Configuring O3 Portal through SSL (https)
Important
Make sure that the O3 Server (JBoss) is not running
- Locate folder <O3>/jboss/server/default/deploy/jbossweb-tomcat55.sar
- Edit file server.xml
- Locate the following section
<Connector port="8080" address="$\{jboss.bind.address}" maxThreads="250" strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true"/>
- Comment this section so that is looks as follows:
<\!-- <Connector port="8080" address="$\{jboss.bind.address}" maxThreads="250" strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true"/> \-->
Note
If using CAS, this step must be skipped.
This connector is required for CAS validation. - Locate the following section
<\!-- <Connector port="8443" address="$\{jboss.bind.address}" maxThreads="100" strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true" scheme="https" secure="true" clientAuth="false" keystoreFile="$\{jboss.server.home.dir}/conf/llave_1.keystore" keystorePass="rmi+ssl" sslProtocol = "TLS" /> \-->
- Uncomment it so that it looks as follows:
<Connector port="8443" address="$\{jboss.bind.address}" maxThreads="100" strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true" scheme="https" secure="true" clientAuth="false" keystoreFile="$\{jboss.server.home.dir}/conf/<nombre_llave>.keystore" keystorePass="rmi+ssl" sslProtocol = "TLS" />
To generate it execute the following command from a command line:<nombre_llave>.keystore
Corresponds to the name of the key store
When prompted for the first key, indicate rmi+ssl, then enter data as requestedOn Windows %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore <O3>\jboss\server\default\conf\nombre_llave.keystore On Linux $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore <O3>/jboss/server/default/conf/nombre_llave.keystore
For the last key just press the ENTER key. - Add the attribute casValidate to the CAS Valve (CASSingleSignOnValve), with value "http://<host>:<port>/cas/proxyValidate", notice that it is not https.
- Replace <host> and <port>. Bear in mind that port is that of HTTP, not HTTPS.
- Start JBoss