Web Flow Installation Manual

Purpose of this document

This manual describes the installation of Web Flow including setting up the environment. The manual assumes installation on a Linux system, however installation on other OSes contains similar steps.

Create required user and group

Create group "tomcat" and user "tomcat":

$ groupadd tomcat

$ useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat

$ chmod 775 tomcat

Optionally, add your user to the "tomcat" group:

$ usermod -a -G tomcat ext_johndoe

Install Bouncy Castle

In order to function correctly, PowerAuth 2.0 requires Bouncy Castle to be available. While Wildfly already comes with own BC version, Tomcat requires BC to be installed system-wide.

Installation of Bouncy Castle is done in two steps:

• Add the Bouncy Castle provider jar to the $JAVA_HOME/jre/lib/ext directory
• Create a Bouncy Castle provider entry in the $JAVA_HOME/jre/lib/security/java.security file

The entry to java.security will look something like the following: security.provider.N=org.bouncycastle.jce.provider.BouncyCastleProvider Replace N with the order of precedence you would like to give Bouncy Castle in comparison to the other providers in the file. Recommended would be the last entry in the list - N being the highest number in the list. Warning: Configuring Bouncy Castle as the first provider (security.provider.1) may cause JVM errors.

You can get the Bouncy Castle provider here: https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on

Install Tomcat

Unzip Tomcat 8.5.14 to "/opt/tomcat" folder. You can download Tomcat here:

https://tomcat.apache.org/download-80.cgi

Change owner of the files to "tomcat" user:

sudo chown -R tomcat:tomcat /opt/tomcat/

Customize application

Copy contents of "ext-resources.zip" folder to "/opt/ext-resources".

Change owner of the "/opt/ext-resources" to "tomcat:tomcat":

$ sudo chown -R tomcat:tomcat /opt/ext-resources/

$ sudo chmod -R 775 /opt/ext-resources/

$ sudo chmod -R -x+X /opt/ext-resources/

Add required libraries

Copy "ojdbc6.jar" to "/opt/tomcat/lib" folder, so that the Oracle DB connector is on classpath. You can get the required JAR here:

https://mvnrepository.com/artifact/oracle/ojdbc6/11.2.0.3

Fix address configurations on Tomcat

Edit "/opt/tomcat/conf/server.xml" so that the HTTP connector has the correct address:

<Connector port="8080" protocol="HTTP/1.1" address="10.60.5.19" connectionTimeout="20000" redirectPort="8443" />

Create database schema

Use scripts in "sql-schema.zip" file to create the default database schema.

Copy and update application configurations

Copy XML files from "configurations.zip" file to "/opt/tomcat/conf/Catalina/localhost". Then, update configurations in the files to reflect expected values.

For example, modify addresses in XML files, so that the addresses and database properties are correct. Make sure to use absolute URL, not reference to localhost, for example:

<Parameter name="powerauth.credentials.service.url" value="http://10.60.5.19:8080/powerauth-credential-server-sample"/>

<Parameter name="powerauth.nextstep.service.url" value="http://10.60.5.19:8080/powerauth-nextstep"/>

Copy applications

Copy WAR files from "applications.zip" file to "/opt/tomcat/webapps".

Starting Tomcat

Start Tomcat service as the "tomcat" user:

$ sudo -u tomcat sh /opt/tomcat/bin/catalina.sh start

Launching Tomcat in debug mode

Start Tomcat with following command:

$ JPDA_OPTS="-agentlib:jdwp=transport=dt_socket,address=9002,server=y,suspend=n" sh /opt/tomcat/bin/catalina.sh jpda start

Observing Tomcat logs

To observe tomcat logs interactively, use following command:

$ tail -f -n200 /opt/tomcat/logs/catalina.out