Date: Thu, 28 Mar 2024 11:05:37 +0000 (UTC) Message-ID: <2009635416.75.1711623937711@99d5c7db0615> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_74_1033389928.1711623937710" ------=_Part_74_1033389928.1711623937710 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Refer to the SystemRequirements page for = details on supported software platforms.
If you use Java 8 (which you should), be aware that it relies on a block= ing PRNG by default, and the IdP may be observed to start up very slowly if= there is insufficient entropy available. There are various workarounds or = ways to install better sources of entropy by altering jre/lib/security/java= .security or using system properties, but they are platform-specific.
See the SecurityAndNetworking page for introductory help in understanding the use of networ= k ports, keys, and certificates.
A nice cross-platform GUI for ma= nipulating Java keystores, PKCS#12 files, viewing certificates, etc., is Keystore Explorer.
Before you begin you should collect the following items and information:=
Assuming you plan to use the IdP for SAML support (as opposed to CAS sup= port for example), you will need:
If you don't have any SAML metadata to give the IdP, you won't have an e=
asy time making it do anything useful without changing a lot of defaults, s=
o please take the time and start by acquiring or creating that metadata
The installation process will suggest or generate the following informat= ion for you:
A specially packaged installer is available for Microsoft Windows that e= nsures files will have the correct line endings and optionally provides aut= omated support for the use of Jetty and configuration against Active Direct= ory. See the WindowsInstallation topic fo= r instructions.
As noted, the IdP is a standard Java web = application based on the Servlet 3.0 specification and should run for the m= ost part in any compatible servlet container, but official support is provi= ded only for Jetty and Tomcat. Jetty is the strongly recommended option and= is used by the primary team members in their production environments.
Containers for which we have specific installation guidance are shown in= step 1 below, including some that we do not officially support. Material s= pecific to any container is provided as a convenience, and is not a substit= ute for the container's own documentation.
In V3.4 the default key size has been increased. This could fail b= ecause of restrictions imposed by version of Java and the JCE "jusrisdictio= n policy" in use governing cryptographic strength.
This can be fixed by installing the unlimited strength Unlimited Strength Jurisdi= ction Policy or by updating to a supported version of Java, all of whic= h have begun defaulting to the unlimited policy.
If this is impossible (or if you want a different key size) you can spec=
ify the idp.keysize
parameter on the command line during =
the install process:
./bin/i= nstall.sh -Didp.keysize=3D2048
.\bin\i= nstall.bat -Didp.keysize=3D2048
You can test that the IdP is properly installed and is at least running = successfully in the container with the status command line utility (idp.home/bin/status.sh or idp.home\bin\status.bat).
If everything is working correctly, you should see output summarizing th= e environment and information about the IdP's state. This doesn't mean that= you will be able to log into anything yet as you have not yet configured t= he IdP to use your organization's infrastructure, added metadata, etc.
To rebuild the WAR file, run the build command line utility (idp=
.home/bin/build.sh or idp.home\bin\build.bat=
) from the installation directory idp.home
.