Pegasi Wiki

This wiki acts as a memo for our own work so why not share them? Feel free to browse and use out notes and leave a note while at it.

Install Apache Syncope identity management on CentOS 7

Operating system basics

Get your CentOS 7 updated first

yum update

Remove firewalld and install iptables services

yum erase firewalld
yum install iptables-services

Edit iptables config

vim /etc/sysconfig/iptables

Set up simple security and firewall ports by this kind of /etc/sysconfig/iptables for example </code> *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp –dport 22 -s <your workstation ip address> -j ACCEPT -A INPUT -p tcp -m tcp –dport 8080 -s <your workstation ip address> -j ACCEPT -A INPUT -d <broadcast ip> -j ACCEPT -A INPUT -d 255.255.255.255 -j ACCEPT -A INPUT -j LOG -A INPUT -j DROP -A FORWARD -j DROP COMMIT </code>

Restart iptables

systemctl restart iptables

Enable remote display to have the GUI installer (if you are on a new CentOS 7 minimal install)

yum install xauth

Package installations

Install maven

yum install latest maven

Install latest Tomcat and (admin) webapps

yum install tomcat tomcat-webapps tomcat-admin-webapps

Install mariadb-server. This is the open source MySQL.

yum install mariadb-server
systemctl start mariadb-server
mysql_secure_installation

Get JDBC connector for MariaDB to use with Tomcat. Latest can be found here. Copy .jar file to /usr/share/tomcat/lib/.

cp mariadb-java-client-x.x.x.jar /usr/share/tomcat/lib/

Base configurations

Configure database for syncope, do not use my example values.

mysql -u root -p
create database syncope;
grant all on syncope.* to 'syncope'@'localhost' identified by 'password';
exit

Configure MariaDB JDBC as a data source in Tomcat:

vim /etc/tomcat/context.xml

Add following and change the example values to your own

<Manager pathname="" />
<Resource name="jdbc/syncopeDataSource" auth="Container" type="javax.sql.DataSource"
          factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" testWhileIdle="true"
          testOnBorrow="true" testOnReturn="true" validationQuery="SELECT 1" validationInterval="30000"
          maxActive="100" minIdle="2" maxWait="10000" initialSize="2" removeAbandonedTimeout="20000"
          removeAbandoned="true" logAbandoned="true" suspectTimeout="20000"
          timeBetweenEvictionRunsMillis="5000" minEvictableIdleTimeMillis="5000"
          jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer"
          username="syncope" password="suncope" driverClassName="org.mariadb.jdbc.Driver"
          url="jdbc:mariadb://localhost:3306/syncope?characterEncoding=UTF-8"/>

Edit Tomcat users file

vim /etc/tomcat/tomcat-users.xml

clear all away and add following content AND CHANGE PASSWORD

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="manager" password="syncope" roles="manager-script"/>
</tomcat-users>

Edit /etc/tomcat/tomcat.conf to include

JAVA_OPTS="-Djava.awt.headless=true -Dfile.encoding=UTF-8 -server \
-Xms1536m -Xmx1536m -XX:NewSize=256m -XX:MaxNewSize=256m -XX:PermSize=256m \
-XX:MaxPermSize=256m -XX:+DisableExplicitGC"

(Re)start and check MariaDB and Tomcat are running

systemctl restart mariadb
systemctl restart tomcat
systemctl status mariadb
systemctl status tomcat

Install Apache Syncope

Get syncope installer from here

Launch Syncope installer

java -jar syncope-installer-*-uber.jar

Ride the installation and fill up the following (straight from Syncope documentation)

  Maven home directory: is the Maven home directory (/usr will work here)
  Group ID: something like 'com.mycompany' - maven overlay property
  Artifact ID: something like 'myproject' - maven overlay property
  Secret Key: Provide any pseudo-random, 16 character length, string here that will be used in the generated project for AES ciphering;
  Anonimous Key: - Provide any pseudo-random, 16 character length, string here that will be used in the generated project for AES ciphering;
  Configuration directory: where Syncope configuration files are stored;
  Log directory: where Syncope logs are stored;
  Bundle directory: where ConnId bundles are stored;
  Syncope version: the project version that would be to install.

Select MySQL as database and set database URL as

jdbc:mariadb://localhost:3306/syncope?characterEncoding=UTF-8

After installation stop Tomcat

systemctl tomcat stop

And change persistent connectivity from MySQL to Mariadb by editing files

  • <install-prefix>/syncope/core/src/main/resources/persistence.properties
  • <install-prefix>/core/target/classes/persistence.properties
  • <install-prefix>/core/target/syncope/WEB-INF/classes/persistence.properties

and replacing the contents with following (REMEMBER USERNAME/PASSWORD/DB NAME)

jpa.driverClassName=org.mariadb.jdbc.Driver
jpa.url=jdbc:mariadb://localhost:3306/syncope?characterEncoding=UTF-8
jpa.username=syncope
jpa.password=syncope
jpa.dialect=org.apache.openjpa.jdbc.sql.MariaDBDictionary
jpa.pool.validationQuery=SELECT 1
quartz.jobstore=org.quartz.impl.jdbcjobstore.StdJDBCDelegate
quartz.sql=tables_mariadb.sql
audit.sql=audit.sql
database.schema= 

Test Syncope console access

Access the Syncope console at

http://<ip address>:8080/syncope-console

Forgot admin password? ;)

Set up a new admin password by sha1summing it and changing it to security.properties file

Firstly grab the sha1sum of your password with command

unset HISTFILE
echo -n "new_password" | sha1sum

And modify it to the security.properties file

vim /var/lib/tomcat/webapps/syncope/WEB-INF/classes/security.properties

And restart tomcat

systemctl restart tomcat
 stars  from 0 votes

Leave a comment

old geezer, 2018/12/17 11:20
replacing current firewall for legacy solution not very professional
Enter your comment:
Q V G᠎ V H
 

  //check if we are running within the DokuWiki environment if (!defined("DOKU_INC")){ die(); } //place the needed HTML source codes BELOW this line