IAM appliance - iam-app-cas
RPM package with CAS access manager support.
This package is built "the usual way" using bcv-rpmbuild container.
Directory structure
-
/data/volumes/cas/cas.properties.d- directory which holds some persistent (keys) and supplementary configuration for CAS -
/data/volumes/cas/secrets- directory containing passwords and other secrets -
/data/volumes/cas/spnego- SPNEGO configuration files (keytab, krb5.conf, login.conf) are located here -
/data/volumes/cas/saml- CAS-writable directory for SAML2 IdP metadata (and possibly all other SAML-related stuff) -
/data/volumes/cas/msgcat- application localization overrides -
/data/volumes-shared/cas-services- CAS registered services' definitions -
/data/volumes-shared/cacerts- trusted certificates to import into Java truststore upon application start -
/data/logs/cas- logs-
This directory has to have correct SElinux labels. RPM package handles that in its
%postphase by executingsemanage fcontext ….
-
-
/data/volumes-shared/web-proxy-static/cas- static files for CAS branding. Those files are put into the web proxy directory…/web-proxy-static/cas/by this RPM package. Web proxy service does not care about it.
Configuration files
-
/data/registry/node-active-config/docker-compose-cas.yml- container compose file -
/etc/rsyslog.d/10_cas.conf- syslog configuration for the container to send logs to dedicated files on the filesystem -
/etc/logrotate.d/cas- logrotate configuration -
/data/volumes/cas/spnego/{krb5.conf,login.conf}- prepackaged templates and configurations for SPNEGO; must be edited by-hand by the administrator -
/data/volumes/cas/cas.properties.d/000_keys.properties- security keys for all the CAS takones there are. The file is generated during%postphase of RPM installation. -
/data/volumes/cas/msgcat/custom_messages.properties- override file for English language (and also fallback for unspecified message keys). Files for other languages must be created by-hand (for examplecustom_messages_cs.properties).