CentOS 安装 OpenAM

官网：https://forgerock.org/openam/

注意事项：

• 关闭SELinux、IPv6、防火墙。
• OpenAM需要很大的内存建议最低2 GB。
• OpenAM内置的OpenDJ需要64K的File Descriptor。
• OpenAM的所有处理是基于domain的Cookie做的，所以不能通过localhost或IP来访问。
• Cookie Domain必须以点开头，比如".example.com"。但Tomcat8以后不允许Cookie Domain以点开头，改用Tomcat7即可。
• 配置完成如果只看到“Loading...”,多数和Servlet容器有关，看一下Console错误输出。
• 配置过程中会出现很多错误，可以删除/home/openam/openam、/usr/local/tomcat/webapps/openam两个文件夹后重启Tomcat从头开始配置。

引用

Server IP：192.168.21.177
Server URL：verify.example.com

■设置hosts

# cp /etc/hosts /etc/hosts.org
# vi /etc/hosts
192.168.21.177 verify.example.com
# diff /etc/hosts{,.org}
3,4d2
< 192.168.21.177 verify.example.com

■设置hostname

# hostname verify.example.com
# cp /etc/hostname /etc/hostname.org
# vi /etc/hostname
verify.example.com
# diff /etc/hostname{,.org}
1c1
< verify.example.com
---
> localhost.localdomain

■添加openam用户

# useradd -s /sbin/nologin openam
# id openam
uid=1000(openam) gid=1000(openam) groups=1000(openam)

■扩大文件打开数

# cp /etc/security/limits.conf /etc/security/limits.conf.org
# vi /etc/security/limits.conf
openam soft nofile 65536
openam hard nofile 131072
# diff /etc/security/limits.conf{,.org}
62,66d61
< openam soft nofile 65536
< openam hard nofile 131072

■安装JDK

# yum -y install java-1.8.0-openjdk
# java -version

■安装Tomcat

# cd /usr/local/src
# wget http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.73/bin/apache-tomcat-7.0.73.tar.gz
# tar xzvf apache-tomcat-7.0.73.tar.gz
# mv apache-tomcat-7.0.73 /usr/local/tomcat
# vi /usr/local/tomcat/bin/setenv.sh
#!/bin/sh

JAVA_OPTS="-server -Xmx1024m"

export JAVA_OPTS
# keytool -genkey -alias tomcat -keyalg RSA -keystore /home/openam/.ssl
CN=verify.example.com
# vi /usr/local/tomcat/conf/server.xml
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
	       keystoreFile="/home/openam/.ssl"
	       keystorePass="123456" />

# chown -R openam. /usr/local/tomcat/
# chmod +x /usr/local/tomcat/bin/*.sh
# sudo -u openam /usr/local/tomcat/bin/startup.sh 

■安装Apache

# yum -y install httpd mod_ssl
# vi /etc/httpd/conf.d/openam.conf
Proxypass / ajp://localhost:8009/
# systemctl restart httpd
# systemctl enable httpd

■下载OpenAM
OpenAM Enterprise（OpenAM-13.0.0.zip）
https://backstage.forgerock.com/downloads/OpenAM/OpenAM%20Enterprise#browse

带"subscription only"标记的是收费版。

■安装OpenAM

# cd /usr/local/src/
# unzip OpenAM-13.0.0.zip
# cp /usr/local/src/openam/OpenAM-13.0.0.war /usr/local/tomcat/webapps/openam.war
# sudo -u openam /usr/local/tomcat/bin/shutdown.sh 
# sudo -u openam /usr/local/tomcat/bin/startup.sh 
# tail -f /usr/local/tomcat/logs/catalina.out

启动完成后通过浏览器访问：https://verify.example.com/openam，首次会进入初期配置页面。

引用

--- 设置Windows
C:\Windows\System32\drivers\etc\hosts
192.168.21.177       verify.example.com

■OpenAM的初期配置
















参考：
http://qiita.com/tkhm/items/260493729d07b012e0e2
http://qiita.com/advent-calendar/2016/openam-alone
https://wikis.forgerock.org/confluence/pages/viewpage.action?pageId=29655440