Apache TomEE with JOSSO and OpenLDAP

November 11, 2012

This a quick run-through to setup JOSSO with OpenLDAP on Apache TomEE,  the Java Enterprise Edition of Apache Tomcat.

Apache TomEE

Download and install Apache TomEE, nothing it is simpler than that!


TomEE is based on Tomcat, therefore the directory structure is very similar:

  • conf, the folder with the configuration files
  • lib, JAR files requires by the container
  • log, TomEE and application log files
  • webapps, WAR files
  • webapps/tomee, the Web application delivering the EE capabilities

Additional Libraries

Additional JAR files (ie DB drivers) can be dropped in the lib folder…. but a better approach is indeed to store them separately.

Create a new folder /lib/ext with the libraries, then update the /conf/catalina.properties to ensure those are part of the common classloader:


System Properties

System properties are defined in /conf/system.properties

Data Sources

Datasources are defined in /conf/tomee.xml

<Resource id=”myDS” type=”DataSource”>
JdbcDriver oracle.jdbc.OracleDriver
JdbcUrl jdbc:oracle:thin:@localhost:1521:xe
UserName user
Password pwd
JtaManaged true

Web Application Libraries

Additional JAR files (ie DB drivers) can also be dropped in the lib folder…. but again lets do it properly.

Create a new folder /applib with the libraries, then update the /conf/catalina.properties to ensure those are part of the shared classloader:



Set appropriate size for the Java Heap and PermGen space adding in  /bin/setenv.bat:

-Xmx1024m -XX:MaxPermSize=512m


Download JOSSO dist (1.8.6 in my case) from JOSSO web site and install the Gateway, it is ok to set Tomcat 7 as platform:

josso> gateway install –target C:/apache-tomee-webprofile-1.5.0 –platform tc70

Deploying Apache Tomcat 7.0.x JOSSO Gateway v.1.8.6

Install the agent in the same way:

josso> agent install –target C:/apache-tomee-webprofile-1.5.0 –platform tc70

Installing Apache Tomcat 7.0.x JOSSO Agent v.1.8.6

Both steps will generate a report of all changes, so you can see which jar files have been copied and which configuration files have been modified.

Config Partner Application(s)

Edit /lib/josso-agent-config.xml to define the partner application(s) (<agent:partner-apps> tag), basically which apps/URLs will be JOSSO-protected.

OpenLDAP backend

If you need an LDAP backend (OpenLDAP?) some additional configuration is required:

Edit /lib/josso-gateway-ldap-stores.xml to setup the LDAP connection

Edit /lib/josso-gateway-config.xml to make sure it imports the above josso-gateway-ldap-stores.xml

Edit /lib/josso-gateway-auth and remove  hashAlgorithm/hashEncoding from the Basic Authentication Scheme, those settings seem to bother OpenLDAP and the user authentication doesnt work.



XWiki – User Authentication with Oracle SSO

October 15, 2008

XWiki is a popular Java-based wiki software offering a good variety of features and plugins. It is pretty advanced, therefore ideal for any enterprise requiring a content management tool which is flexible, professional and free 🙂

Installation and configuration come in different flavors, starting with the standalone distribution (Jetty container on HSQLDB db), by far the easiest option. Alternatively the XWiki WAR file can be deployed on any servlet container and any database of your choice (Oracle 10.1.2 RDBMS and OC4J 10.1.3 in my case).

Read the rest of this entry »

Enabling SSL on JBoss 4.2.0

March 17, 2008

One of the prerequisites in order to install and configure CAS (Central Authentication Service), a popular open-source Single Sign-On, is to enable SSL on the web container. This can actually be quite painful, especially for developers who enjoy focusing on the implementation details rather than the infrastructure aspects (that would be me 😉 ).

In this post I present the steps required to enable the SSL support in JBoss 4.2.0: JSSE is required (bundled with JDK 1.4 or higher).

Little tip: when prompted use changeit as password as it is the default keystore password.

Delete existing certificates

This is step is not strictly required but it helps to get rid of previously created certificates (in case you have been playing around with the keystore). Run the following commands:

keytool -delete -alias localhost
keytool -delete -alias localhost -keystore “C:/Program Files/Java/jdk1.5.0_14/jre/lib/security/cacerts”

The first command removes the certificate with alias localhost from the user keystore, the second deletes the certificate from the system trusted certification repository.

The cacerts file is basically the system keystore which stores the CA (Certification Authority) certificates and can be found at ${java.home}/jre/lib/security/cacerts

Read the rest of this entry »