This article describes how to manually install the Conduit Platform 1.x server.
Use these steps to manually configure Tomcat, if the installer utility isn't available when you set up your system.
IMPORTANT: This article isn't applicable to Conduit Platform 1.1, where no option is provided for a manual install. With Conduit Platform 1.1, you have to use the supplied (MSI) installer.
- Configure the Tomcat server on the system where you want to install the Conduit Platform server:
- Extract the Tomcat7 folder and Conduit Platform (MCCServer.war) packages from MCCServer 1.x.x Build <N> Package #1 (ENU-LICENSED-RELEASE-MAIN).zip.
- Move the Tomcat7 folder to a location where you want the server to run. From this point forward, the folder is referred to as <Tomcat Folder>.
- Verify that Java is installed, and then create a system variable, JAVA_HOME, which points to the top level of the Java installation directory.
- Create another system variable, CATALINA_HOME, to be directed to the top level of the <Tomcat Folder> folder.
- Append JAVA_HOME\bin and CATALINA_HOME\bin to the PATH variable.
- Verify that you can start and stop the Tomcat server by running the startup batch file in the <Tomcat Folder>\bin folder.
- Configure LDAP authentication on the Tomcat server:
- Open the server.xml file located in the <Tomcat Folder>\conf\ and add the following configuration data, replacing the connectionURL value as described below:
<Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://DomainControllerName:PortNumber" userPattern="{0.EN_US}" userSubtree="false"/>
NOTE: This XML element must be inserted within the <Engine name="Catalina" defaultHost="localhost"> XML element. Positioned after the already configured default REALM connectionURL element is the URL of your Active Directory server.
- (Optional) After you configure LDAP authentication in Step 2a, grant any needed access to specific Organization units. To do this task, replace userPattern="{0}" with the following configuration, customizing the values indicated in the notes:
userPattern="CN={0.EN_US},OU= OrganizationUnitName,DC= Domain Controller Name,DC= Domain Controller Name"
NOTES:
- OU is the name of the organizational unit (you can't specify multiple organizational units).
- DC is the URL prefix and suffix of the LDAP server.
- Configure SSL on the Tomcat server:
- Create a Java key store file that contains the public certificate for the external server, and then copy the key store file to the <Tomcat Folder> folder.
Detailed instructions for importing your public certificate to your Tomcat server are available in the Tomcat documentation.
- Open the server.xml file located in the <Tomcat Folder>\conf\ and add the following element after the port:8080 details, customizing the values described in the notes:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" maxThreads="150" minSpareThreads="25" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="<PATH_TO_KEYSTORE>" keystorePass="<KEYSTORE_PASSWORD>" keyAlias="<CERTIFICATE_ALIAS>"/>
NOTES:
- keystoreFile —the location of key store created in Step 3a
- keystorePass—the password for your key store
- keyAlias—the Alias provided while importing the certificate in the key store
- In server.xml, find and replace all existing references to port 8443 with port 443.
NOTE: Make sure that you don't have any other application running on port 443.
- In the <Tomcat Folder>\conf\server.xml file, comment out the following XML element:
<!--Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /-->
- Restart the Tomcat server, and verify that a secure lock icon appears in the address bar when browsing to https://TOMCAT_SERVER:443/
- Copy the MCCServer.war file you extracted earlier to <Tomcat Folder>/webapps
- Start the Tomcat server. Doing so deploys the application to <Tomcat Folder>/webapps/MCCServer
- Shut down the Tomcat server.
- Navigate to <Tomcat Folder>/webapps/MCCServer/WEB-INF/classes, and edit the mcc.properties file:
- Configure the ldap.url and ldap.connection properties as described in the following notes:
NOTES:
- ldap.url—the LDAP server used for authentication, which can be the same as the connectionURL used in Step 2a.
- ldap.connectionDetail—similar to userPattern in Step 2b. If userPattern was configured as follows:
userPattern="CN={0.EN_US},OU= OrganizationUnitName,DC= Domain Controller Name,DC= Domain Controller Name"
In Step 2, this property can be configured as follows:
OU= OrganizationUnitName,DC= Domain Controller Name,DC= Domain Controller Name
- Restart the Tomcat server. Your setup is now complete.