Hello Francesco, thanks for the comprehensive answer, following your suggestions I was able to run a working Apache Syncope instance Thank you very much! Marco
Il giorno gio 18 apr 2024 alle ore 10:13 Francesco Chicchiriccò < ilgro...@apache.org> ha scritto: > On 15/04/24 15:12, Marco Naimoli wrote: > > Hello Francesco, thank you for the quick response! > > Hi Marco, please see my replies embedded below. > > Regards. > > I've done some tests, on a Ubuntu server 23.10, installed from scratch > I've installed openjdk-17-jdk and some support software, like unzip, wget, > x2goserver, etc. > I've create a user "syncope" > # standalone package > - downloaded starting from page > https://syncope.apache.org/docs/3.0/getting-started.html#standalone > - unzipped the package > $ cd syncope-standalone-3.0.6/apache-tomcat-9.0.84/ > $ chmod 755 bin/*.sh > $ bin/startup.sh > Using a browser from the same machine: > http://localhost:9080/syncope: works, swagger page > http://localhost:9080/syncope-console: takes a very long time to respond, > at the end it prints: > ------------------ > Whitelabel Error Page > > This application has no explicit mapping for /error, so you are seeing > this as a fallback. > Mon Apr 15 11:58:44 UTC 2024 > There was an unexpected error (type=Internal Server Error, status=500). > ------------------ > Same with syncope-wa and syncope-enduser > > In logs I've found a lot of errors, on wa.log: > ERROR org.apache.syncope.common.keymaster.client.api.ServiceOps - Could > not register NetworkService{type=WA, address= > https://localhost:9443/syncope-wa/} > In fact, port 9443 is not open > > Thank you for reporting. > > I have opened > > https://issues.apache.org/jira/browse/SYNCOPE-1817 > > to track these errors; the fix will be released with Syncope 3.0.7. > > Meanwhile, you can fix locally by changing as follows: > > 1. $CATALINA_HOME/conf/server.xml > > Add > > <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" > port="9443" maxThreads="200" > scheme="https" secure="true" SSLEnabled="true" > keystoreFile="conf/keystore.jks" keystorePass="password" > keystoreType="JKS" clientAuth="false" sslProtocol="TLS"/> > > right after > > <Connector port="9080" protocol="HTTP/1.1" > connectionTimeout="20000" > redirectPort="9443" > maxParameterCount="1000" > /> > > 2. $CATALINA_HOME/bin/setenv.sh > > Replace > > -Dspring.profiles.active=embedded > > with > > -Dspring.profiles.active=embedded,all > > # Docker > I've used the the IDM only example; I've set the environment variables: > > - ANONYMOUS_USER > - ANONYMOUS_KEY > > but it doesn't work. > > It seems that the docker compose command as indicated by > > > https://syncope.apache.org/docs/3.0/getting-started.html#how-to-start-the-containers > > is not correct. > > It should be something like > > SYNCOPE_VERSION=3.0.6 \ > ANONYMOUS_USER=anonymous \ > ANONYMOUS_KEY=anonymousKey \ > KEYMASTER_USERNAME=anonymous \ > KEYMASTER_PASSWORD=anonymousKey \ > docker compose -f docker-compose.yml up > > instead (I'd suggest docker-compose-pgjsonb.yml). I will update the guide > accordingly. > > I've changed alle the "https" to "http" in the example and it worked, I > was able to access the console. > > The URLs to use with Docker compose samples are indicated in > > > https://syncope.apache.org/docs/3.0/getting-started.html#how-to-start-the-containers > > and are already reported with http:// protocol. > > However, also in this case, I was unable to download SAML SP metadata or > to upload SAML IDP metadata > > This is happening because the Docker compose provided are just samples. > You will need to provide the configuration options to enable the > SAML2SP4UI support. > > Create a file named core-saml2.properties with the following content: > > saml2.sp4ui.keystore=file://${syncope.conf.dir}/saml.keystore.jks > saml2.sp4ui.keystore-type=jks > saml2.sp4ui.keystore-storepass=changeit > saml2.sp4ui.keystore-keypass=changeit > saml2.sp4ui.skew=300 > > then adjust the syncope service definition in the compose file > > * change > > SPRING_PROFILES_ACTIVE: docker,pgjsonb > > to > > SPRING_PROFILES_ACTIVE: docker,pgjsonb,saml2 > > * add > > volumes: > - > "/path/to/core-saml2.properties:/opt/syncope/conf/core-saml2.properties:ro" > > # Maven installation (personally I'd prefer to use this one) > Following the documentation I did: > > $ mvn archetype:generate \ > -DarchetypeGroupId=org.apache.syncope \ > -DarchetypeArtifactId=syncope-archetype \ > -DarchetypeRepository=https://repo1.maven.org/maven2 \ > -DarchetypeVersion=3.0.6 > > $ cd syncope01 > $ mvn clean install > > $ mvn clean verify > $ mkdir /opt/syncope/conf > $ cp core/target/classes/*properties /opt/syncope/conf > $ cp console/target/classes/*properties /opt/syncope/conf > $ cp enduser/target/classes/*properties /opt/syncope/conf > $ cp enduser/target/classes/*json /opt/syncope/conf > $ cp wa/target/classes/*properties /opt/syncope/conf > $ cp sra/target/classes/*properties /opt/syncope/conf > Then in every *.properties files I've added, at the end of the file: > > keymaster.username=anonymous > keymaster.password=a_secret_key > keymaster.address=http://localhost:8080/syncope/rest/keymaster > > $ mkdir /opt/syncope/bundles > $ cp core/target/bundles/* /opt/syncope/bundles/ > > > Then I've installed postgres, created a db named syncope, owned by user > syncope > > Then I've downloaded and unpacked apache-tomcat-9.0.87.tar.gz, and in > apache-tomcat-9.0.87/bin/ > > I've created the file setenv.sh with the following content: > > JAVA_OPTS="-Djava.awt.headless=true -Dfile.encoding=UTF-8 -server > -Dsyncope.conf.dir=/opt/syncope/conf > -Dsyncope.connid.location=file:/opt/syncope/bundles > -Dsyncope.log.dir=/opt/syncope/log -Dwicket.ioc.useByteBuddy=true -Xms1536m > -Xmx1536m -XX:NewSize=256m -XX:MaxNewSize=256m -XX:+DisableExplicitGC > -Djava.security.egd=file:/dev/./urandom > > and permission 755 > > then I've copied the war files: > ./wa/target/syncope-wa.war > ./core/target/syncope.war > ./console/target/syncope-console.war > ./enduser/target/syncope-enduser.war > > into > apache-tomcat-9.0.87/webapps > > After launching bin/startup.sh the applications don't start at all (I suppose > because core is unable to start) > > > If I build the embedded version, everything works perfectly > > Glad to hear that embedded is working as expected. > > Consider that deploying into an external Java EE container is all but > trivial task and can be failing for multiple reasons, including networking > issues, missing JDBC driver etc. > > ----------------------- > > I'm sorry for the long post; I've included everything just in case there was > something to review in the documentation > However, I suppose I'm doing something wrong; about the maven installation, > is there a step by step guide that permits > > a fully working syncope version ? > > Or is there's any suggestion on what I should fix on my installation > procedure ? > > Thank you > > Marco > > > Il giorno gio 11 apr 2024 alle ore 14:26 Francesco Chicchiriccò < > ilgro...@apache.org> ha scritto: > >> On 11/04/24 14:12, Marco Naimoli wrote: >> > Hello, I'm new to Apache Syncope; I've tried to test it using the >> standalone installation on a >> > vanilla debian linux bookworm, using openJDK 17.0.10 >> > It seems to work, but when I try to import a SAML IDP metadata it fails >> with the following error: >> > InvalidEntity: Location must not be null >> > Metadata are ok: using the embedded version built with maven, metadata >> are imported without problems. >> > Clicking on the button to download the SP metadata doesn't do anything >> > And the wa.log (don't know if it can be related) is full of the >> following error: >> > >> > ERROR >> org.springframework.scheduling.support.TaskUtils$LoggingErrorHandler - >> Unexpected error occurred in scheduled task >> > java.lang.IllegalStateException: Syncope core is not yet ready >> > >> > I'm not sure, but I remember that the error "Location must not be null" >> was shown during some other operation, different from SAML configuration >> > >> > Any suggestions / help ? >> >> Hi Marco, >> glad of your interest in Apache Syncope. >> >> About JDK 17 compatibility, we have an active GitHub actions workflows on >> the 3_0_X branch (supposing you are running the latest stable 3.0.6). >> Moreover, my company is running several Syncope deployments on various >> flavors of OpenJDK 17. >> >> As far as I understand, all works as expected when you use the standalone >> ZIP but it fails when you deploy Syncope somewhere else. >> >> As suggested by the Getting Started guide [1], however you should be >> using the Maven archetype for an independent deployment, or the Docker >> images; there are further options, too, but it really depends on how much >> you are planning to customize or extend. >> >> Can you describe how did you get to deploy Syncope, including which >> components, which DBMS, which Java EE container, ... ? >> >> Regards. >> >> [1] >> https://syncope.apache.org/docs/3.0/getting-started.html#obtain-apache-syncope >> >> -- >> Francesco Chicchiriccò >> >> Tirasa - Open Source Excellence >> http://www.tirasa.net/ >> >> Member at The Apache Software Foundation >> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail >> http://home.apache.org/~ilgrosso/ >> >> > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellencehttp://www.tirasa.net/ > > Member at The Apache Software Foundation > Syncope, Cocoon, Olingo, CXF, OpenJPA, > PonyMailhttp://home.apache.org/~ilgrosso/ > >
