Add Switch/Migrate to Standalone Section in RN (OPENIG-4800)

[OPENIG-4807] Dev: Provide initial info for migration from Tomcat to Standalone Created: 22/Jul/20  Updated: 30/Jul/20  Resolved: 30/Jul/20

Status: Closed
Project: Identity Gateway
Component/s: None
Affects Version/s: Not Applicable
Fix Version/s: 7.0.0, 7.0.0-micsvc-1.0.3

Type: Sub-task Priority: Major
Reporter: Guillaume Sauthier Assignee: Violette Roche Montane
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Sprint: 2020.10 - IG / Microservices
Story Points: 2

 Description   

Should cover basic stuff to extract fromĀ server.xml into our admin.json.
Provide example configuration
Extra: add TLS examples

 Comments   
Comment by Violette Roche Montane [ 27/Jul/20 ]

Migration from Tomcat to IG Standalone keypoints:

Change port number / tls ports number

In Tomcat server.xml file, the line to change the port number :

<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443" />

For IG standalone: the port number is set in the admin.json:

{
  "prefix": "openig",
  "connectors": [{
      "port": 8080
    }, {
      "port": 8443,
      "tls": "TlsOptions-1"
    }
  ],
  "connectTimeout": "5 seconds"
}

TLS configuration already described in https://ea.forgerock.com/docs/ig/gateway-guide/standalone.html#d0e2030

Change session cookie name

Previously, it was configured into the IG web.xml file when the war is deployed:

<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
  <display-name>ForgeRock Identity Gateway</display-name>
  <session-config>
  <cookie-config>
    <name>IG_SESSIONID</name>
    <http-only>true</http-only>
  </cookie-config>
</session-config>
</web-app>

In IG Standalone/admin.json:

{
  "session": {
    "cookie": {
      "name"           : String            [OPTIONAL - cookie name, default is "IG_SESSIONID".]
      "httpOnly"       : boolean           [OPTIONAL - cookie httpOnly flag, default is true.]
      "secure"         : boolean           [OPTIONAL - cookie secure flag, default is false.]
      "path"           : String            [OPTIONAL - cookie path value, default is "/".]
    },
    "timeout"          : duration          [OPTIONAL - session timeout as a duration, default is "30 min".]
  }
 }

Ref:
https://bugster.forgerock.org/jira/browse/OPENIG-3351

Add a note about Access Log Valve, now refers in IG as audit event:

Add a note about JDBC connectors(https://tomcat.apache.org/tomcat-9.0-doc/jndi-datasource-examples-howto.html) -> "jdbcDatasource" heaplet

Comment by Violette Roche Montane [ 30/Jul/20 ]

Joanne Henry I mark this as resolved, feel free to reopen it if something is missing.

Generated at Sat Feb 27 22:23:35 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.