Skip to content
maximthomas edited this page Jul 3, 2024 · 19 revisions

OpenAM 13.5 Getting Started

https://github.com/OpenIdentityPlatform/OpenAM/wiki/old/OpenAM-13.5-Getting-Started.pdf

Preparations

Install Docker

Install Docker for your platform, if you did not do this before, from https://docs.docker.com/install/#supported-platforms.

Prepare Hosts File

First, you need to add to your hosts file the local IP and FQDN mappings. openam.example.org - for OpenAm and example.org for Apache Http Server. Your hosts file should contain the following line:

127.0.0.1    openam.example.org example.org

To add the above line to the hosts file on Windows:

  1. Press the Windows key.
  2. Type Notepad in the search field.
  3. In the search results, right-click Notepad and select Run as administrator.
  4. From Notepad, open the following file: c:\Windows\System32\Drivers\etc\hosts.
  5. Make the necessary changes to the file.
  6. Select File > Save to save your changes

OpenAM Configuration

Running OpenAM Image

Create Docker network for OpenAM

docker network create openam-quickstart

Run OpenAM image

docker run -h openam.example.org -p 8080:8080 --network openam-quickstart --name openam openidentityplatform/openam

Change the name in the above command if you run into errors saying the container is already in use.

Basic OpenAM Setup

Open your browser, goto url http://openam.example.org:8080/openam. OpenAM Configuration Start

Click Create Default Configuration.

OpenAM License Agreement

Accept License Agreement

OpenAM Set Passwords

Set password for default admin user and policy agent

Press Create Configuration. After configuration successfully created, press Proceed to Login or open http://openam.example.com:8080/openam/console link in browser.

Policy Configuration

OpenAM Console Realm

In administration console select realm, then go to Authorization -> Policy Sets, select Default Policy Set and add new Policy

Set Policy Name as you wish, Resource Type set URL, and add new Resource *://example.org:*/* and click Create to save new policy.

OpenAM Console New Policy

On new policy settings select Actions tab and add two actions GET and POST

OpenAM Policy Actions

Then select Subjects tab and set type to Authenticated Users

OpenAM Policy Subjects

Click Save Changes to save your policy

Agent Configuration

Then, in left menu, go to Applications -> Web Agents and create new Agent

OpenAM Web Agents

Set name as you wish, for example apache_agent, set agent password.

OpenAM Create Web Agent

Server URL set http://openam.example.org:8080/openam

Agent URL set http://example.org:80

Click Create to save new Web Agent

Click General tab to return to main menu.

Cookie Domain Configuration

Navigate to Configure -> Global Services -> Platform -> Cookie Domain.

Set cookie domain to .example.org, save your settings.

Apache HTTP Server Configuration

Create Dockerfile in your /home/user/openam-quickstart/apache/ folder with following content

FROM httpd:2.4.34

ENV PA_PASSWORD password

RUN echo "deb [trusted=yes] http://archive.kernel.org/debian-archive/debian/ jessie main" >> /etc/apt/sources.list

RUN apt-get update || true

RUN apt-get install -y curl unzip

RUN curl -L -o /tmp/Apache_v24_Linux_64bit_4.1.1.zip https://github.com/OpenIdentityPlatform/OpenAM-Web-Agents/releases/download/4.1.1/Apache_v24_Linux_64bit_4.1.1.zip

RUN unzip /tmp/Apache_v24_Linux_64bit_4.1.1.zip -d /usr/

RUN rm /tmp/Apache_v24_Linux_64bit_4.1.1.zip

RUN echo $PA_PASSWORD > /tmp/pwd.txt

RUN cat /tmp/pwd.txt

RUN cat /etc/issue

RUN /usr/web_agents/apache24_agent/bin/agentadmin --s "/usr/local/apache2/conf/httpd.conf" "http://openam.example.org:8080/openam" "http://example.org:80" "/" "apache_agent" "/tmp/pwd.txt" --acceptLicence --changeOwner

Set ENV PA_PASSWORD as you previously set for your WebAgent in OpenAm

Build Apache Docker image

docker build --network=host -t apache_agent -f /home/user/openam-quickstart/apache/Dockerfile /home/user/openam-quickstart/apache/

And then run image

docker run -it --name apache_agent -p 80:80 -h example.org --shm-size 2G --network openam-quickstart  apache_agent

Change apache_agent to httpd in the above command. apache_agent is not available on docker hub.

Open in browser link http://example.org, and you will be redirected to OpenAM Authentication. After authentication you should see default Apache HTTP Server page Apache Default Page

Clone this wiki locally