An On-Premise identity provider (IdP) is a service that stores and verifies user identity. IdPs are typically cloud-hosted services, and they often work with single sign-on (SSO) providers to authenticate users.The purpose of this guide is to get you up and run as quickly as possible so that you can play with and test-drive various features that miniOrange has. It is a standalone application with default database and packaged tomcat and does not cover any complex deployment options. We support both windows and linux os for installation.
Minimum Requirements – Java 8 (Install JDK 1.8). When you install JAVA 8, only JRE 1.8 would be present. Installation of JDK 1.8 requires login through the oracle account. If you don't have the oracle account, you can directly install JDK 1.8 from here.
If JAVA is already installed and Environment Varibles are set correcty on your system, then you dont need to follow this step, you can directly go to step 1.2.
Note - Once the Java installation is complete, check that the JAVA_HOME environment variable has been set correctly.Open a command prompt and type echo %JAVA_HOME%
and hit Enter. If you see a path to your Java installation directory, the JAVA_Home environment variable has been set correctly.If nothing is displayed, or only %JAVA_HOME% is returned, you'll need to set the JAVA_HOME environment variable manually.
For Windows User - Set Java environment variables i.e. JAVA_HOME and JRE_HOME and path variables. Lets say JDK software is installed on your computer, for example, at C:\Program Files\Java\jdk1.8.0_221 then JAVA_HOME and JRE_HOME paths can be as mentioned -
To Save these variables, right click My Computer and select Properties > Advanced System Settings.Click the Environment Variables button.Under System Variables, click New.In the Variable Name field, enter:
For Linux Users- Linux users can use below commands to set JAVA_HOME and JRE_HOME variables using below commands -
export JAVA_HOME=/path/to/jdk
export JRE_HOME=/path/to/jre
You can verify whether above environment variables are set correctly. Execute below commands to verify environment variables -
echo $JAVA_HOME
echo $JRE_HOME
$ .../bin/startup.sh
> ...\bin\startup.bat
Setup Embedded Database
Windows | icacls “path upto mo-idp-server-X ” /remove:d Users /grant:r Users:(OI)(CI)F /T |
Linux | chmod -R 775 “path upto mo-idp-server-X” |
Setup External Database
Single Sign On-
Before moving forward, you need to make two changes related to samesite cookie. Starting with version 80, Google Chrome will change the default value for the SameSite cookie parameter to Lax. Therefore, changes are required and SameSite parameter has to be set to NONE.
To do changes, follow the path: mo-idp-server >> moas >> WEB-INF >> classes. In this folder search for the file spring-context-onpemise and open it in editor. Search for bean id="customCookie". you will see a bean with name,samesite and secure properties. Update value of samesite from LAX to NONE and of secure to true.
Section A:
This section provides the steps to setup IDP over self signed SSL certificate.
keytool -genkey -alias onpremssoidp -keyalg RSA -keystore onpremssoidp.jks
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="<JKS Keystore Path>" ciphers="ALL" kestorePass="<Password while keystore generation>"/>
a) LetsEncrypt
certbot certonly --standalone -d.example.com
#:/etc/letsencrypt/live/example.com# ls
cert.pem chain.pem fullchain.pem privkey.pem README
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateFile="conf/cert.pem" certificateKeyFile="conf/privkey.pem" certificateChainFile="conf/chain.pem" /> <SSLHostConfig> <Connector>
b) Go Daddy
keytool -genkey -alias onpremssoidp -keyalg RSA -keystore onpremssoidp.jks
keytool -delete -alias onpremssoidp -keystore onpremssoidp.jks
openssl pkcs12 -export -in .crt -inkey .key -out .p12 -name tomcat -CAfile gd_bundle-g2-g1.crt -caname root
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="<JKS Keystore Path>" ciphers="ALL" kestorePass="<Password while keystore generation>"/>
c) Comodo SSL
Creating a New Keystore
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore your_site_name.jks
Creating a CSR on Tomcat Servers
keytool -certreq -alias server -file csr.txt -keystore your_site_name.jks
How to Install an SSL Certificate on Your Tomcat Server
keytool -import -alias server -file your_site_name.p7b -keystore your_site_name.jks
Configuring Your SSL/TLS Connector
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="100" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keystorePass="your_keystore_password" />
(Follow this step if you are using self signed certificate)
(Follow this step if you are using self signed certificate)
<VirtualHost *:443>
DocumentRoot "path upto the moas folder"
ServerName [your-domain-name].com
ServerAlias www.[your-domain-name].com
ProxyPreserveHost On
ProxyPass /moas https://localhost:443/moas
ProxyPassReverse /moas https://localhost:443/moas
SSLEngine on
SSLProxyEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
<Directory "Path upto moas folder">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>