This documentation will walk you through setting up CoSign with the Windows Tomcat server.
|Be Aware of Actual Tomcat Directory Name|
For the remainder of this file we will refer to the tomcat directory as: C:\Program Files\apache-tomcat\ While the actual directory may be something like: C:\Program Files\apache-tomcat-7.0.27\
|Make Sure You Have Administrator Privileges|
Several steps in this documentation will require you to edit/create files and directories. You can do this via the command prompt or through the windows user interface. In either case, you will need administrative privileges to make many of these changes.
- Download a Java release for Windows if you do not already have one. You can check your java installations by looking in C:\Program Files\ and C:\Program Files (x86)\. Look for a Java folder to see if you already have any versions of Java installed. Java can be obtained from http://www.java.com.
- Download the latest release of tomcat from http://tomcat.apache.org/. Ensure that the tomcat release is appropriate for your operating system and version of java which you are installing (32-bit versus 64-bit). If your java and tomcat versions are not consistent the server will not work.
- Download the latest JavaCosign filter from http://weblogin.org/download.shtml
- Download the configuration bundle from WMC (http://www.upenn.edu/computing/weblogin/). If you have not registered your service with WMC you can do so now, this is required for your web application. You will only need the certificate files from the bundle.
- Download the supporting jar files for cosign from http://cosign.cvs.sourceforge.net/viewvc/cosign/javacosign/libs/ You can also obtain the supporting jar files from the Apache Commons: Apache Commons Pool Apache Commons Collections Apache Commons Logging
- All installations will be required to make TCP connections to weblogin.pennkey.upenn.edu port 6663.
Install The Necessary Applications
- Install the java release which has been downloaded.
- Extract the tomcat zip file to the C:\Program Files\ directory.
- Place the JavaCosign.jar file into the lib directory of the apache-tomcat folder (C:\Program Files\apache-tomcat\lib).
- From the WMC bundle copy the file <Your Service Name>.jks to the C:\Program Files\apache-tomcat\conf\ directory.
- Place the supporting jar files (commons-pool-1.4.jar, commons-logging-1.1.1.jar, and commons-collections-3.2.1.jar) into the C:\Program Files\apache-tomcat\lib\ directory.
Configure SSL for Tomcat
You can review the full SSL directions for Tomcat at http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html. Please reference those directions for background and any specific requirements which you may have for SSL. Abbreviated instructions for Tomcat version 7 are below:
- Navigate to and open the file C:\Program Files\apache-tomcat\conf\server.xml
- Locate the commented field which begins with: <!-- Define a SSL HTTP/1.1 Connector on port 8443
- Do not uncomment this field, instead add the following directly below where the commented field ends (below both the commented field and the addition are displayed. You should only need to add the second part):
|Check Your Site Specific Configuration
When doing a copy and paste from this documentation be aware there are items such as YOUR_WMC_SERVICE_NAME and PASSWORD_SET_IN_WMC that should be replaced with your site specific configuration. This applies below as well as other areas where templates are provided for you in this documentation. Note: The port configured below is 443 - this may be changed based on your desired configuration.
Configure CoSign for Tomcat
- Create a file named cosignConfig.xml in the directory C:\Program Files\apache-tomcat\conf\.
- Paste the following content into the cosignConfig.xml file (*Note: Update the PORT, SERVICE NAME, and SERVER REGULAR EXPRESSION from this content to match your application. Also, add protected nodes as required):
|Redirect Regular Expression
The field <RedirectRegex> requires a regular expression that represents the site which your users will be redirected to once they have authenticated. This is an important component as it prevents phishing of your user's passwords.
If the top-level domain of the web-site which is being authenticated is:
This is a suggestion, your site requirements may dictate a different regular expression.
Modify the Web.xml to include CoSign required parameters
- Append the following code into the file C:\Program Files\apache-tomcat\conf\web.xml. Note: this can be pasted to the end of the file but just BEFORE the closing </web-app> configuration file.
Create the jaas.conf file
- Create the file C:\Program Files\apache-tomcat\conf\jaas.conf. Paste the following into that file and save it:
Create necessary batch files, directories, and a test application
Create Batch Files
- Create the file C:\Program Files\apache-tomcat\bin\setenv.bat. Paste the content below into that file and save it. Note that your configuration may slightly differ from what is below. You will at least need to modify the VERSION tag below to your specific tomcat version and location.
- Create the directory structure \cosign\valid\ under C:\Program Files\apache-tomcat\webapps\ROOT\.
- Create the directory \protected\ under C:\Program Files\apache-tomcat\webapps\Root\.
Create Test Application
- Create a simple index.jsp file at the following location: C:\Program Files\apache-tomcat\webapps\ROOT\protected\
- Paste the following into the index.jsp file:
- Open a command prompt as an administrator and change to the C:\Program Files\apache-tomcat\ directory.
- Execute the following batch file C:\Program Files\apache-tomcat\bin\setenv.bat
- Start the tomcat server by executing C:\Program Files\apache-tomcat\bin\startup.bat
Test your new web application. Connect to the secure port Tomcat's listening on:
if you haven't modified server.xml to change the default secure port
When executing setenv.bat you must be at the C:\Program Files\apache-tomcat\ directory and execute it as bin\setenv.bat. If this is not done you will receive an error that jaas.conf can not be found.