Installing OpenAM on Fedora 21

Re-acquainting myself with OpenAM recently, I decided to see how easy it would install on my Fedora 21 workstation with the shipping Apache Tomcat server and OpenJDK packages.

Fedora 21 ships with the Apache Tomcat 7.0.59 servlet container, or at least this is what will get installed if you do a “yum install tomcat”. Also standard is OpenJDK 1.8.0 as periodically updated by upstream.

Although I’ve had issues installing the latest non-subscription release of OpenAM 11 in that environment, it turned out that OpenAM 12.0.0 set up without a hitch.

After installing OpenAM, see my article on setting up the most excellent OpenAM Tools to get the biggest bang for your buck.

Steps follow:

1. Install all tomcat packages (key are tomcat-webapps, tomcat-admin-webapps).

2. Modify tomcat user to change shell to /bin/bash and set password (by default Red Hat creates the tomcat user with a shell of /usr/sbin/nologin and no password).

3. Configure admin account in /etc/tomcat/tomcat-users.xml with all roles (manager, manager-gui, manager-script, manager-jmx, admin, admin-gui, admin-script). Set password.

4. Unzip OpenAM-12.0.0.zip downloaded from ForgeRock and drilled down through openam to copy OpenAM-12.0.0.war to /var/lib/tomcat/webapps/openam.war.

5. Create an OpenAM server config directory, /usr/share/tomcat/openam. Make tomcat the owner.

6. Start tomcat (“systemctl start tomcat”).

7. Go to OpenAM url, http://test.example.com:8080/openam. Select “Custom Configuration”.

8. Enter the Default User [amAdmin] password.

9. Accept the default OpenAM Config Data Store (this is actually an embedded OpenDJ LDAP server. Enter /usr/share/tomcat/openam as the OpenAM config directory.

10. Enter configuration details for your own LDAP directory, if using 389 Directory or a legacy Sun Directory (this includes the latest DSEE re-branded by Oracle), choose “Sun Directory with OpenAM Schema” (the installer will update the directory schema and index some of the new attributes over LDAP).

11. Enter the default Policy Agent [UrlAccessAgent] password.

12. Confirm the config details in the summary screen and then initiate configuration.

13. After installer configuration completes, log in with amAdmin account.

This entry was posted in System Administration on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).