secRT Demonstrator Tutorial

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

1. INTRODUCTION .............................................................................. 1 2. REQUIREMENTS ............................................................................. 2 3. INSTALLATION START O! T"E STARTER #IT ......................... 2

$. SAM%LE SCENARIO ....................................................................... 3

$.1. $.2. $.3. $.$. Start o& t'e sam(le scenario ................................................................................7 Securit) Connectors ............................................................................................14 %rotection o& t'e return (at' .............................................................................20 Em*e++in, o& -SDL +e&initions .......................................................................24

.. AD/ICE .......................................................................................... 20
..1. SSL Connection....................................................................................................28

#.$.$. Chan%"n% the &'a he (!m at (C) )!rt..........................................................28 #.$.2. SS* !nne t"!n w"th +" r!s!,t Internet E-'l!rer ............................................28 #.$... SS* !nne t"!n w"th +!/"lla 0"re,!- .................................................................29 #.$.4. Re'la "n% the SS* ert"," ate ............................................................................30 ..2. ..3. ..$. Su((orte+ num*er o& user1roles .......................................................................31 OutO&Memor) error ..............................................................................................31 %er&ormance (ro*lems 2Deacti3ation o& TC% monitors4 ..............................31

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

1.

Intro+uction

(han1 y!2 3ery m2 h ,!r y!2r "nterest "n the se R(. 4"th the se R( Dem!nstrat!r y!2 w"ll re e"3e a 're !n,"%2red 'a 1a%e ,!r e3al2at"!n !, the se 2r"ty s!l2t"!n. 5es"des the !m'!nents se R( and the SO& Se 2r"ty &da'ter6 add"t"!nally there "s a sam'le web ser3" e as well as a (C) +!n"t!r 7(C)+!n8 "n l2ded "n the Dem!nstrat!r. (h"s enables the ra'"d 'er,!rman e !, sam'le s enar"!s w"th!2t set-2' !, add"t"!nal "n,rastr2 t2re.

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

2.

Re5uirements

(he Dem!nstrat!r !nta"ns !m'!nents re92"r"n% a 4"nd!ws en3"r!nment 7e.%. :a3a "nstallat"!n8. (h2s "t "s n!t '!ss"ble t! start the Dem!nstrat!r !n !ther systems. (he se R(6 !, !2rse6 "s 'lat,!rm "nde'endent and an be r2n !n any system. )lease 1"ndly ens2re6 that the ,!ll!w"n% (C) )!rts are n!t 2sed !n y!2r test system; 0606 44. 2<<<622<<62#<< "TT% %ort o& t'e A(ac'e Tomcat H(()S )!rt !, the &'a he (!m at (C) )!rts !, the 're !n,"%2red se R( ent"t"es $9<<62$<<62.<<624<<626<< (C) )!rts !, the 're !n,"%2red m!n"t!rs 2.<$62.<2 &dd"t"!nal '!rts ,!r !n,"%2rat"!n e-am'le (C

&ls!6 'lease 1"ndly see the n!tes "n ha'ter #.

3.

Installation

Start o& t'e starter 7it

(he starter 1"t "s del"3ered as =I) ar h"3e6 !nta"n"n% an "nstallat"!n !, all !m'!nents m!d","ed ,!r dem! '2r'!ses. Un'a 1 the =I) ar h"3e d"re tly t! C;>. 4"th"n the ar h"3e there "s a 'rede,"ned ,"le str2 t2re. &,ter e-tra t"n% the CORISECIO d"re t!ry sh!2ld d"s'lay the ,!ll!w"n% str2 t2re;

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

0!r the start !, all !m'!nents a 5at h ,"le "s 2sed 7startDem!nstrat!r. md8. E-e 2te th"s ,"le t! start the starter 1"t.

$.

Sam(le scenario

(! enable a 92" 1 e3al2at"!n !, the s!l2t"!n6 CORISECIO 'r!3"des a Dem! 4eb Ser3" es as well as a (C) m!n"t!r. (he sam'le s enar"! 'r!te ts an !rder 'r! ess "n a b!!1 sh!'. It sends tw! re92ests t! d",,erent re "'"ents 7Ser3" es8. (he !mm2n" at"!n between the sh!' and the re "'"ents "s 2nen ry'ted "n th"s "n"t"al !nstellat"!n.

(h"s s enar"! "s a se%ment !, the e-am'le attended t! "n the 5SI?s SO& Se 2r"ty !m'end"2m. (he ,!ll!w"n% "ma%e d"s'lays the wh!le s enar"!.

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

Source8 SOA Securit) com(en+ium o& t'e 9SI

(he !rder 'r! ess "s 'r!te ted by the secRT. (he 'r!te t"!n "s d!ne between 4eb Sh!' and mer hant as well as between 4eb Sh!' and ,"nan "al ser3" es 'r!3"der. (he !nne t"!n between 4eb Sh!' and wareh!2se "s "%n!red here. 5y 2s"n% three Securit) Connectors the !m'lete data set between 4eb Sh!' and mer hant as well as the 'ayment "n,!rmat"!n t! the ,"nan "al ser3" es 'r!3"der are 'r!te ted. & !m'lete 'r!te t"!n !, the trans'!rtat"!n r!2te between mer hant and 'ayment 'r!3"der !2ld als! be d!ne b2t "s !m"tted t! %a"n a better !3er3"ew !, the s enar"!. Here the !nne t"!n ,r!m mer hant t! 'ayment 'r!3"der "s ass2med t! be 'r!te ted !therw"se. (he 'r!te ted set-2' !, the sam'le s enar"! "s as ,!ll!ws;
CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

5ased !n the ,"3e TC% monitors

!nta"ned "n the 'a 1a%e the 'r!te t"!n !, the !ntent !, the ,"rst TC% monitor sh!2ld

!nne t"!n may be s"m2lated. Here the en ry'ted.

exemplarily be 2sed ,!r dem!nstrat"!n !, the SO&) messa%e and the elements t! be

(he Securit) connectors 'r!te t the !nne t"!n 2s"n% S&+* a2thent" at"!n6 @+* S"%nat2re and @+* En ry't"!n. In th"s s enar"! a messa%e ,!r tw! d",,erent re "'"ents "s 'r!te ted. On !ne hand6 the wh!le data set ,!r the mer hant "s en ry'ted and s"%ned and !n the !ther hand the a ess data ,!r the 'ayment 'r!3"der "s es'e "ally en ry'ted se'arately. 5el!w the deta"led 'r! ed2re "s des r"bed;
CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

(he ,"rst Securit) Connector 7Aorder + payment encryptionB "n the d"a%ram8 "nserts a S&+* a2thent" at"!n t! the messa%e. (hen CpaymentInformationA "s en ry'ted 2s"n% the ert"," ate !, the th"rd Securit) Connector 7Cpayment decryptionA "n the d"a%ram8. S2bse92ently the messa%e 7SO&) En3el!'e8 "s s"%ned and en ry'ted. Here the wh!le COrderA element 7see SO&) messa%e %ra'h" ab!3e8 ,!r the se !nd Securit) Connector 7Corder decryptionA "n the d"a%ram8 "s en ry'ted. (hen the messa%e "s ,!rwarded t! the se !nd Securit) Connector e.%. 3"a the Internet. D!w the se !nd Securit) Connector s ans the S&+* a2thent" at"!n6 de ry'ts the messa%e and 3er","es the s"%nat2re. (he CpaymentInformationA data rema"ns en ry'ted. (he messa%e "s ,!rwarded t! the mer hant. (he th"rd Securit) Connector de ry'ts the CpaymentInformationA data and ,!rwards "t t! the 'ayment 'r!3"der.

(he !n,"%2rat"!n !, the "nd"3"d2al Securit) Connectors "s des r"bed m!re deta"led 2nder '!"nt 4.2. D! ,2rther !n,"%2rat"!n !, the Securit) Connectors "s re92"red ,!r e-e 2t"!n !, th"s sam'le s enar"!. (! be able t! 3"ew the !mm2n" at"!n between the "nd"3"d2al 'ara%ra'hs6 se3eral TC% monitors are 2sed. Us"n% these TC% monitors a t"!ns 'r! essed !n the SO&) messa%e an be 3"ewed. In the sam'le s enar"!6 # TC% monitors are started "n !ne w"nd!w.

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

&s !nly the way !2t "s se 2red6 always !nly the 2''er 'art !, the TC% monitor "s rele3ant. In the ,!ll!w"n% "ma%e th"s 'art "s mar1ed "n red.

$.1.
(he

Start o& t'e sam(le scenario

s!l2t"!n "s n!w ready-,!r-2se and may be alled 2' 2nder

http://localhost:8080/WSDemo/.
CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

(! !bta"n hel' ,!r the 2se !, the Dem! s enar"!6 y!2 may m!3e the m!2se !3er the b2tt!n Dem! Hel' 7 8 !n ea h 'a%e. Here a hel' ,!r the re92"red ste's "s d"s'layed !n the res'e t"3e 'a%e. Start the b!!1 !rder w"th a l" 1 !n CStart DemoA "n the m"ddle !, the w"nd!w.

Ch!se !ne !r m!re art" les ,r!m the ass!rtment and then Shopping Cart t! $<8.

!n,"rm w"th Add to

at the end !, the 'a%e 7the ma-"m2m am!2nt 'er "tem "s l"m"ted

D!w !n,"rm y!2r h!" e w"th !roceed to Chec"o#t .

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

Enter sam'le data "n address and 'ayment data re92est and OrderA 7the red"t ard n2mber m2st be a $6-d"%"t n2mber8.

!n,"rm w"th CSend

(hen y!2 w"ll see the res'e t"3e messa%es !n the TC% monitors. Here th"s "s sh!wn e-em'lar"ly 2s"n% e- er'ts !, the "nd"3"d2al m!n"t!rs. (he !ther dem! sh!' s"tes are !nly ,!r "n,!rmat"!n '2r'!ses. 5y l" 1"n% !n Send Order the !'erat"!n "s !m'leted.
CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

TC% Monitor :1 2Ta* %ort 1;6648 (he messa%e "s 2nen ry'ted and all !rder "n,!rmat"!n "s 3"s"ble. In the s enar"! th"s TC% monitor "s l! ated between the web sh!' and the ,"rst CORISECIO Se 2r"ty C!nne t!r. D! se 2r"ty 'r! ed2re has been e-e 2ted yet.

TC% Monitor :2 2Ta* %ort 216648 &,ter ha3"n% been 'r! essed by the ,"rst CORISECIO Se 2r"ty C!nne t!r S&+* a2thent" at"!n "n,!rmat"!n was added6 the 'ayment "n,!rmat"!n and the ele tr!n" !m'lete COrderA element were en ry'ted. &dd"t"!nally the messa%e was a''l"ed w"th an s"%nat2re. (he ,!ll!w"n% "ma%es sh!w the "nd"3"d2al elements w"th"n the S&O) messa%e.

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

$< $<

SAML aut'entication in&ormation

Si,nature

Encr)(tion (he wh!le COrderA element has been en ry'ted. &s des r"bed "n the s enar"!6 als! the CpaymentInformationA element was 're3"!2sly en ry'ted. (h"s w"ll be sh!wn "n the ne-t TC% monitor.
CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

$$ $$

TC% Monitor :3 2Ta* %ort 236648 (he se !nd Securit) Connector de ry'ted the COrderA element6 the

CpaymentInformationA data rema"ns en ry'ted. &dd"t"!nally the S&+* assert"!n was s anned and the s"%nat2re 3er","ed.

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

$2 $2

TC% Monitor :$ 2Ta* 2$6648 (he mer hant ,!rwards the CpaymentInformationAF th"s "s en ry'ted G as be,!re. (he messa%e has han%ed as the !rder data has been e-tra ted and !nly address data and 'ayment data are ,!rwarded.

TC% :. 2Ta* 2<6648 D!w6 the 'ayment data "s be"n% de ry'ted and may be 'r! essed by the 'ayment 'r!3"der.

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

$. $4

0"nally y!2 may all 2' a s2mmary http://localhost:8080/WSDemo/pp

!,

the

'ayment

'r!3"der

2nder

as well as 2nder !rders.

http://localhost:8080/WSDemo/dl

a s2mmary !, the

)lease 1"ndly n!te that the !n,"%2red (C) m!n"t!rs are n!t des"%ned ,!r l!n%-term 2sa%e !r l!ad tests. I, 'r!te t"!n !, web ser3" es seems t! be sl!w6 y!2 may dea t"3ate the (C) m!n"t!rs. (he re92"red 'r! ed2re "s des r"bed "n ha'ter #.4. H!2 ha3e s2 ess,2lly !m'leted the 're'ared s enar"!. H!2 may n!w see and ed"t

the Securit) Connector sett"n%s "n the ,!ll!w"n% ha'ter.

$.2.

Securit) Connectors
!ns!le6

(he !n,"%2rat"!n !, the Securit) Connectors "s d!ne 3"a the -or7&lo= Mana,er !n the l! al secRT ent"ty. (he l! al adm"n"strat"!n "s d!ne 3"a a web a ess"ble 3"a br!wser. (he three Securit) Connectors are a s enar"! d"a%ram8; https://localhost/cons#mer https://localhost/pro$ider https://localhost/payment ess"ble 2nder the ,!ll!w"n% addresses 7see

https://localhost/pro%y H!2 may l!%-"n w"th the 'assw!rd Csec&'A !n the res'e t"3e Securit) Connector.

D!w

h!!se -or7&lo= Mana,er ,r!m the le,t-hand men2 t! see !r ed"t the

res'e t"3e Securit) Connectors.

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

$6

I"a the 4!r1,l!w +ana%er se3eral 4!r1,l!ws w"th"n a C!nne t!r may be adm"n"strated. (here,!re6 the !3er3"ew 'a%e !, the a3a"lable w!r1,l!ws "s d"s'layed ,"rst. 0!r the sam'le s enar"! !nly !ne w!r1,l!w 'er !nne t!r "s !n,"%2red. Cl" 1 !n the (dit b2tt!n a,ter the name !, the (he a t"3e w!r1,l!ws !n,"%2red w!r1,l!w ea h6 t! 3"ew the "n the standard !n,"%2rat"!n are deta"l !n,"%2rat"!n.

!ns2mer6 'r!3"der and 'ayment.

(he 2rrently a t"3e w!r1,l!w "s mar1ed w"th the symb!l . Herea,ter the !n,"%2rat"!ns !, the "nd"3"d2al Securit) Connectors ,r!m the sam'le s enar"! are sh!wn.
CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

$#

>or+er ? (a)ment encr)(tion@ Securit) Connector8 consumer -or7&lo=

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

$7 $7

>or+er +ecr)(tion@ Securit) Connector8 (ro3i+er -or7&lo=

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

$E $E

>(a)ment +ecr)(tion@ Securit) Connector8 (a)ment -or7&lo=

S'ort +escri(tion o& t'e &unctions use+8 AppServer Listener #1 C!n,"%2rat"!n !, the (C) )!rt SetSecRTEntity C!n,"%2rat"!n !, the ent"ty name6 the 'r"3ate 1ey and the ert"," ate. ExtractFromRequest
CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

$9 $9

E-tra t"n% !, a SO&) messa%e ,r!m an H(()-Re92est SAMLAddUserAuth SAML !"# $ Insert"n% !, a S&+* a2thent" at"!n "n,!rmat"!n encrypt%&athFor'erti(icate En ry't"!n !, the re92"red @+* element w"th the %"3en ert"," ate Si)nS*A&Envelope+ith%&ath S"%nat2re !, the SO&) messa%eF the s"%nat2re "s d!ne by the elements re,eren ed by the %"3en @-)ath. Envelope,nRequest Insert"n% !, the SO&) messa%e "nt! an H(() re92est &roxy )r!-y !n,"%2rat"!n ,!r ,!rward"n% !, the htt' re92est decrypt%&ath De ry't"n% !, an @+* element w"th the 'r"3ate 1ey SAML'hec-UserAuth SAML !"#$ Che 1"n% !, the S&+* a2thent" at"!n "n,!rmat"!n veri(yS*A&Envelope Ier"," at"!n !, s"%nat2re

$.3.

%rotection o& t'e return (at'

ha'ter w"ll be

Us"n% the 'r!te t"!n !, the ret2rn 'ath as an e-am'le "n th"s

dem!nstrated h!w 4eb Ser3" es may be 'r!te ted eas"ly w"th the hel' !, se R(. (he htt' res'!nse between the ent"t"es !ns2mer and 'r!3"der "s 'r!te ted. 0!r th"s '2r'!se the w!r1,l!w !, b!th ent"t"es has t! be ada'ted "n the dem!nstrat!r. $. O'en a br!wser and enter the address https://localhost/pro$ider.
CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

2< 2<

2. *!%-"n at the se R( 2s"n% the 'assw!rd sec&'. .. Cl" 1 the b2tt!n -or7&lo= !n the men2 bar. 4. & t"3ate the a t"!n bar. he 1b!- at the 4!r1,l!w (ro3i+er and sele t E+it ,r!m the

#. &dd the ,!ll!w"n% ,2n t"!ns "n the area -or7&lo= Se5uence 2s"n% the Dr!'D!wn 5!- !unction; (%tract)rom&esponse (ncrypt*!ath)orCertificate (n$elopeIn&esponse

6. Ch!se the ,2n t"!n (ncrypt*!ath)orCertificate and l" 1 Con&i,ure+ 7. 0r!m Con&i,ure certi&icate !ns2mer. h!se the ert"," ate !, the se R( ent"ty

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

2$ 2$

E. C!'y the ,!ll!w"n% te-t t! the te-t ,"eld Con&i,ure A%at' 73"a the @)ath "s de,"ned wh" h element w"ll be en ry'ted8; //,-local.name/0 1 2Ordering&es#lt23

9. Cl" 1 O7 t! sa3e the han%es. $<. & t"3ate the he 1b!- at 4!r1,l!w (ro3i+er and sele t Acti3ate 1 Deacti3ate ,r!m the a t"!n bar. In d!"n% s!6 the w!r1,l!w w"th the 2'dated 3al2es "s l!aded. $$. O'en a br!wser and enter the address https://localhost/cons#mer. $2. *!%-"n t! the se R( 2s"n% the 'assw!rd sec&'. $.. Cl" 1 the b2tt!n -or7&lo= !n the men2 bar. $4. & t"3ate the he 1b!- at the 4!r1,l!w consumer and sele t Ed"t ,r!m the a t"!n bar.

$#. &dd the ,!ll!w"n% ,2n t"!ns 2s"n% the Dr!'-D!wn 5!- 02n t"!ns;
CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

22 22

(%tract)rom&esponse Decrypt*!ath (n$elopeIn&esponse

$6. Ch!se the ,2n t"!n Decrypt*!ath and l" 1 !n Con&i,ure. $7. C!'y the ,!ll!w"n% te-t t! the te-t ,"eld Con&i,ure A%at' 73"a the @)ath "s de,"ned wh" h element w"ll be en ry'ted8; //,-local.name/0 1 2Ordering&es#lt23

$E. Cl" 1 O7 t! sa3e the han%es.

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

2. 2.

$9. & t"3ate the

he 1b!- at the w!r1,l!w consumer and sele t Acti3ate 1

Deacti3ate ,r!m the a t"!n bar. 4"th th"s a t"!n the w!r1,l!w w"th the 2'dated 3al2es "s l!aded. (he !n,"%2rat"!n !, the en ry't"!n "s n!w !m'leted. 4"th th"s !n,"%2rat"!n als! the ret2rn 'ath between the se R( ent"t"es !ns2mer and 'r!3"der "s 'r!te ted. (he res2lt an be seen !n )!rt 2$<< !n the (C) m!n"t!rF n!w attent"!n m2st be 'a"d t! the l!wer 'art !, the (C) m!n"t!r.

$.$.

Em*e++in, o& -SDL +e&initions

0!r the ,!ll!w"n% s enar"! an!ther se R( ent"ty was 're- !n,"%2red and a w!r1,l!w was 're-de,"ned. In th"s s enar"! the t2rn!3er ta- ad3an e ret2rn ,!r ea h transa t"!n "s d!ne a2t!mated at the l! al ta- !,," e. (h"s 'r! ess re'resents the l!werm!st 'art !, the !3erall s enar"! already "ntr!d2 ed. 0!r th"s a 'r!3"ded 4SD* de,"n"t"!n "s 2sed and the 3al2e !, the 2rrent transa t"!n "s entered. $. O'en a br!wser and enter the address https://localhost/4sdl.
CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

24 24

2. Cl" 1 A+min !n the men2 bar and sele t Im(ort 1 EB(ort. .. Sele t -or7&lo=s 2nder Im(ort "n the Dr!'-D!wn 5!-. 4. D!w l" 1 the 5r!wse b2tt!n and h!se the ,"le C:5CO&IS(CIO54or"flo4+cs$. 4"th th"s ,"le a 're !n,"%2red w!r1,l!w "s "m'!rted "n the se R(.

#. D!w l" 1 !n -or7&lo= "n the men2 bar. 6. Sele t the 4!r1,l!w umsatCsteuer 7t2rn!3er ta-8 and l" 1 !n Acti3ate1 Deacti3ate.

7. Re all the sh!' 3"a the address http://localhost:8080/WSDemo. E. Order any am!2nt !, b!!1s and enter the re92"red data. 9. &,ter !m'let"!n !, the !rder 'r! ess 'lease all 2' the ,!ll!w"n% address http://localhost:8080/WSDemo/fa t! 3"ew the t2rn!3er ta- ad3an e ret2rn.

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

2# 2#

S'ort +escri(tion o& t'e use+ &unctions8

ExtractFromRequest E-tra t"n% !, a SO&) messa%e ,r!m an H(() re92est %ML.alueToExecution.aria/le Read"n% !, an @+* 3ar"able 7!rder 3al2e8 ,r!m the !rder and sa3"n% "n a 3ar"able.
CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

26 26

'reateS*A&Messa)eFrom+S0L J2ery !, a 4SD* de,"n"t"!n and %enerat"!n !, an a''r!'r"ate SO&) messa%e. Set.alue*(%&ath Sett"n% !, 3ar"able 7!rder 3al2e8 3al2e "n a de,"ned @)ath. Envelope in Request Insert"n% !, a SO&) messa%e "n an H(() re92est &roxy )r!-y !n,"%2rat"!n ,!r ,!rward"n% !, the H(() re92est

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

27 27

..

A+3ice

In th"s ha'ter y!2 w"ll ,"nd "n,!rmat"!n t! s!l3e '!tent"al 'r!blems.

..1.
&s the

SSL Connection
!nne t"!n w"th the se R( ent"t"es "s 'r!te ted 3"a a sel,-"ss2ed SS* ha'ter "s ess the se R( ent"t"es des'"te !, warn"n%s 72nder

ert"," ate6 y!2 w"ll re e"3e warn"n% messa%es "n y!2r br!wser. In th"s des r"bed6 h!w y!2 may a

+" r!s!,t Internet E-'l!rer and +!/"lla 0"re,!-8. 02rtherm!re6 a re'la ement !, the SS* ert"," ate 2sed "s e-'la"ned.

..1.1.
(!m at

C'an,in, t'e A(ac'e Tomcat TC% %ort

!n,"%2rat"!n. Cl!se the !m'lete dem!nstrat!r and !'en the ,"le

I, the H(()S (C) )!rt "s 2sed !n y!2r ser3er already6 y!2 may han%e the &'a he C:\CORISECIO\Tomcat\conf\server.xml. In the l"ne port="443" "nstead !, 443 enter the re92"red (C) )!rt.

..1.2.

SSL connection =it' Microso&t Internet EB(lorer

4hen a ess"n% the se R( ent"t"es a n!t"," at"!n a''ears "n the Internet E-'l!rer that there "s a 'r!blem w"th the ert"," ate !, the web s"te.

Here

l" 1 !n Contin e

to t!is

"e#site

$not

recommen%e%&'(

t!

establ"sh the !nne t"!n t! the se R( !r t! the 4ebsh!'.

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

2E 2E

..1.3.

SSL connection =it' MoCilla !ire&oB

4hen a ess"n% the se R( ent"t"es !r the dem! web sh!' a n!t"," at"!n "n 0"re,!a''ears that the !nne t"!n "s n!t t! be tr2sted.

Here l" 1 !n I )n%erstan% t!e Ris*s'.

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

29 29

(he b2tt!n Add Exception

a''ears "n 0"re,!-. )lease l" 1 th"s b2tt!n. & d"al!% ,!r

&dd"n% !, se 2r"ty e- e't"!n r2les "s !'ened.

)lease l" 1 !n =ert","1at her2nterladen and then !n Confirm Sec rit+ Exception'. D!w y!2 w"ll be ,!rwarded w"th!2t warn"n% d"re tly t! the se R( ent"t"es res'. the dem! sh!' at ea h all.

..1.$.

Re(lacin, t'e SSL certi&icate

(! re'la e the &'a he (!m at SS* ert"," ate6 ,"rst term"nate all r2nn"n% ent"t"es. & s2"table )$2 C!nta"ner "s re92"red ,!r the SS* !n,"%2rat"!n. 0"nally a t as ,!ll!ws; C!'y y!2r )$2 ,"le t! the d"re t!ry C:\CORISECIO\Tomcat O'en the ,"le C:\CORISECIO\Tomcat\conf\server.xml
CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

.< .<

In the r!w *e+store,ile re'la e the entry secrt.p-. w"th the ,"le y!2 re92"re. In the r!w *e+store/ass re'la e the 'assw!rd ,!r the )$2 ,"le. Start the dem!nstrat!r by C:\CORISECIO\start0emonstrator.cm%. all"n% the ,"le

..2.

Su((orte+ num*er o& user1roles

)lease 1"ndly n!te that the standard !n,"%2rat"!n was des"%ned ,!r .<< !bKe ts at 2ser and r!le.

..3.

OutO&Memor) error

(he starter 1"t was !n,"%2red w"th the standard 3al2e $<24+5 R&+. I, y!2 w!2ld l"1e t! r2n m!re !m'le- tests6 "t "s ad3"sable t! "n rease the a3a"lable mem!ry. In !rder t! d! s! the ,"le C:\CORISECIO\Tomcat\#in\catalina.#at needs t! be adK2sted. 0!r th"s !'en the ,"le w"th a te-t ed"t!r !, y!2r h!" e and sear h ,!r the 3al2e set 12324O/TS=512324O/TS5'. In th"s r!w "n rease the ma-"m2m hea' s"/e 3al2e 76 7mx-839:8 t! "n rease the R&+ l"m"t t! $#.6 +e%abyte. )lease 1"ndly n!te that the l"m"t ,!r .2 b"ts !'erat"n% systems "s $6<< +5. E-am'le; set 12324O/TS=512324O/TS5 67mx-839: 677::ax/ermSi;e=.89m 6 0<ava. til.lo==in=.mana=er=or=.apac!e.< li.Class>oa%er>o=:ana= er 6 0<ava. til.lo==in=.confi=.file="5C2T2>I?24@2SE 5\conf\lo==in=.p roperties" )lease ens2re that the @m- entry as well as the +a-)erms"/e )arameter 76 7mx-839: 677::ax/ermSi;e=.89m& are set at y!2r &'a he (!m at ent"ty.

..$.

%er&ormance (ro*lems 2Deacti3ation o& TC% monitors4

)lease 1"ndly n!te that # (C) m!n"t!r ent"t"es ha3e been "nserted between ea h se t"!n. (he (C) m!n"t!rs are 2sed ,!r !ntr!l !, e- han%ed data. I, y!2 w!2ld l"1e t! r2n 'er,!rman e !r l!ad tests6 y!2 may dea t"3ate the 2se !, the (C) m!n"t!rs.

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

.$ .$

0!r th"s "t "s re92"red t! term"nate the (C) m!n"t!rs and t! a t"3ate ea h w!r1,l!w w"th the add-!n 7n! (C) +!n"t!r8 "n the three se R( ent"t"es. &dd"t"!nally y!2 ha3e t! term"nate the &'a he (!m at and t! re'la e the !ntent !, the ,"le C:\CORISECIO\Tomcat\"e#apps\AS0emo\confi=.xml w"th the !ntent !, the ,"le confi=4"it!o tTC/:onitor.xml "n the same d"re t!ry. &,terwards restart the dem!nstrat!r w"th C:\CORISECIO\start0emonstrator.cm%. )lease 1"ndly n!te that the (C) m!n"t!rs are alled 2' a2t!mat" ally at ea h re-start !, the dem!nstrat!r. (h"s an be han%ed by delet"n% the r!w start tcpmon.#at "n the ,"le C:\CORISECIO\start0emonstrator.#at. (! re-2se the (C) m!n"t!rs6 a t as ,!ll!ws; "n the three se R( ent"t"es the w!r1,l!ws ha3e t! be reset t! the "n"t"al state. )lease st!' the &'a he (!m at ent"ty and re'la e the !ntent !, the ,"le C:\CORISECIO\Tomcat\"e#apps\AS0emo\confi=.xml all"n% the ,"le C:\CORISECIO\start0emonstrator.cm%" w"th the !ntent !, the

,"le !n,"%Lw"th(C)+!n"t!r.-ml "n the same d"re t!ry. (hen start the dem!nstrat!r by

CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www. !r"se "!. !m

.2 .2