.0.0 on Apache tomcat6.*

Step 1:
Download Apache Tomcat 6.* and extract the package. Set the CATALINA_HOME in bash profile
e.g.
For linux users
export CATALINA_HOME=”top level directory of your Tomcat install”

For windows users
set CATALINA_HOME=”top level directory of your Tomcat install”

Step 2:
Download WSO2 IS distribution and extract it to any preferred location.

Step 3:
To deploy IS on tomcat following steps should be followed.
Go to CATALINA_HOME/webapps and create a folder with the name “is” (Can use any name)
Copy WEB-INF folder from webapps/ROOT in IS distribution and paste it in “is” folder (Created in the above step).
If you need the logs to get printed in the console, copy log4j.properties file from lib folder in IS distribution and paste it in CATALINA_HOME/webapps/is/WEB-INF/classes.

Step 4:
Normally for any WSO2 Carbon product, the environment variable called “CARBON_HOME” is the top level directory of the product distribution. But when the product is deployed on an application server, to set up the CARBON_HOME following steps should be followed.
In the file system create a new folder and name it. (e.g. “is-repo”)
Copy the following folders from IS distribution and paste them in the new folder (“is-repo”)
conf, repository and resources
Set the directory “is-repo” as CARBON_HOME
e.g.
For linux users:
export CARBON_HOME =/home/pavithra/is/is-repo
For windows users:
set CARBON_HOME = D:\is\is-repo

Step 5:
In tomcat, by default the http port is 8080 and it's enabled. But it's https port is disabled. Thus to enable the https port go to CATALINA_HOME/conf and add the following tag in server.xml file.


enableLookups="true" disableUploadTimeout="true"

acceptCount="100" maxThreads="200"

scheme="https" secure="true" SSLEnabled="true"

keystoreFile="/home/pavithra/is-repo/resources/security/wso2carbon.jks"
keystorePass="wso2carbon"

clientAuth="false" sslProtocol="TLS"/>

Note:
The path to wso2carbon.jks in is-repo/resources/security should be set as the key store file
e.g. : keystoreFile="/home/pavithra/is-repo/resources/security/wso2carbon.jks"

KeystorePass should be “wso2carbon”

Step 6:
As I mentioned above http transport port for tomcat is 8080. Now we have set port 8443 for https transport. The default http and https ports for IS are 9763 and 9443 respectively. Thus to map ports accordingly edit axis2.xml in is-repo/repository/conf as follows.

class="org.wso2.carbon.core.transports.http.HttpTransportListener">
8080


class="org.wso2.carbon.core.transports.http.HttpsTransportListener">
8443


Step 7:
The server url in the login page of IS is used to access the backend server. To change the server url following steps should be followed.
Go to is-repo/repository/conf and open carbon.xml
Change the context root to “is” (folder name created in CATALINA_HOME / webapps)
/is

change the server url to https://localhost:8443/is/services/
https://localhost:8443/is/services/

Step 8:
To chang OpenId server url and OpenId user pattern accordingly edit identity.xml in is-repo/repository/conf

https://localhost:8443/is/openidserver

https://localhost:8443/is/openid/
Step 9:
The DB url in registry.xml and user-mgt.xml in is-repo/repository/conf still points to an invalid path. Thus change it to the actual db path as follows.

jdbc:h2:/home/pavithra/is-repo/database/ON_DB

Note: The path of the database which is in is-repo should be specified here.

Step 10:
Since the configuration is over start the tomcat server. To start tomcat, in the command prompt go to it's bin and provide the appropriate command.
For linux users : sh catalina.sh run
For windows users : catalina.bat run

Step 11:
To access IS, type the following url in the browser.
https://localhost:8443/is/carbon