Access Management 7.3.1

JBoss and WildFly

You can deploy AM on JBoss AS, JBoss EAP, and WildFly. The procedures listed here provide steps for configuring JBoss AS, JBoss EAP, and WildFly for AM.

After configuring JBoss or WildFly, you then prepare AM for deployment by making a few changes to the contents of the AM .war archive.

Prepare JBoss or WildFly

  1. Stop JBoss or WildFly.

  2. The default JVM settings do not allocate sufficient memory to AM. This step shows one method you can use to modify the JVM settings. For other methods, refer to the JBoss Configuring JVM Settings page, or the WildFly JVM Settings page.

    • Open the standalone.conf file in the /path/to/jboss/bin directory for JBoss or WildFly in standalone mode.

    • Check the JVM settings associated with JAVA_OPTS.

      Change the JVM heap size to -Xmx1g. The default JVM heap size for some versions of JBoss might already exceed the recommended value. If you are evaluating AM and using the embedded version of DS, the minimum heap size may be higher. For details on the JVM options to use, refer to Prepare the Java environment.

      Change the metaspace size to -XX:MaxMetaspaceSize=256m if the default size does not exceed this amount.

    • Set the following JVM JAVA_OPTS setting in the same file:

      -Dorg.apache.tomcat.util.http.ServerCookie.ALWAYS_ADD_EXPIRES=true

      Verify that the headers include the Expires attribute rather than only Max-Age as some versions of Microsoft Edge do not support Max-Age.

  3. Edit the WildFly configuration to allow HTTP connections from any IP address.

    In the /path/to/wildfly/standalone/configuration/standalone.xml file, locate the <interface name="public"> interface (around line 512 of the file) and change the value to <any-address/>:

    <interface name="public">
       <any-address/>
    </interface>
  4. Set up WildFly for Social Authentication, by performing the following steps:

    • Ensure the WildFly server is running.

    • Go to the WildFly Path.

    • In the $JBOSS_HOME/bin directory, run the jboss-cli.sh script file:

      $ ./bin/jboss-cli.sh
    • Type "connect" to connect to the server.

    • Enable use of the equals (=) symbol in cookies by running the following command:

      For example:

      [standalone@localhost:9990 /] /subsystem=undertow/server=default-server/
      http-listener=default:write-attribute(name=allow-equals-in-cookie-value,
      value=true)
      {
         "outcome" => "success",
         "response-headers" => {
            "operation-requires-reload" => true,
            "process-state" => "reload-required"
          }
      }
    • Restart WildFly.

  5. Now deploy the openam.war file into the appropriate deployment directory. The directory varies depending on whether you are running in standalone or domain mode.

Prepare AM for JBoss and WildFly

To prepare AM to run with JBoss or WildFly, you must change the default AM war file. JBoss and WildFly deploy applications from different temporary directories every time you restart the container, which would require reconfiguring AM. To avoid problems, change the AM war file as follows:

  1. If you have not already done so, create a temporary directory and expand the AM-7.3.1.war file. For example:

    $ cd /tmp
    $ mkdir /tmp/openam && cd /tmp/openam
    $ jar xvf ~/Downloads/AM-7.3.1.war
  2. Locate the bootstrap.properties file in the WEB-INF/classes directory of the expanded war archive. Update the # configuration.dir= line in this file to specify a path with read and write permissions, then save the change.

    # This property should also be used when the system user that
    # is running the web/application server process does not have
    # a home directory. i.e. System.getProperty("user.home") returns
    # null.
    
    configuration.dir=/my/readwrite/config/dir
  3. If you are deploying AM on JBoss AS or JBoss EAP, remove the jboss-all.xml file from the WEB-INF directory of the expanded war archive.

    Do not remove this file if you are deploying AM on WildFly.

  4. If you are deploying AM on WildFly 12, remove the jul-to-slf4j-1.7.21.jar file from the WEB-INF/lib directory of the expanded war archive.

  5. Rebuild the openam.war file.

    $ jar cvf ../openam.war *