Installing Talend Identity Management Service - 6.1

Talend MDM Platform Installation Guide

EnrichVersion
6.1
EnrichProdName
Talend MDM Platform
task
Installation and Upgrade
EnrichPlatform
Talend Activity Monitoring Console
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend DQ Portal
Talend ESB
Talend Identity Management
Talend Installer
Talend JobServer
Talend Log Server
Talend MDM Server
Talend MDM Web UI
Talend Project Audit
Talend Repository Manager
Talend Runtime
Talend SAP RFC Server
Talend Studio

Talend Identity Management Service, based on Apache Syncope, is a system that allows you to manage digital identities in enterprise environments.

The recommended application server for the Syncope Web application is Apache Tomcat 8, however Apache Tomcat 7 is also supported and requires the same installation procedure. In the following sections, <TomcatPath> designates the Tomcat installation path.

Configuring the Tomcat application server

Set the environment

  1. For Linux and MacOS:

    Create the following file: <TomcatPath>/bin/setenv.sh, edit it and add the following in a single line:

    JAVA_OPTS="-Djava.awt.headless=true -Dfile.encoding=UTF-8 -server \ -Xms1536m -Xmx1536m 
    -XX:NewSize=256m -XX:MaxNewSize=256m -XX:PermSize=256m \ -XX:MaxMetaspaceSize=256m -XX:+DisableExplicitGC" 
  2. For Windows:

    Create the following file: <TomcatPath>/bin/setenv.bat, edit it and add the following in a single line:

    set JAVA_OPTS=-Djava.awt.headless=true -Dfile.encoding=UTF-8 -server -Xms1536m -Xmx1536m 
    -XX:NewSize=256m -XX:MaxNewSize=256m -XX:PermSize=256m -XX:MaxMetaspaceSize=256m -XX:+DisableExplicitGC  

Update the context.xml file

  1. Open the following file:<TomcatPath>/conf/context.xml to edit it.

  2. Uncomment the line: <Manager pathname="" />

  3. For production, it is highly recommended to define a datasource as internal storage to be used with Talend Identity Management Service:

    <Resource name="jdbc/syncopeDataSource" auth="Container" 
        type="javax.sql.DataSource" 
        factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" 
        testWhileIdle="true" testOnBorrow="true" testOnReturn="true" 
        validationQuery="SELECT 1" validationInterval="30000" 
        maxActive="100" minIdle="2" maxWait="10000" initialSize="2" 
        removeAbandonedTimeout="20000" removeAbandoned="true" 
        logAbandoned="true" suspectTimeout="20000" 
        timeBetweenEvictionRunsMillis="5000" 
        minEvictableIdleTimeMillis="5000" 
        jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;
        org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer" 
        username="syncope" password="syncope" 
        driverClassName="com.mysql.jdbc.Driver" 
        url="jdbc:mysql://localhost:3306/syncope?characterEncoding=UTF-8"/>

    The above example is for MySQL, please adjust the connection parameters to suit your needs.

Deploying Talend Identity Management Service

  1. Copy the following files from add-ons/tidm:

    syncope.war

    syncope-console.war

    to <TomcatPath>/webapps

  2. Launch the Tomcat server.

  3. After having launch the server, if Talend Administration Center is not on the default port 8080, stop it and change the port in the <TomcatPath>/webapps/syncope-console/WEB- INF/classes/configuration.properties file.

  4. If you defined a datasource to be used with Talend Identity Management Service for production purpose, you will need to edit <TomcatPath>/webapps/syncope-console/WEB-INF/web.xml and uncomment the resource-ref section.

  5. Launch the Tomcat server again.

Configuring Talend Identity Management Service in a cluster

  1. After Talend Identity Management Service has been deployed into Tomcat, to be able to configure it in a cluster, you need to stop Tomcat.

  2. Edit <TomcatPath>/webapps/syncope/WEB-INF/classes/persistence.properties, and replace the existing configuration with the following:

    jpa.driverClassName=com.mysql.jdbc.Driver
    jpa.url=jdbc:mysql://localhost:3306/syncope?characterEncoding=UTF-8
    jpa.username=syncope_user
    jpa.password=syncope_pass
    jpa.dialect=org.apache.openjpa.jdbc.sql.MySQLDictionary
    quartz.jobstore=org.quartz.impl.jdbcjobstore.StdJDBCDelegate
    quartz.sql=tables_mysql.sql
    logback.sql=mysql.sql
  3. When deploying multiple Talend Identity Management Service instances, sharing a single database or a single database cluster, it is of fundamental importance that the contained OpenJPA instances are correctly configured for remote event notification. Such configuration, in fact, allows OpenJPA's data cache to remain synchronized when deployed in multiple JVMs, thus enforcing data consistency across all instances.

    The default configuration, adapted for single JVM installations is defined in <TomcatPath>/webapps/syncope/WEB-INF/classes/persistenceContextEMFactory.xml, as follows:

    <entrykey="openjpa.RemoteCommitProvider"value="sjvm"/>

    With multiple instances, more options like as TCP or JMS are available. For reference, see http://openjpa.apache.org/builds/2.3.0/apache-openjpa/docs/ref_guide_event.html.

    To use Talend Identity Management Service in a cluster, change the default sjvm value with all the IP addresses of all the instances, so they can communicated with each other, in the <TomcatPath>/webapps/syncope/WEB-INF/classes/persistenceContextEMFactory.xml file, as follows:

    <entrykey="openjpa.RemoteCommitProvider"value="tcp(Addresses=10.0.1.10;10.0.1.11)"/>
  4. Launch the Tomcat server again.

Configuring Talend Identity Management Service to use Postgres as internal storage

Prepare Postgres

  1. Using pgAdmin III, in the object browser, select the node called PostgresSQL 9.2 (localhost:5432)/Login-Roles.

  2. Create a new role named syncope with password syncope. If you use another role and password, you have to adapt the configuration below.

  3. Select PostgresSQL 9.2 (localhost:5432)/Databases, and create a new database named syncope.

  4. Assign the syncope role to it.

Deploy Talend Identity Management Service

  1. If you did not already deploy syncope.war and syncope-console.war to <TomcatPath>/webapps, do it now.

  2. Deploy the Postgres JDBC Driver into Tomcat. The Driver can be downloaded at http://jdbc.postgresql.org/download.html.

  3. Copy the downloaded driver JAR into <TomcatPath>/lib.

Configure Tomcat

To configure Tomcat for Syncope with Mysql backend, look at http://coheigea.blogspot.de/2013/07/apache-syncope-tutorial-part-i_26.html, which is adapted for Talend Identity Management Service using Postgres.

  1. Change the content of <TomcatPath>/webapps/syncope/WEB-INF/classes/persistence.properties to:

    jpa.driverClassName=org.postgresql.Driver
            jpa.url=jdbc:postgresql://localhost:5432/syncope
            jpa.username=syncope
            jpa.password=syncope
            jpa.dialect=org.apache.openjpa.jdbc.sql.PostgresDictionary
            quartz.jobstore=org.quartz.impl.jdbcjobstore.PostgreSQLDelegate
            quartz.sql=tables_postgres.sql
            logback.sql=postgresql.sql
  2. Add a datasource for internal storage in Tomcat's conf/context.xml. When Syncope does not find a datasource called jdbc/syncopeDataSource, it will connect to internal storage by instantiating a new connection per request, which carries a performance penalty. To avoid this penalty, you need to add the following code to <TomcatPath>/conf/context.xml:

    <Resource name="jdbc/syncopeDataSource" auth="Container"
        type="javax.sql.DataSource"
        factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
        testWhileIdle="true" testOnBorrow="true" 
        testOnReturn="true"
        validationQuery="SELECT 1" validationInterval="30000"
        maxActive="50" minIdle="2" maxWait="10000" initialSize="2"
        removeAbandonedTimeout="20000" removeAbandoned="true"
        logAbandoned="true" suspectTimeout="20000"
        timeBetweenEvictionRunsMillis="5000" 
        minEvictableIdleTimeMillis="5000"
        jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;
        org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer"
        username="syncope" password="syncope"
        driverClassName="org.postgresql.Driver"
        url="jdbc:postgresql://localhost:5432/syncope"/>

Testing the access to the Web application

  1. Go to http://localhost:8080/syncope-console/ (assuming that Apache Tomcat is running on localhost, port 8080).

  2. Log in with the default credentials:

    login: admin

    password: password