Setting Up ForgeRock OpenAM with HTTPS on Tomcat

This post is a demo version of the ForgeRock Documentation on Setting Up OpenAM with HTTPS on Tomcat. I had earlier published a screen-cast on the ForgeRock OpenAM deployment and Configuration on a LXC. If you haven’t watched it yet, and would like to have a look at it, it’s right here. Below you’ll find the steps that I run in my Ubuntu Linux Container to secure our OpenAM deployment:

– Create a Certificate & store it in keystore in a Linux Container
– Modify the Tomcat Server Configuration file (server.xml) to enable SSL (on port 8443)
– Deploy ForgeRock OpenAM
– Access OpenAM from the host OS and complete the configuration

If it’s hard for your visualize how the infrastructure looks like, here’s an illustration to make life easy.

OpenAMWithSSL

Now on to the action:

If you are not able to view the embedded video, please click here

This blog post was first published @ www.fedji.com, included here with permission.

3 Comments

Comments are closed.

  1. harrypotter 4 years ago

    Hey Rajesh,
    Excellent video on Setting Up ForgeRock OpenAM with HTTPS for tomcat.
    I was wondering do you anything that i can look at for setting up OpenAM with OpenDJ.
    I want to actually do 3 things
    1. SSO between multiple tomcat and jboss web apps
    2. Secure my REST APIs
    3. Not manage userId and passwords in my own database

    So i am thinking to use OpenAM with OpenDJ in open source community edition to start with.
    Do you have anything i can look at .I will also be more then happy to share back to community when i put this sample application together in github or something like that for others .

  2. Rogerio Rondini 4 years ago

    Hi,

    1. For SSO between multiple tomcat and jboss is better you use OpenAM Policy Agents. See links below..
    https://backstage.forgerock.com/#!/docs/openam-policy-agents/3.5.0/jee-users-guide#chap-apache-tomcat
    https://backstage.forgerock.com/#!/docs/openam-policy-agents/3.5.0/jee-users-guide#chap-jboss-7

    2. For API Protection, you can use OpenIG. See link below…
    https://forgerock.org/2014/11/api-protection-openig-controlling-access-methods/

    3. So, in this case, I think can use OpenIDM to sync UserId and Password in your database.
    https://backstage.forgerock.com/#!/docs/openidm/3.1.0/integrators-guide/chap-synchronization

    There are many things todo :-)

    At, (Dumbledore).

  3. Rajesh R 4 years ago

    @harrypotter: Apologies. I missed this request. I’ve made a couple of more videos on OpenAM, which I’m furnishing below for your reference. Have a look and see if it is useful:

    – Creating Realm in OpenAM and using OpenDJ as its Data Store
    https://forgerock.org/2015/07/creating-realm-in-openam-and-configuring-opendj-as-a-data-store/

    – Installing and Configuring OpenAM and Protecting Apache Web Server
    https://forgerock.org/2015/07/forgerock-openam-installation-in-a-linux-container/

    Let me know if you have any other specific requirements, and I can try and build a demo for you on the same.

    Thanks for the positive feedback:-)

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?