Installing Talend Identity Management Service

Talend Real-time Big Data Platform Installation Guide for Linux

EnrichVersion
6.4
EnrichProdName
Talend Real-Time Big Data Platform
task
Installation and Upgrade

Talend Identity Management Service, based on Apache Syncope, is a system that allows you to manage digital identities in enterprise environments.

The recommended application server for the Syncope Web application is Apache Tomcat 8, however Apache Tomcat 7 is also supported and requires the same installation procedure. In the following sections, <TomcatPath> designates the Tomcat installation path.

Configuring the Tomcat application server

Set the environment

  • Create the following file: <TomcatPath>/bin/setenv.sh, edit it and add the following in a single line:

    JAVA_OPTS="-Djava.awt.headless=true -Dfile.encoding=UTF-8 -server \ -Xms1536m -Xmx1536m 
    -XX:NewSize=256m -XX:MaxNewSize=256m -XX:PermSize=256m \ -XX:MaxMetaspaceSize=256m -XX:+DisableExplicitGC" 

Update the context.xml file

  1. Open the following file:<TomcatPath>/conf/context.xml to edit it.

  2. Uncomment the line: <Manager pathname="" />

  3. For production, it is highly recommended to define a datasource as internal storage to be used with Talend Identity Management Service:

    <Resource name="jdbc/syncopeDataSource" auth="Container" 
        type="javax.sql.DataSource" 
        factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" 
        testWhileIdle="true" testOnBorrow="true" testOnReturn="true" 
        validationQuery="SELECT 1" validationInterval="30000" 
        maxActive="100" minIdle="2" maxWait="10000" initialSize="2" 
        removeAbandonedTimeout="20000" removeAbandoned="true" 
        logAbandoned="true" suspectTimeout="20000" 
        timeBetweenEvictionRunsMillis="5000" 
        minEvictableIdleTimeMillis="5000" 
        jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;
        org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer" 
        username="syncope" password="syncope" 
        driverClassName="com.mysql.jdbc.Driver" 
        url="jdbc:mysql://localhost:3306/syncope?characterEncoding=UTF-8"/>

    The above example is for MySQL, please adjust the connection parameters to suit your needs.

Deploying Talend Identity Management Service

  1. Copy the following files from add-ons/tidm:

    syncope.war

    syncope-console.war

    to <TomcatPath>/webapps

  2. Launch the Tomcat server.

  3. After having launch the server, if Talend Administration Center is not on the default port 8080, stop it and change the port in the <TomcatPath>/webapps/syncope-console/WEB- INF/classes/configuration.properties file.

  4. If you defined a datasource to be used with Talend Identity Management Service for production purpose, you will need to edit <TomcatPath>/webapps/syncope-console/WEB-INF/web.xml and uncomment the resource-ref section.

  5. Launch the Tomcat server again.

Configuring Talend Identity Management Service in a cluster

  1. After Talend Identity Management Service has been deployed into Tomcat, to be able to configure it in a cluster, you need to stop Tomcat.

  2. Edit <TomcatPath>/webapps/syncope/WEB-INF/classes/persistence.properties, and replace the existing configuration with the following:

    jpa.driverClassName=com.mysql.jdbc.Driver
    jpa.url=jdbc:mysql://localhost:3306/syncope?characterEncoding=UTF-8
    jpa.username=syncope_user
    jpa.password=syncope_pass
    jpa.dialect=org.apache.openjpa.jdbc.sql.MySQLDictionary
    quartz.jobstore=org.quartz.impl.jdbcjobstore.StdJDBCDelegate
    quartz.sql=tables_mysql.sql
    logback.sql=mysql.sql
  3. When deploying multiple Talend Identity Management Service instances, sharing a single database or a single database cluster, it is of fundamental importance that the contained OpenJPA instances are correctly configured for remote event notification. Such configuration, in fact, allows OpenJPA's data cache to remain synchronized when deployed in multiple JVMs, thus enforcing data consistency across all instances.

    The default configuration, adapted for single JVM installations is defined in <TomcatPath>/webapps/syncope/WEB-INF/classes/persistenceContextEMFactory.xml, as follows:

    <entrykey="openjpa.RemoteCommitProvider"value="sjvm"/>

    With multiple instances, more options like as TCP or JMS are available. For reference, see http://openjpa.apache.org/builds/2.3.0/apache-openjpa/docs/ref_guide_event.html.

    To use Talend Identity Management Service in a cluster, change the default sjvm value with all the IP addresses of all the instances, so they can communicated with each other, in the <TomcatPath>/webapps/syncope/WEB-INF/classes/persistenceContextEMFactory.xml file, as follows:

    <entrykey="openjpa.RemoteCommitProvider"value="tcp(Addresses=10.0.1.10;10.0.1.11)"/>
  4. Launch the Tomcat server again.

Configuring Talend Identity Management Service to use Postgres as internal storage

Prepare Postgres

  1. Using pgAdmin III, in the object browser, select the node called PostgresSQL 9.2 (localhost:5432)/Login-Roles.

  2. Create a new role named syncope with password syncope. If you use another role and password, you have to adapt the configuration below.

  3. Select PostgresSQL 9.2 (localhost:5432)/Databases, and create a new database named syncope.

  4. Assign the syncope role to it.

Deploy Talend Identity Management Service

  1. If you did not already deploy syncope.war and syncope-console.war to <TomcatPath>/webapps, do it now.

  2. Deploy the Postgres JDBC Driver into Tomcat. The Driver can be downloaded at http://jdbc.postgresql.org/download.html.

  3. Copy the downloaded driver JAR into <TomcatPath>/lib.

Configure Tomcat

To configure Tomcat for Syncope with Mysql backend, look at http://coheigea.blogspot.de/2013/07/apache-syncope-tutorial-part-i_26.html, which is adapted for Talend Identity Management Service using Postgres.

  1. Change the content of <TomcatPath>/webapps/syncope/WEB-INF/classes/persistence.properties to:

    jpa.driverClassName=org.postgresql.Driver
            jpa.url=jdbc:postgresql://localhost:5432/syncope
            jpa.username=syncope
            jpa.password=syncope
            jpa.dialect=org.apache.openjpa.jdbc.sql.PostgresDictionary
            quartz.jobstore=org.quartz.impl.jdbcjobstore.PostgreSQLDelegate
            quartz.sql=tables_postgres.sql
            logback.sql=postgresql.sql
  2. Add a datasource for internal storage in Tomcat's conf/context.xml. When Syncope does not find a datasource called jdbc/syncopeDataSource, it will connect to internal storage by instantiating a new connection per request, which carries a performance penalty. To avoid this penalty, you need to add the following code to <TomcatPath>/conf/context.xml:

    <Resource name="jdbc/syncopeDataSource" auth="Container"
        type="javax.sql.DataSource"
        factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
        testWhileIdle="true" testOnBorrow="true" 
        testOnReturn="true"
        validationQuery="SELECT 1" validationInterval="30000"
        maxActive="50" minIdle="2" maxWait="10000" initialSize="2"
        removeAbandonedTimeout="20000" removeAbandoned="true"
        logAbandoned="true" suspectTimeout="20000"
        timeBetweenEvictionRunsMillis="5000" 
        minEvictableIdleTimeMillis="5000"
        jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;
        org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer"
        username="syncope" password="syncope"
        driverClassName="org.postgresql.Driver"
        url="jdbc:postgresql://localhost:5432/syncope"/>

Configuring Talend Identity Management Service to use Oracle as internal storage

Deploy Talend Identity Management Service

  1. If you did not already deploy syncope.war and syncope-console.war to <TomcatPath>/webapps, do it now.

  2. Copy the ojdbcX.jar file from your Oracle installation into <TomcatPath>/lib.

Configure Tomcat

  1. Change the content of <TomcatPath>/webapps/syncope/WEB-INF/classes/persistence.properties to:

    jpa.driverClassName=oracle.jdbc.OracleDriver
    jpa.url=jdbc:oracle:thin:@<host>:<port>:xe
    jpa.username=<user>
    jpa.password=<password>
    jpa.dialect=org.apache.openjpa.jdbc.sql.OracleDictionary
    jpa.pool.validationQuery=SELECT 1 FROM DUAL
    #note: other connection pool settings can also be configured here, see persistenceContext.xml
    quartz.jobstore=org.quartz.impl.jdbcjobstore.oracle.OracleDelegate
    quartz.sql=tables_oracle.sql
    audit.sql=audit_oracle.sql	
    database.schema=<schema_name>
  2. Replace the values between angle brackets to match the configuration of your system.

  3. Change the content of <TomcatPath>/webapps/syncope/WEB-INF/classes/persistenceContextEMFactory.xml to:

    <beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
        <bean id="entityManagerFactory"
        class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
            <property name="persistenceXmlLocation" value="classpath*:META-INF/spring-persistence.xml"/>
            <property name="persistenceUnitName" value="syncopePersistenceUnit"/>
            <property name="dataSource" ref="dataSource"/>
            <property name="jpaVendorAdapter">
                <bean class="org.springframework.orm.jpa.vendor.OpenJpaVendorAdapter">
                    <property name="showSql" value="false"/>
                    <property name="generateDdl" value="true"/>
                    <property name="databasePlatform" value="${jpa.dialect}"/>
                </bean>
            </property>
            <property name="jpaPropertyMap">
                <map>
                    <!--<entry key="openjpa.Log" value="SQL=TRACE"/>
                    <entry key="openjpa.ConnectionFactoryProperties" 
                    value="PrintParameters=true, PrettyPrint=true, PrettyPrintLineLength=80"/>-->
                    
                    <entry key="openjpa.jdbc.Schema" value="<schema_name>"/>
                    <entry key="openjpa.NontransactionalWrite" value="false"/>
                    <entry key="openjpa.AutoDetach" value="close, commit, nontx-read, rollback"/>
                    <entry key="openjpa.jdbc.SchemaFactory" value="native(ForeignKeys=true)"/>
                    <entry key="openjpa.jdbc.MappingDefaults"
                    value="ForeignKeyDeleteAction=restrict, JoinForeignKeyDeleteAction=restrict"/>
                    <entry key="openjpa.DataCache" value="true"/>
                    <entry key="openjpa.QueryCache" value="true"/>
                    <entry key="openjpa.RemoteCommitProvider" value="sjvm"/>
                </map>
            </property>
        </bean>
    </beans>
  4. In the <entry key="openjpa.jdbc.Schema" value="<schema_name>"/> line, replace <schema_name> with the name of your schema.

Testing the access to the Web application

  1. Go to http://localhost:8080/syncope-console/ (assuming that Apache Tomcat is running on localhost, port 8080).

  2. Log in with the default credentials:

    login: admin

    password: password