Apache TomEE with JOSSO and OpenLDAP

This a quick run-through to setup JOSSO with OpenLDAP on Apache TomEE,  the Java Enterprise Edition of Apache Tomcat.

Apache TomEE

Download and install Apache TomEE, nothing it is simpler than that!


TomEE is based on Tomcat, therefore the directory structure is very similar:

  • conf, the folder with the configuration files
  • lib, JAR files requires by the container
  • log, TomEE and application log files
  • webapps, WAR files
  • webapps/tomee, the Web application delivering the EE capabilities

Additional Libraries

Additional JAR files (ie DB drivers) can be dropped in the lib folder…. but a better approach is indeed to store them separately.

Create a new folder /lib/ext with the libraries, then update the /conf/catalina.properties to ensure those are part of the common classloader:


System Properties

System properties are defined in /conf/system.properties

Data Sources

Datasources are defined in /conf/tomee.xml

<Resource id=”myDS” type=”DataSource”>
JdbcDriver oracle.jdbc.OracleDriver
JdbcUrl jdbc:oracle:thin:@localhost:1521:xe
UserName user
Password pwd
JtaManaged true

Web Application Libraries

Additional JAR files (ie DB drivers) can also be dropped in the lib folder…. but again lets do it properly.

Create a new folder /applib with the libraries, then update the /conf/catalina.properties to ensure those are part of the shared classloader:



Set appropriate size for the Java Heap and PermGen space adding in  /bin/setenv.bat:

-Xmx1024m -XX:MaxPermSize=512m


Download JOSSO dist (1.8.6 in my case) from JOSSO web site and install the Gateway, it is ok to set Tomcat 7 as platform:

josso> gateway install –target C:/apache-tomee-webprofile-1.5.0 –platform tc70

Deploying Apache Tomcat 7.0.x JOSSO Gateway v.1.8.6

Install the agent in the same way:

josso> agent install –target C:/apache-tomee-webprofile-1.5.0 –platform tc70

Installing Apache Tomcat 7.0.x JOSSO Agent v.1.8.6

Both steps will generate a report of all changes, so you can see which jar files have been copied and which configuration files have been modified.

Config Partner Application(s)

Edit /lib/josso-agent-config.xml to define the partner application(s) (<agent:partner-apps> tag), basically which apps/URLs will be JOSSO-protected.

OpenLDAP backend

If you need an LDAP backend (OpenLDAP?) some additional configuration is required:

Edit /lib/josso-gateway-ldap-stores.xml to setup the LDAP connection

Edit /lib/josso-gateway-config.xml to make sure it imports the above josso-gateway-ldap-stores.xml

Edit /lib/josso-gateway-auth and remove  hashAlgorithm/hashEncoding from the Basic Authentication Scheme, those settings seem to bother OpenLDAP and the user authentication doesnt work.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: