LPS:IdM/midPoint
Z HelpDesk
< LPS:IdM
ZČU
- https://themis3.civ.zcu.cz/midpoint
- https://alfresco.zcu.cz/midpoint (ke zrušení)
- git clone /afs/.zcu.cz/project/software/git/idm/midpoint.git
Dokumentace
midPoint:
- URL: https://evolveum.com/midpoint/
- First steps: https://wiki.evolveum.com/display/midPoint/First+Steps
- API+schemas: https://evolveum.com/downloads/midpoint/3.3.1/
- source code: https://github.com/Evolveum/midpoint
- examples:
- https://github.com/Evolveum/midpoint/tree/v3.3.1/samples (jednotlivé resourcy)
- https://github.com/Evolveum/midpoint/tree/master/testing/story/src/test/resources (komplexnější příklady)
- demo: http://demo.evolveum.com/midpoint
- main documentation: https://wiki.evolveum.com/display/midPoint/Documentation
Connectors:
- OpenICF:
- URL: https://forgerock.org/openicf/
- source code: https://stash.forgerock.org/projects/OPENICF
- ConnId:
- Polygon (ConnId+OpenICF): https://github.com/Evolveum/polygon
Instalace
apt-get install -y less mc screen vim man apt-get install -y bzip2 net-tools sudo wget apt-get install -y openjdk-7-jdk tomcat8 apache2 postgresql libmysql-java # apache2 cat > /etc/apache2/conf-available/midpoint.conf <<EOF ProxyRequests Off ProxyPreserveHost On ProxyPass /midpoint http://localhost:8080/midpoint ProxyPassReverse /midpoint http://localhost:8080/midpoint RewriteEngine On RewriteRule ^/?$ /midpoint/ [R] EOF # tomcat8 echo 'JAVA_OPTS="${JAVA_OPTS} -Xms256m -Xmx512m -XX:PermSize=128m -XX:MaxPermSize=256m -Dmidpoint.home=/var/opt/midpoint/ -Djavax.net.ssl.trustStore=/var/opt/midpoint/keystore.jceks -Djavax.net.ssl.trustStoreType=jceks"' >> /etc/default/tomcat8 mkdir /var/opt/midpoint chown tomcat8:tomcat8 /var/opt/midpoint service tomcat8 stop # mc (cosmetics) mkdir -p ~/.config/mc/ || : echo 'ENTRY "/var/opt/midpoint" URL "/var/opt/midpoint"' >> ~/.config/mc/hotlist ln -s /usr/lib/mc/mc.csh /etc/profile.d/ || : ln -s /usr/lib/mc/mc.sh /etc/profile.d/ || : # midpoint wget -nv https://evolveum.com/downloads/midpoint/3.3.1/midpoint-3.3.1-dist.tar.bz2 tar xjf midpoint-3.3.1-dist.tar.bz2 # initial launch without anything a2enmod rewrite proxy proxy_http a2dissite 000-default a2enconf midpoint service apache2 start service tomcat8 start service postgresql start # midpoint deployment + switch to postgresql repository cp -vp midpoint-3.3.1/war/midpoint.war /var/lib/tomcat8/webapps/ ln -s /usr/share/java/mysql-connector-java.jar /var/lib/tomcat8/lib/ service tomcat8 start while ! test -f /var/opt/midpoint/config.xml; do sleep 0.5; done
Switch repository
PostgreSQL
pass=`dd if=/dev/random bs=9 count=1 2>/dev/null | base64` export PATH=$PATH:/usr/lib/postgresql/9.4/bin useradd -s /bin/bash midpoint sudo -u postgres psql -U postgres postgres -c "CREATE USER midpoint password '${pass}'" sudo -u postgres createdb --owner=midpoint midpoint #TODO: vyzkoušet sudo -u midpoint psql midpoint < midpoint-3.3.1/config/sql/_all/postgresql-3.3-all.sql service tomcat8 stop
Manually edit /var/opt/midpoint/config.xml (replace ${pass}):
<repository> <repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass> <embedded>false</embedded> <driverClassName>org.postgresql.Driver</driverClassName> <jdbcUsername>midpoint</jdbcUsername> <jdbcPassword>${pass}</jdbcPassword> <jdbcUrl>jdbc:postgresql://localhost/midpoint</jdbcUrl> <hibernateDialect>com.evolveum.midpoint.repo.sql.util.MidPointPostgreSQLDialect</hibernateDialect> <hibernateHbm2ddl>validate</hibernateHbm2ddl> </repository>
MySQL
pass=`dd if=/dev/random bs=9 count=1 2>/dev/null | base64` mysql -e "CREATE DATABASE midpoint" mysql -e "GRANT ALL ON midpoint.* TO midpoint IDENTIFIED BY '${pass}'" mysql -u midpoint -p${pass} midpoint < midpoint-3.3.1/config/sql/_all/mysql-3.3-all.sql service tomcat8 stop
Manually edit /var/opt/midpoint/config.xml (replace ${pass}):
<repository> <repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass> <embedded>false</embedded> <driverClassName>org.gjt.mm.mysql.Driver</driverClassName> <jdbcUsername>midpoint</jdbcUsername> <jdbcPassword>${pass}</jdbcPassword> <jdbcUrl>jdbc:mysql://localhost/midpoint</jdbcUrl> <hibernateDialect>com.evolveum.midpoint.repo.sql.util.MidPointMySQLDialect</hibernateDialect> <hibernateHbm2ddl>validate</hibernateHbm2ddl> </repository>
Common
Finaly:
service tomcat8 stop killall java rm -fv /var/opt/midpoint/midpoint*.db service tomcat8 start
Stronger key
su -s /bin/bash -c "keytool -genseckey -alias strong -keystore /var/opt/midpoint/keystore.jceks -storetype jceks -storepass changeit -keyalg AES -keysize 256 -keypass midpoint" tomcat8
Manualy edit /var/opt/midpoint/config.xml:
<keystore> <keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath> <keyStorePassword>changeit</keyStorePassword> <encryptionKeyAlias>strong</encryptionKeyAlias> <xmlCipher>http://www.w3.org/2001/04/xmlenc#aes256-cbc</xmlCipher> </keystore>
Fix security policy
# maxFailedLogins: 3 -> 10 # loginTimeout: 15 -> 2 vim /var/lib/tomcat8/webapps/midpoint/WEB-INF/ctx-web-security.xml service tomcat8 restart
Admin password
Change admin password.
- initial user: administrator
- initial password: 5ecr3t