On 15/04/24 15:12, Marco Naimoli wrote:
Hello Francesco, thank you for the quick response!
Hi Marco, please see my replies embedded below.
Regards.
I've done some tests, on a Ubuntu server 23.10, installed from scratch
I've installed openjdk-17-jdk and some support software, like unzip, wget,
x2goserver, etc.
I've create a user "syncope"
# standalone package
- downloaded starting from page
https://syncope.apache.org/docs/3.0/getting-started.html#standalone
- unzipped the package
$ cd syncope-standalone-3.0.6/apache-tomcat-9.0.84/
$ chmod 755 bin/*.sh
$ bin/startup.sh
Using a browser from the same machine:
http://localhost:9080/syncope: works, swagger page
http://localhost:9080/syncope-console: takes a very long time to respond, at
the end it prints:
------------------
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as
a fallback.
Mon Apr 15 11:58:44 UTC 2024
There was an unexpected error (type=Internal Server Error, status=500).
------------------
Same with syncope-wa and syncope-enduser
In logs I've found a lot of errors, on wa.log:
ERROR org.apache.syncope.common.keymaster.client.api.ServiceOps - Could not
register NetworkService{type=WA, address=https://localhost:9443/syncope-wa/}
In fact, port 9443 is not open
Thank you for reporting.
I have opened
https://issues.apache.org/jira/browse/SYNCOPE-1817
to track these errors; the fix will be released with Syncope 3.0.7.
Meanwhile, you can fix locally by changing as follows:
1. $CATALINA_HOME/conf/server.xml
Add
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="9443"
maxThreads="200"
scheme="https" secure="true" SSLEnabled="true" keystoreFile="conf/keystore.jks"
keystorePass="password"
keystoreType="JKS" clientAuth="false" sslProtocol="TLS"/>
right after
<Connector port="9080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="9443"
maxParameterCount="1000"
/>
2. $CATALINA_HOME/bin/setenv.sh
Replace
-Dspring.profiles.active=embedded
with
-Dspring.profiles.active=embedded,all
# Docker
I've used the the IDM only example; I've set the environment variables:
# |ANONYMOUS_USER|
# |ANONYMOUS_KEY|
but it doesn't work.
It seems that the docker compose command as indicated by
https://syncope.apache.org/docs/3.0/getting-started.html#how-to-start-the-containers
is not correct.
It should be something like
SYNCOPE_VERSION=3.0.6 \
ANONYMOUS_USER=anonymous \
ANONYMOUS_KEY=anonymousKey \
KEYMASTER_USERNAME=anonymous \
KEYMASTER_PASSWORD=anonymousKey \
docker compose -f docker-compose.yml up
instead (I'd suggest docker-compose-pgjsonb.yml). I will update the guide
accordingly.
I've changed alle the "https" to "http" in the example and it worked, I was
able to access the console.
The URLs to use with Docker compose samples are indicated in
https://syncope.apache.org/docs/3.0/getting-started.html#how-to-start-the-containers
and are already reported with http:// protocol.
However, also in this case, I was unable to download SAML SP metadata or to
upload SAML IDP metadata
This is happening because the Docker compose provided are just samples.
You will need to provide the configuration options to enable the SAML2SP4UI
support.
Create a file named core-saml2.properties with the following content:
saml2.sp4ui.keystore=file://${syncope.conf.dir}/saml.keystore.jks
saml2.sp4ui.keystore-type=jks
saml2.sp4ui.keystore-storepass=changeit
saml2.sp4ui.keystore-keypass=changeit
saml2.sp4ui.skew=300
then adjust the syncope service definition in the compose file
* change
SPRING_PROFILES_ACTIVE: docker,pgjsonb
to
SPRING_PROFILES_ACTIVE: docker,pgjsonb,saml2
* add
volumes:
-
"/path/to/core-saml2.properties:/opt/syncope/conf/core-saml2.properties:ro"
# Maven installation (personally I'd prefer to use this one)
Following the documentation I did:
$ mvn archetype:generate \
-DarchetypeGroupId=org.apache.syncope \
-DarchetypeArtifactId=syncope-archetype \
-DarchetypeRepository=https://repo1.maven.org/maven2 \
-DarchetypeVersion=3.0.6
$ cd syncope01
$ mvn clean install
$ mvn clean verify
$ mkdir /opt/syncope/conf
$ cp core/target/classes/*properties /opt/syncope/conf
$ cp console/target/classes/*properties /opt/syncope/conf
$ cp enduser/target/classes/*properties /opt/syncope/conf
$ cp enduser/target/classes/*json /opt/syncope/conf
$ cp wa/target/classes/*properties /opt/syncope/conf
$ cp sra/target/classes/*properties /opt/syncope/conf
Then in every *.properties files I've added, at the end of the file:
keymaster.username=anonymous
keymaster.password=a_secret_key
keymaster.address=http://localhost:8080/syncope/rest/keymaster
$ mkdir /opt/syncope/bundles
$ cp core/target/bundles/* /opt/syncope/bundles/
Then I've installed postgres, created a db named syncope, owned by user syncope
Then I've downloaded and unpacked apache-tomcat-9.0.87.tar.gz, and in
apache-tomcat-9.0.87/bin/
I've created the file setenv.sh with the following content:
JAVA_OPTS="-Djava.awt.headless=true -Dfile.encoding=UTF-8 -server
-Dsyncope.conf.dir=/opt/syncope/conf
-Dsyncope.connid.location=file:/opt/syncope/bundles
-Dsyncope.log.dir=/opt/syncope/log -Dwicket.ioc.useByteBuddy=true -Xms1536m
-Xmx1536m -XX:NewSize=256m -XX:MaxNewSize=256m -XX:+DisableExplicitGC
-Djava.security.egd=file:/dev/./urandom
and permission 755
then I've copied the war files:
./wa/target/syncope-wa.war
./core/target/syncope.war
./console/target/syncope-console.war
./enduser/target/syncope-enduser.war
into
apache-tomcat-9.0.87/webapps
After launching bin/startup.sh the applications don't start at all (I suppose
because core is unable to start)
If I build the embedded version, everything works perfectly
Glad to hear that embedded is working as expected.
Consider that deploying into an external Java EE container is all but trivial
task and can be failing for multiple reasons, including networking issues,
missing JDBC driver etc.
-----------------------
I'm sorry for the long post; I've included everything just in case there was
something to review in the documentation
However, I suppose I'm doing something wrong; about the maven installation, is
there a step by step guide that permits
a fully working syncope version ?
Or is there's any suggestion on what I should fix on my installation procedure ?
Thank you
Marco
Il giorno gio 11 apr 2024 alle ore 14:26 Francesco Chicchiriccò
<ilgro...@apache.org> ha scritto:
On 11/04/24 14:12, Marco Naimoli wrote:
> Hello, I'm new to Apache Syncope; I've tried to test it using the
standalone installation on a
> vanilla debian linux bookworm, using openJDK 17.0.10
> It seems to work, but when I try to import a SAML IDP metadata it fails
with the following error:
> InvalidEntity: Location must not be null
> Metadata are ok: using the embedded version built with maven, metadata
are imported without problems.
> Clicking on the button to download the SP metadata doesn't do anything
> And the wa.log (don't know if it can be related) is full of the following
error:
>
> ERROR
org.springframework.scheduling.support.TaskUtils$LoggingErrorHandler - Unexpected
error occurred in scheduled task
> java.lang.IllegalStateException: Syncope core is not yet ready
>
> I'm not sure, but I remember that the error "Location must not be null"
was shown during some other operation, different from SAML configuration
>
> Any suggestions / help ?
Hi Marco,
glad of your interest in Apache Syncope.
About JDK 17 compatibility, we have an active GitHub actions workflows on
the 3_0_X branch (supposing you are running the latest stable 3.0.6).
Moreover, my company is running several Syncope deployments on various
flavors of OpenJDK 17.
As far as I understand, all works as expected when you use the standalone
ZIP but it fails when you deploy Syncope somewhere else.
As suggested by the Getting Started guide [1], however you should be using
the Maven archetype for an independent deployment, or the Docker images; there
are further options, too, but it really depends on how much you are planning to
customize or extend.
Can you describe how did you get to deploy Syncope, including which
components, which DBMS, which Java EE container, ... ?
Regards.
[1]
https://syncope.apache.org/docs/3.0/getting-started.html#obtain-apache-syncope
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
