OpenSSOInstallDebianEtch » History » Revision 4
« Previous |
Revision 4/13
(diff)
| Next »
Lutz Suhrbier, 02/05/2009 09:06 PM
- Table of contents
- OpenSSO Installation (with Debian Etch)
OpenSSO Installation (with Debian Etch)¶
This document will briefly describe the installation procedure of OpenSSO on a Debian Etch system.
The protocol logs the OpenSSO installation on idp.e-taxonomy.eu. Please, adapt this hostname to your environment.
Prerequisites¶
Installing Java¶
Follow Sun JDK Debian installation.
Installing Tomcat¶
First, follow Tomcat Debian installation.
Increase Java heap memory¶
Next, OpenSSO requires more heap space than configured by default. Increase the Java heap memory to at least 512MB by changing the following line in /etc/default/tomcat5.5:
CATALINA_OPTS="-Djava.awt.headless=true -Xmx512M -server"
Set ACL's¶
Change the owner/group of /usr/share/tomcat5.5 to tomcat55/root to prevent failure of the OpenSSO installation.
chown -R tomcat55:root /usr/share/tomcat5.5
Installing Apache¶
Follow Apache2.2 Denian installation, but omit installation of mod_jk!
==== mod_proxy installation ===
We will use mod_proxy instead of mod_jk to integrate Tomcat into Apache. There, enable the following Apache2 modules
a2enmod ssl a2enmod proxy a2enmod proxy_http a2enmod proxy_ajp
Configure Apache site for opensso¶
Create an individual Apache2 site for opensso (e.g. /etc/apache2/sites-available/opensso) or adapt the default site as follows:
Listen 443 <VirtualHost idp.e-taxonomy.eu:443> ServerAdmin webmaster@localhost ServerName idp.e-taxonomy.eu SSLEngine on SSLCertificateFile /etc/ssl/certs/idp.e-taxonomy.eu-cert.pem SSLCertificateKeyFile /etc/ssl/private/idp.e-taxonomy.eu-key.pem <Location /opensso> Allow from all ProxyPass ajp://localhost:8009/opensso/ ProxyPassReverse ajp://localhost:8009/opensso/ ProxyPassReverseCookiePath ajp://localhost:8009/opensso/ /opensso ProxyPassReverseCookieDomain ajp://localhost:8009/opensso/ idp.e-taxonomy.eu </Location> </VirtualHost>
Enable opensso site (if not configured as default) and restart Apache2 web server.
a2ensite opensso /etc/init.d/apache2 reload
Updated by Lutz Suhrbier about 15 years ago · 4 revisions