LPS:IdM/midPoint
Z HelpDesk
< LPS:IdM
ZČU
- https://themis3.civ.zcu.cz/midpoint
- https://alfresco.zcu.cz/midpoint (ke zrušení)
- git clone /afs/.zcu.cz/project/software/git/idm/midpoint.git
Dokumentace
midPoint:
- URL: https://evolveum.com/midpoint/
- First steps: https://wiki.evolveum.com/display/midPoint/First+Steps
- API+schemas: https://evolveum.com/downloads/midpoint/3.3.1/
- source code: https://github.com/Evolveum/midpoint
- examples:
- https://github.com/Evolveum/midpoint/tree/v3.3.1/samples (jednotlivé resourcy)
- https://github.com/Evolveum/midpoint/tree/master/testing/story/src/test/resources (komplexnější příklady)
- demo: http://demo.evolveum.com/midpoint
- main documentation: https://wiki.evolveum.com/display/midPoint/Documentation
Connectors:
- OpenICF:
- URL: https://forgerock.org/openicf/
- source code: https://stash.forgerock.org/projects/OPENICF
- ConnId:
- Polygon (ConnId+OpenICF):
Instalace
# version of midPoint v='3.3.1' apt-get install -y less mc screen vim man apt-get install -y bzip2 net-tools sudo wget apt-get install -y openjdk-7-jdk tomcat8 apache2 # apache2 cat > /etc/apache2/conf-available/midpoint.conf <<EOF ProxyRequests Off ProxyPreserveHost On ProxyPass /midpoint http://localhost:8080/midpoint ProxyPassReverse /midpoint http://localhost:8080/midpoint RewriteEngine On RewriteRule ^/?$ /midpoint/ [R] EOF # tomcat8 echo 'JAVA_OPTS="${JAVA_OPTS} -Xms256m -Xmx512m -XX:PermSize=128m -XX:MaxPermSize=256m -Dmidpoint.home=/var/opt/midpoint/ -Djavax.net.ssl.trustStore=/var/opt/midpoint/keystore.jceks -Djavax.net.ssl.trustStoreType=jceks"' >> /etc/default/tomcat8 mkdir /var/opt/midpoint chown tomcat8:tomcat8 /var/opt/midpoint service tomcat8 stop # mc (cosmetics) mkdir -p ~/.config/mc/ || : echo 'ENTRY "/var/opt/midpoint" URL "/var/opt/midpoint"' >> ~/.config/mc/hotlist ln -s /usr/lib/mc/mc.csh /etc/profile.d/ || : ln -s /usr/lib/mc/mc.sh /etc/profile.d/ || : # midpoint wget -nv https://evolveum.com/downloads/midpoint/${v}/midpoint-${v}-dist.tar.bz2 tar xjf midpoint-${v}-dist.tar.bz2 echo "alias repo-ninja='`pwd`/midpoint-${v}/bin/repo-ninja'" > /etc/profile.d/midpoint.sh # initial launch without anything a2enmod rewrite proxy proxy_http a2dissite 000-default a2enconf midpoint service apache2 start service tomcat8 start service postgresql start # midpoint initial deployment cp -vp midpoint-${v}/war/midpoint.war /var/lib/tomcat8/webapps/ ln -s /usr/share/java/mysql-connector-java.jar /var/lib/tomcat8/lib/ service tomcat8 start while ! test -f /var/opt/midpoint/config.xml; do sleep 0.5; done wget -nv -P /var/opt/midpoint/icf-connectors http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/connectors/scriptedsql-connector/1.1.2.0.em3/scriptedsql-connector-1.1.2.0.em3.jar
Switch repository
PostgreSQL
pass=`dd if=/dev/random bs=9 count=1 2>/dev/null | base64`
export PATH=$PATH:/usr/lib/postgresql/9.4/bin
useradd -s /bin/bash midpoint
sudo -u postgres psql -U postgres postgres -c "CREATE USER midpoint password '${pass}'"
sudo -u postgres createdb --owner=midpoint midpoint
sudo -u midpoint psql midpoint < midpoint-3.3.1/config/sql/_all/postgresql-3.3-all.sql
# also for repo-ninja
apt-get install -y postgresql libpostgresql-jdbc-java
ln -s /usr/share/java/postgresql.jar midpoint-${v}/lib/
service tomcat8 stop
Manually edit /var/opt/midpoint/config.xml (replace ${pass}):
<repository>
<repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass>
<embedded>false</embedded>
<driverClassName>org.postgresql.Driver</driverClassName>
<jdbcUsername>midpoint</jdbcUsername>
<jdbcPassword>${pass}</jdbcPassword>
<jdbcUrl>jdbc:postgresql://localhost/midpoint</jdbcUrl>
<hibernateDialect>com.evolveum.midpoint.repo.sql.util.MidPointPostgreSQLDialect</hibernateDialect>
<hibernateHbm2ddl>validate</hibernateHbm2ddl>
</repository>
MySQL
pass=`dd if=/dev/random bs=9 count=1 2>/dev/null | base64`
# also for repo-ninja
apt-get install -y mariadb-server libmysql-java
ln -s /usr/share/java/mysql-connector-java.jar midpoint-${v}/lib/
mysql -e "CREATE DATABASE midpoint"
mysql -e "GRANT ALL ON midpoint.* TO midpoint IDENTIFIED BY '${pass}'"
mysql -u midpoint -p${pass} midpoint < midpoint-3.3.1/config/sql/_all/mysql-3.3-all.sql
service tomcat8 stop
Manually edit /var/opt/midpoint/config.xml (replace ${pass}):
<repository>
<repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass>
<embedded>false</embedded>
<driverClassName>org.gjt.mm.mysql.Driver</driverClassName>
<jdbcUsername>midpoint</jdbcUsername>
<jdbcPassword>${pass}</jdbcPassword>
<jdbcUrl>jdbc:mysql://localhost/midpoint</jdbcUrl>
<hibernateDialect>com.evolveum.midpoint.repo.sql.util.MidPointMySQLDialect</hibernateDialect>
<hibernateHbm2ddl>validate</hibernateHbm2ddl>
</repository>
Common
Finaly:
service tomcat8 stop killall java rm -fv /var/opt/midpoint/midpoint*.db service tomcat8 start
Stronger key
su -s /bin/bash -c "keytool -genseckey -alias strong -keystore /var/opt/midpoint/keystore.jceks -storetype jceks -storepass changeit -keyalg AES -keysize 256 -keypass midpoint" tomcat8
Manualy edit /var/opt/midpoint/config.xml:
<keystore>
<keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath>
<keyStorePassword>changeit</keyStorePassword>
<encryptionKeyAlias>strong</encryptionKeyAlias>
<xmlCipher>http://www.w3.org/2001/04/xmlenc#aes256-cbc</xmlCipher>
</keystore>
Fix security policy
# maxFailedLogins: 3 -> 10 # loginTimeout: 15 -> 2 vim /var/lib/tomcat8/webapps/midpoint/WEB-INF/ctx-web-security.xml service tomcat8 restart
Admin password
Change admin password.
- initial user: administrator
- initial password: 5ecr3t
