CheatSheet for PicketLink on Red Hat OpenShift

    (This article is in progress and is not definitive until this WARNING exists)

     

    Step 1:  Get access to Red Hat OpenShift Platform

    If you are a new user, you need to sign up for a RHN account.  All the regular registration and you should see an email in your inbox.

    (If you already have a RHN account, you can just sign in)

    Step 2:  Install the Client Tools for your platform

    RPM based system such as RHEL or Fedora

     

     

    $ sudo vi /etc/yum.repos.d/openshift.repo
    $ $ sudo yum install rhc
    
    .....
    Installed:
      rhc.noarch 0:0.75.9-1.el6_1                                                                                            
    
    Dependency Installed:
      compat-readline5.i686 0:5.2-17.fc12         ruby.i686 0:1.8.7.352-1.fc14          ruby-irb.noarch 0:1.8.7.352-1.fc14  
      ruby-libs.i686 0:1.8.7.352-1.fc14           ruby-rdoc.noarch 0:1.8.7.352-1.fc14   rubygem-json.i686 0:1.4.3-2.fc14    
      rubygem-parseconfig.noarch 0:0.5.2-3.fc14   rubygems.noarch 0:1.3.7-2.fc14       
    
    Complete!
    
    

     

    openshift.repo

    [openshift-express]
    name=Openshift-express
    baseurl=https://openshift.redhat.com/app/repo/rpms/$releasever/$basearch/
    failovermethod=priority
    skip_if_unavailable=1
    gpgkey=https://openshift.redhat.com/app/repo/RPM-GPG-KEY-redhat-beta
    ggpkey=https://openshift.redhat.com/app/repo/RPM-GPG-KEY-redhat-release
    enabled=1
    gpgcheck=1
    

     

    Non-rpm based systems (Windows,Ubuntu,Mac etc)

    https://www.redhat.com/openshift/kb/kb-e1000/installing-openshift-express-client-tools-on-non-rpm-based-systems

     

    Step 3:  Create a sub domain 

    A sub-domain will provide you a url   such as    mysubdomain .  rhcloud  . com

     

    NOTE:  Do not try to use a sub-domain that may be blacklisted.  Subdomains such as hibernate, picketlink etc are unavailable.

     

    $ rhc-create-domain -n anilsaldhana -l asaldhan
    Password:  
    OpenShift Express key found at /home/anil/.ssh/libra_id_rsa.  Reusing...
    Contacting https://openshift.redhat.com
    Creation successful
    
    You may now create an application.  Please make note of your local config file
    in /home/anil/.openshift/express.conf which has been created and populated for you.
    

    You may be asked to enter a password for the keypair OpenShift creates for you.

     

    Step 4:  Create an application space

     

    In my example, I created an application space called "sso"

     

    $ rhc-create-app -a sso -t jbossas-7.0
    Password:  
    
    Found a bug? Post to the forum and we'll get right on it.
        IRC: #openshift on freenode
        Forums: https://www.redhat.com/openshift/forums
    
    Attempting to create remote application space: sso
    Contacting https://openshift.redhat.com
    API version:    1.1.1
    Broker version: 1.1.1
    
    RESULT:
    Successfully created application: sso
    
    Checking ~/.ssh/config
    Contacting https://openshift.redhat.com
    Found rhcloud.com in ~/.ssh/config... No need to adjust
    Now your new domain name is being propagated worldwide (this might take a minute)...
    Pulling new repo down
    Warning: Permanently added 'sso-anilsaldhana.rhcloud.com,50.17.109.166' (RSA) to the list of known hosts.
    Enter passphrase for key '/home/anil/.ssh/libra_id_rsa': 
    Confirming application sso is available
      Attempt # 1
    
    Success!  Your application is now published here:
    
          http://sso-anilsaldhana.rhcloud.com/
    
    The remote repository is located here:
    
        ssh://e54f14ef73c4482693887a77ac48fd3a@sso-anilsaldhana.rhcloud.com/~/git/sso.git/
    
    To make changes to your application, commit to sso/.
    Then run 'git push' to update your OpenShift Express space
    
    anil@localhost:~$ 
    

     

     

    Now you should see a local directory called "sso" with a deployment directory and a README file.

    Now is the time to sit (with a cup of coffee) and read the README file.  Particularly the section on zipped war deployments or unzipped deployments with the .dodeploy suffix.

     

     

    We have completed the OpenShift commitments.  Now onto PicketLink.

    Step 5:  PicketLink Related Stuff

     

    In the deployments folder of your application space,  you can unzip the picketlink as7 web apps.

     

    Now I need to change the standalone.xml as follows:

     

    Particularly, add the system properties section right after extensions.  Then add the security domains.

     

     

     </extensions>
    
     <system-properties>
         <property name="org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR" value="false"/>
         <property name="idp.url" value="http://idp-jbossdev.rhcloud.com/" />
         <property name="sales.url" value="http://sso-anilsaldhana.rhcloud.com/sales/" />
         <property name="sales-post.url" value="http://sso-anilsaldhana.rhcloud.com/sales-post/" />
         <property name="employee.url" value="http://sso-anilsaldhana.rhcloud.com/employee/" />
         <property name="employee-post.url" value="http://sso-anilsaldhana.rhcloud.com/employee-post/" />
    
        </system-properties>
    
    
    <subsystem xmlns="urn:jboss:domain:security:1.0">
                <security-domains>
                    <security-domain name="other" cache-type="default">
                        <authentication>
                            <login-module code="UsersRoles" flag="required"/>
                        </authentication>
                    </security-domain>
                    <security-domain name="jmx-console" cache-type="default">
                        <authentication>
                            <login-module code="UsersRoles" flag="required">
                                <module-option name="usersProperties" value="users.properties"/>
                                <module-option name="rolesProperties" value="roles.properties"/>
                            </login-module>
                        </authentication>
                    </security-domain>
                    <security-domain name="idp" cache-type="default">
                        <authentication>
                            <login-module code="UsersRoles" flag="required">
                                <module-option name="usersProperties" value="users.properties"/>
                                <module-option name="rolesProperties" value="roles.properties"/>
                            </login-module>
                        </authentication>
                    </security-domain>
                    <security-domain name="sp" cache-type="default">
                        <authentication>
                            <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="required"/>
                        </authentication>
                    </security-domain>
                </security-domains>
            </subsystem>
    

     

    Step 6:  Git commit and push

     

    Since we are just using prebuilt war files,  you can remove the src directory and pom.xml

     

    anil@localhost:~/sso/deployments$ unzip ~/picketlink/picketlink/federation/trunk/picketlink-webapps/as7/assembly/target/picketlink-fed-webapps-as7-assembly-2.0.2-SNAPSHOT.zip 
    Archive:  /home/anil/picketlink/picketlink/federation/trunk/picketlink-webapps/as7/assembly/target/picketlink-fed-webapps-as7-assembly-2.0.2-SNAPSHOT.zip
       creating: picketlink/
      inflating: picketlink/idp.war      
      inflating: picketlink/sales.war    
      inflating: picketlink/employee.war  
      inflating: picketlink/sales-post.war  
      inflating: picketlink/employee-post.war  
      inflating: picketlink/sales-saml11.war  
      inflating: picketlink/employee-saml11.war  
      inflating: picketlink/picketlink-sts.war  
      inflating: picketlink/pdp.war      
    anil@localhost:~/sso/deployments$ ls
    picketlink
    anil@localhost:~/sso/deployments$ git add picketlink/
    anil@localhost:~/sso/deployments$ git status
    # On branch master
    # Changes to be committed:
    #   (use "git reset HEAD <file>..." to unstage)
    #
    #       new file:   picketlink/employee-post.war
    #       new file:   picketlink/employee-saml11.war
    #       new file:   picketlink/employee.war
    #       new file:   picketlink/idp.war
    #       new file:   picketlink/pdp.war
    #       new file:   picketlink/picketlink-sts.war
    #       new file:   picketlink/sales-post.war
    #       new file:   picketlink/sales-saml11.war
    #       new file:   picketlink/sales.war
    #
    # Changes not staged for commit:
    #   (use "git add <file>..." to update what will be committed)
    #   (use "git checkout -- <file>..." to discard changes in working directory)
    #
    #       modified:   ../.openshift/config/standalone.xml
    #
    anil@localhost:~/sso/deployments$ cd ..
    anil@localhost:~/sso$ vi .openshift/config/standalone.xml 
    anil@localhost:~/sso$ git status
    # On branch master
    # Changes to be committed:
    #   (use "git reset HEAD <file>..." to unstage)
    #
    #       new file:   deployments/picketlink/employee-post.war
    #       new file:   deployments/picketlink/employee-saml11.war
    #       new file:   deployments/picketlink/employee.war
    #       new file:   deployments/picketlink/idp.war
    #       new file:   deployments/picketlink/pdp.war
    #       new file:   deployments/picketlink/picketlink-sts.war
    #       new file:   deployments/picketlink/sales-post.war
    #       new file:   deployments/picketlink/sales-saml11.war
    #       new file:   deployments/picketlink/sales.war
    #
    # Changes not staged for commit:
    #   (use "git add <file>..." to update what will be committed)
    #   (use "git checkout -- <file>..." to discard changes in working directory)
    #
    #       modified:   .openshift/config/standalone.xml
    #
    anil@localhost:~/sso$ git commit -a -m "add picketlink jars"
    [master 75867c6] add picketlink jars
     10 files changed, 11 insertions(+), 0 deletions(-)
     create mode 100644 deployments/picketlink/employee-post.war
     create mode 100644 deployments/picketlink/employee-saml11.war
     create mode 100644 deployments/picketlink/employee.war
     create mode 100644 deployments/picketlink/idp.war
     create mode 100644 deployments/picketlink/pdp.war
     create mode 100644 deployments/picketlink/picketlink-sts.war
     create mode 100644 deployments/picketlink/sales-post.war
     create mode 100644 deployments/picketlink/sales-saml11.war
     create mode 100644 deployments/picketlink/sales.war
    anil@localhost:~/sso$ vi README 
    anil@localhost:~/sso$ git push
    Enter passphrase for key '/home/anil/.ssh/libra_id_rsa': 
    Counting objects: 21, done.
    Delta compression using up to 2 threads.
    Compressing objects: 100% (15/15), done.
    Writing objects: 100% (16/16), 113.80 KiB, done.
    Total 16 (delta 6), reused 0 (delta 0)
    remote: Stopping application...
    remote: Done
    remote: Removing existing standalone.xml
    remote: Found pom.xml... attempting to build with 'mvn clean package -Popenshift -DskipTests'
    remote: Apache Maven 3.0.3 (r1075437; 2011-06-20 13:22:37-0400)
    remote: Maven home: /etc/alternatives/maven-3.0
    remote: Java version: 1.6.0_20, vendor: Sun Microsystems Inc.
    remote: Java home: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre
    remote: Default locale: en_US, platform encoding: UTF-8
    remote: OS name: "linux", version: "2.6.32-131.12.1.el6.x86_64", arch: "amd64", family: "unix"
    remote: [INFO] Scanning for projects...
    remote: [INFO]                                                                         
    remote: [INFO] ------------------------------------------------------------------------
    remote: [INFO] Building sso 1.0
    remote: [INFO] ------------------------------------------------------------------------
    remote: [INFO] 
    remote: [INFO] --- maven-clean-plugin:2.4.1:clean (default-clean) @ sso ---
    remote: [INFO] 
    remote: [INFO] --- maven-resources-plugin:2.4.3:resources (default-resources) @ sso ---
    remote: [INFO] Using 'UTF-8' encoding to copy filtered resources.
    remote: [INFO] Copying 1 resource
    remote: [INFO] 
    remote: [INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ sso ---
    remote: [INFO] Nothing to compile - all classes are up to date
    remote: [INFO] 
    remote: [INFO] --- maven-resources-plugin:2.4.3:testResources (default-testResources) @ sso ---
    remote: [INFO] Using 'UTF-8' encoding to copy filtered resources.
    remote: [INFO] skip non existing resourceDirectory /var/lib/libra/e54f14ef73c4482693887a77ac48fd3a/sso/repo/src/test/resources
    remote: [INFO] 
    remote: [INFO] --- maven-compiler-plugin:2.3.2:testCompile (default-testCompile) @ sso ---
    remote: [INFO] No sources to compile
    remote: [INFO] 
    remote: [INFO] --- maven-surefire-plugin:2.7.2:test (default-test) @ sso ---
    remote: [INFO] Tests are skipped.
    remote: [INFO] 
    remote: [INFO] --- maven-war-plugin:2.1.1:war (default-war) @ sso ---
    remote: [INFO] Packaging webapp
    remote: [INFO] Assembling webapp [sso] in [/var/lib/libra/e54f14ef73c4482693887a77ac48fd3a/sso/repo/target/sso]
    remote: [INFO] Processing war project
    remote: [INFO] Copying webapp resources [/var/lib/libra/e54f14ef73c4482693887a77ac48fd3a/sso/repo/src/main/webapp]
    remote: [INFO] Webapp assembled in [146 msecs]
    remote: [INFO] Building war: /var/lib/libra/e54f14ef73c4482693887a77ac48fd3a/sso/repo/deployments/ROOT.war
    remote: [INFO] WEB-INF/web.xml already added, skipping
    remote: [INFO] ------------------------------------------------------------------------
    remote: [INFO] BUILD SUCCESS
    remote: [INFO] ------------------------------------------------------------------------
    remote: [INFO] Total time: 3.327s
    remote: [INFO] Finished at: Fri Sep 30 15:09:58 EDT 2011
    remote: [INFO] Final Memory: 6M/142M
    remote: [INFO] ------------------------------------------------------------------------
    remote: ~/git/sso.git
    remote: Running .openshift/action_hooks/build
    remote: Starting application...Done
    To ssh://e54f14ef73c4482693887a77ac48fd3a@sso-anilsaldhana.rhcloud.com/~/git/sso.git/
       f1ca42d..75867c6  master -> master
    anil@localhost:~/sso$ ls
    deployments  pom.xml  README  src
    anil@localhost:~/sso$ rm -rf src/ pom.xml 
    anil@localhost:~/sso$ git status
    # On branch master
    # Changes not staged for commit:
    #   (use "git add/rm <file>..." to update what will be committed)
    #   (use "git checkout -- <file>..." to discard changes in working directory)
    #
    #       deleted:    pom.xml
    #       deleted:    src/main/java/.gitkeep
    #       deleted:    src/main/resources/.gitkeep
    #       deleted:    src/main/webapp/WEB-INF/web.xml
    #       deleted:    src/main/webapp/health.jsp
    #       deleted:    src/main/webapp/images/jbosscorp_logo.png
    #       deleted:    src/main/webapp/index.html
    #       deleted:    src/main/webapp/modules.jsp
    #       deleted:    src/main/webapp/snoop.jsp
    #
    no changes added to commit (use "git add" and/or "git commit -a") 
    
    anil@localhost:~/sso$ git push
    Enter passphrase for key '/home/anil/.ssh/libra_id_rsa': 
    
    anil@localhost:~/sso$ git commit -a -m "remove src and pom"
    [master 0d4c3ce] remove src and pom
     7 files changed, 0 insertions(+), 690 deletions(-)
     delete mode 100644 pom.xml
     delete mode 100644 src/main/java/.gitkeep
     delete mode 100644 src/main/resources/.gitkeep
     delete mode 100644 src/main/webapp/WEB-INF/web.xml
     delete mode 100644 src/main/webapp/health.jsp
     delete mode 100644 src/main/webapp/images/jbosscorp_logo.png
     delete mode 100644 src/main/webapp/index.html
     delete mode 100644 src/main/webapp/modules.jsp
     delete mode 100644 src/main/webapp/snoop.jsp
    anil@localhost:~/sso$ git push
    Enter passphrase for key '/home/anil/.ssh/libra_id_rsa': 
    Counting objects: 3, done.
    Delta compression using up to 2 threads.
    Compressing objects: 100% (2/2), done.
    Writing objects: 100% (2/2), 228 bytes, done.
    Total 2 (delta 1), reused 0 (delta 0)
    remote: Stopping application...
    remote: Done
    remote: Removing existing standalone.xml
    remote: Running .openshift/action_hooks/build
    remote: Starting application...Done
    To ssh://e54f14ef73c4482693887a77ac48fd3a@sso-anilsaldhana.rhcloud.com/~/git/sso.git/
       75867c6..0d4c3ce  master -> master
    anil@localhost:~/sso$ ls
    

    There as an issue with a missing module.  For that reason, I deleted the pdp.war

     

    anil@localhost:~/sso/deployments/picketlink$ rm pdp.war 
    anil@localhost:~/sso/deployments/picketlink$ git status
    # On branch master
    # Changes not staged for commit:
    #   (use "git add/rm <file>..." to update what will be committed)
    #   (use "git checkout -- <file>..." to discard changes in working directory)
    #
    #       deleted:    pdp.war
    #
    no changes added to commit (use "git add" and/or "git commit -a")
    anil@localhost:~/sso/deployments/picketlink$ git rm pdp.war
    rm 'deployments/picketlink/pdp.war'
    anil@localhost:~/sso/deployments/picketlink$ git status
    # On branch master
    # Changes to be committed:
    #   (use "git reset HEAD <file>..." to unstage)
    #
    #       deleted:    pdp.war
    #
    anil@localhost:~/sso/deployments/picketlink$ git commit -a -m "remove pdp.war"
    [master bbd7adb] remove pdp.war
     1 files changed, 0 insertions(+), 0 deletions(-)
     delete mode 100644 deployments/picketlink/pdp.war
    anil@localhost:~/sso/deployments/picketlink$ git push
    Enter passphrase for key '/home/anil/.ssh/libra_id_rsa': 
    Counting objects: 7, done.
    Delta compression using up to 2 threads.
    Compressing objects: 100% (4/4), done.
    Writing objects: 100% (4/4), 375 bytes, done.
    Total 4 (delta 2), reused 0 (delta 0)
    remote: Stopping application...
    remote: Done
    remote: Removing existing standalone.xml
    remote: Running .openshift/action_hooks/build
    remote: Starting application...Done
    To ssh://e54f14ef73c4482693887a77ac48fd3a@sso-anilsaldhana.rhcloud.com/~/git/sso.git/
       076a5bb..bbd7adb  master -> master
    
    

    Step 7:  Test the endpoints

     

    Remember when it redirects to the IDP,  the test user   is   "tomcat"  and password   is  "tomcat".

     

    My end points in different browser tabs are:

    http://sso-anilsaldhana.rhcloud.com/sales/

    http://sso-anilsaldhana.rhcloud.com/employee/

    http://sso-anilsaldhana.rhcloud.com/sales-post/

    http://sso-anilsaldhana.rhcloud.com/employee-post/

     

    Other Useful Information

    Delete an Application Space

     

    Assume you created an application space called "sales" and you hate it.  You can delete it as:

     

    $  rhc-ctl-app -c destroy -a sales
    Password: 
    
    Contacting https://openshift.redhat.com
    !!!! WARNING !!!! WARNING !!!! WARNING !!!!
    You are about to destroy the sales application.
    
    This is NOT reversible, all remote data for this application will be removed.
    Do you want to destroy this application (y/n): y
    Contacting https://openshift.redhat.com
    API version:    1.1.1
    Broker version: 1.1.1
    
    RESULT:
    Successfully destroyed application: sales
    
    

     

    Can I configure standalone.xml on express?

     

    It should be under .openshift/config of your application space.

     

    ~/sso/.openshift/config$ ls
    standalone.xml
    

     

    How do I get access to the application log entries?

     

    $ rhc-tail-files --opts '-n 1000' -a sso
    

     

    That will give you 1000 lines of the application log entries.