11 April,19 at 11:49 AM
What you'll need...
Implementation Steps
Information gathering
$ uname -a Linux engcen8.centrifyimage.vms 2.6.32-504.el6.x86_64 #1 SMP Wed Oct 15 04:27:16 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux $ java -version java version "1.7.0_71" OpenJDK Runtime Environment (rhel-2.5.3.1.el6-x86_64 u71-b14) OpenJDK 64-Bit Server VM (build 24.65-b04, mixed mode) $ adinfo -v adinfo (CentrifyDC 5.2.0-218) $ dzdo adinfo -C | grep http http/engcen8.centrifyimage.vms http/engcen8 $ rpm -qa | grep tomcat tomcat6-6.0.24-80.el6.x86_64
It looks like my service is running and that is a 64 bit CentOS with Tomcat 6 based on this information, I will download the package " DirectControl for J2EE App Servers on RHEL 4, 5, 6, Fedora 14, 15, 16, 17 x86_64 " the version is 4.4.4 as of the original post in November 2014.
Installation
Unpack and install the SSO plugin
$ tar xzvf centrify-web-4.4.4-rhel3-x86_64.tgz
The installation file on RHEL for this version is called centrifydc-apache-4.4.4-rhel3-x86_64.rpm, so perform a yum or rpm install.
$ dzdo rpm -Uvh centrifydc-web-4.4.4-rhel3-x86_64.rpm
Preparing... ########################################### [100%]
1:CentrifyDC-web ########################################### [100%]
Configuration of the Java Server and Sample Application
Centrify provides a script that allows for the configuration of JBoss, Tomcat, Websphere and Weblogic. These servers can run on Microsoft Windows, so there are versions of the plugin for those platforms too. The script is in /usr/share/centrifydc/java/web and its called configure.pl. All you need to do is follow the prompts to configure Tomcat (options 1-3) and ignore everything about ADFS or certificates at this time (sample truncated output below).
# /configure.pl ===================================================================== Welcome to Centrify DirectControl for J2EE Servers Configuration. At any prompt, enter ? for help, or return to accept the default value (shown in brackets []). Please select what type of J2EE server to configure: [0] Tomcat. [1] JBoss. [2] WebLogic Server. [3] WebSphere Application Server. [4] Exit this configuration program. Enter selection: [0] > 0 ===== Configure Tomcat Server for Centrify ===== [0] Run full configuration (all options below). [1] Copy Centrify jar files to Tomcat server. [2] Configure Tomcat Server for Centrify. [3] Setup and deploy Centrify samples. [4] Configure Tomcat for SSL. [5] Exit this script [0] > 1 === Copy Centrify jar files to Tomcat server === Enter the directory where Tomcat Server is installed: [/usr/share/tomcat6] > Enter the directory where Java SDK is installed: [/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.33.x86_64] > Enter the Tomcat Server version (7.0.x, 6.0.x, 5.5.x or 5.0.x): [6.0.x] > You have entered the following: Tomcat Server directory = /usr/share/tomcat6 Java SDK directory = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.33.x86_64 Tomcat Server version = 6.0.x Is this correct (y/n) ? [y] > y Copying /usr/share/centrifydc/java/web/scripts/tomcat/centrifydc_jaas.config to /usr/share/tomcat6/c ===== Configure Tomcat Server for Centrify ===== [0] Run full configuration (all options below). [1] Copy Centrify jar files to Tomcat server. [2] Configure Tomcat Server for Centrify. [3] Setup and deploy Centrify samples. [4] Configure Tomcat for SSL. [5] Exit this script Enter selection: [0] > 3 === Copy Centrify jar files to Tomcat server === Enter the directory where Tomcat Server is installed: [/usr/share/tomcat6] > Enter the directory where Java SDK is installed: [/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.33.x86_64] > Enter the Tomcat Server version (7.0.x, 6.0.x, 5.5.x or 5.0.x): [6.0.x] > You have entered the following: Tomcat Server directory = /usr/share/tomcat6 Java SDK directory = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.33.x86_64 Tomcat Server version = 6.0.x Is this correct (y/n) ? y ===== Configure Tomcat Server for Centrify ===== [0] Run full configuration (all options below). [1] Copy Centrify jar files to Tomcat server. [2] Configure Tomcat Server for Centrify. [3] Setup and deploy Centrify samples. [4] Configure Tomcat for SSL. [5] Exit this script Enter selection: [0] > 3 === Setup and deploy Centrify samples === Enter the directory where Tomcat Server is installed: [/usr/share/tomcat6] > Enter the directory where Java SDK is installed: [/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.33.x86_64] > Enter the Tomcat Server version (7.0.x, 6.0.x, 5.5.x or 5.0.x): [6.0.x] > You have entered the following: Tomcat Server directory = /usr/share/tomcat6 Java SDK directory = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.33.x86_64 Tomcat Server version = 6.0.x Is this correct (y/n) ? [y] > y Do you want to setup the Centrify ADFS samples now (y/n) ? (You must have the ADFS server's hostname and SSL port to setup the ADFS samples.) [n] >
Verify that everything is working as expected
C:\Users\dwirth>klist Current LogonId is 0:0x9bb0d #0> Client: DWirth @ CENTRIFYIMAGE.VMS Server: krbtgt/CENTRIFYIMAGE.VMS @ CENTRIFYIMAGE.VMS #1> Client: DWirth @ CENTRIFYIMAGE.VMS Server: HTTP/engcen8.centrifyimage.vms @ CENTRIFYIMAGE.VMS
Ticket # 0 is a Kerberos TGT and #1 is a service ticket that was requested by Diana to access the Apache HTTP service on engcen8.
Using the Java Plugin
The Java plugin has exposed the methods to leverage AD authentication via Centrify. For example, the web.xml file of a server may add directives like these:
SPNEGO
CENTRIFYDC
The Centrify Java Guide, explains to J2EE Web Admins and developers how to use these directives and methods.
Video Playlist
(7 minutes total playlist)
Appendix: Installing Tomcat6 on CentOS 6.x with Yum.
$ dzdo yum install java-1.6.0-openjdk-devel $ dzdo yum update $ dzdo yum install tomcat6 tomcat6-webapps tomcat6-admin-webapps $ dzdo chkconfig tomcat6 on $ dzdo service tomcat6 start
And don’t forget to open the firewall to accept connections over TCP 8080