...
- Go to …<ConnectPortalInstallFolder>\conf location.
- Open server.xml file and do the following changes:
- Add parameter secretRequired="false" in Connector tag for AJP.
Expand the section below to copy the "ciphers" parameters with its values and paste it just after the "server="Adeptia" xpoweredby="false" clientauth="true" text in the <Connector> tag of server.xml file.
Code Block theme Midnight collapse true ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSVF"Expand the section below to copy the code and paste it just after the last </Service> tag in the server.xml file.
Code Block theme Midnight collapse true <Service name="SoapService"> <!-- <Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" compression="on" noCompressionUserAgents="gozilla, traviata" compressableMimeType="text/html,text/xml,text/css,application/javascript,application/json" useSendfile="false" server="Adeptia" xpoweredby="false" /> --> <!-- <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="5000" scheme="https" secure="true" compressionMinSize="128" connectionTimeout="20000" maxConnections="10000" clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" keystoreFile="./keystore/adeptiaBPM.keystore" keystoreType="JKS" keystorePass="password" compression="on" noCompressionUserAgents="gozilla, traviata" compressableMimeType="text/html,text/xml,text/css,application/javascript,application/json" useSendfile="false" server="Adeptia" xpoweredby="false" /> --> <Engine defaultHost="localhost" name="soapwebapps"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host appBase="soapwebapps/wars" autoDeploy="true" name="localhost" unpackWARs="true"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log" suffix=".txt"/> <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false"/> </Host> </Engine> </Service> <Service name="RestService"> <!-- <Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" compression="on" noCompressionUserAgents="gozilla, traviata" compressableMimeType="text/html,text/xml,text/css,application/javascript,application/json" useSendfile="false" server="Adeptia" xpoweredby="false" /> --> <!-- <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="5000" scheme="https" secure="true" compressionMinSize="128" connectionTimeout="20000" maxConnections="10000" clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" keystoreFile="./keystore/adeptiaBPM.keystore" keystoreType="JKS" keystorePass="password" compression="on" noCompressionUserAgents="gozilla, traviata" compressableMimeType="text/html,text/xml,text/css,application/javascript,application/json" useSendfile="false" server="Adeptia" xpoweredby="false" /> --> <Engine defaultHost="localhost" name="restwebapps"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host appBase="restwebapps/wars" autoDeploy="true" name="localhost" unpackWARs="true"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log" suffix=".txt"/> <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false"/> </Host> </Engine> </Service>
- Add parameter secretRequired="false" in Connector tag for AJP.
- Save the file.
...
- Go to the downloaded Adeptia Connect zip folder and rename the securityContext.xml_Portal file to securityContext.xml.
- Copy the renamed securityContext.xml file.
- Replace the existing file with the copied file at the following location: …<ConnectPortalInstallFolder>\resources_config\saml.
- In case you are using SAML authentication, open the updated securityContext.xml file and do the following changes:
Uncomment the following property:
<!-- <property name="entityBaseURL" value="http://localhost:8080/adeptia"/> -->- Update the URL as required. Where localhost is the IP address and port of the Connect ServerPortal.
- Uncomment the idp.xml property:
- If you are using Adeptia Connect with load balancer, follow these steps:
- Remove or comment out the existing contextProvider bean
<bean id="contextProvider" class="org.springframework.security.saml.context.SAMLContextProviderImpl"/> - Add the below contextProvider bean
<bean id="contextProvider" class="org.springframework.security.saml.context.SAMLContextProviderLB">
<property name="scheme" value="http"/>
<property name="serverName" value="www.myserver.com"/>
<property name="serverPort" value="8080"/>
<property name="includeServerPortInRequestURL" value="false"/>
<property name="contextPath" value="/adeptia"/>
</bean>
This table explains the each property of contextProvider bean:
scheme Name of the scheme (http or https). serverName Name of the server. serverPort Port number of the server. includeServerPortInRequestURL To include server port number in the URL or not. It must be false. contextPath Prefix of a URL path used to select the context(s) to which an incoming request is passed. A URL is in the format: http://hostname.com/contextPath/, where each of the path elements can be zero or more separated elements. It must be /adeptia. Property Name
Description
It will look like:
<bean id="contextProvider" class="org.springframework.security.saml.context.SAMLContextProviderLB">
<property name="scheme" value="http"/>
<property name="serverName" value="www.myserver.com"/>
<property name="serverPort" value="8080"/>
<property name="includeServerPortInRequestURL" value="false"/>
<property name="contextPath" value="/adeptia"/>
</bean> - Remove or comment out the existing contextProvider bean
- If there were any other changes in the old file, you have to do the same changes manually in the replaced securityContext.xml file.
- Save the file.
Restart the Connect Portal.
...