Previous Topic: Configuring SSL and Redirection in Apache TomcatNext Topic: Verifying the SSL Configuration in Tomcat

CA Adapter Windows Installation GuideConfiguring SSL and Redirection in Apache TomcatConfiguring SSL

Configuring SSL

Authentication Flow Manager (AFM) and State Manager components are installed on the application server. Therefore, to enable SSL for these components, you have to configure the application server where these components are deployed for SSL.

To enable Authentication Shim to communicate over SSL, you must set the following configuration parameters in the adaptershim.ini file:

To enable Apache Tomcat for SSL

Important! If you are integrating Adapter with the SAML-based Web portal, then you must also perform this task on the Service Provider's system.

  1. Browse to the following location on the system where you have installed State Manager: 
    state_manager_installation_dir\adapterStateManager\certs
  2. Copy the server.keystore file on the system where AFM is installed. For example, copy this file into a temporary folder called system_drive\Arcot Adapter\certificate.
  3. Navigate to the following location on the system where AFM is installed: 
    Tomcat_root\conf

    Note: Tomcat_root refers to the Apache Tomcat installation directory. Refer to the vendor documentation for instructions on how deploy on other supported application servers.

  4. Open server.xml file in a text editor.
  5. Search for the following code: 
    <!--
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
-->

    Replace the code with

    <Connector SSLEnabled="true" clientAuth="false" keystoreFile="system_drive/Arcot Adapter/certificate/server.keystore" keystorePass="123456" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>
  6. (Only for Apache Tomcat 7.x) If you are configuring SSL on Apache Tomcat 7.x, you might see an error with default configurations. In this case, you must:
    1. Delete the bin\tcnative-1.dll file.
    2. In server.xml, search for and remove the following line: 
      <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  7. Save and close server.xml.
  8. Restart Apache Tomcat.