Skip to main content

Provide Secure Backend for PPT (Windows)

Abstract

Provide Secure Backend for PPT (Windows)

Prerequisites

These are the prerequisites:

  • Install Java 11 JDK

  • PoolParty installed

  • Have valid certificates in place in PKCS#12 format or .pfx and know the passphrase(s).

    • Either for both services *.domain.org, or,

    • One for poolparty.domain.org and one for poolparty-keycloak.domain.org.

In our example we use two separate pfx files: C:\keycloak.pfx and C:\poolparty.pfx and have PoolParty installed in the C:\opt\poolparty folder.

Create a Java Keystore (.JKS)

Keycloak and PoolParty use a Java keystore to secure traffic.

PS C:> keytool.exe -importkeystore -srckeystore .\keycloak.pfx -srcstoretype pkcs12 -destkeystore .\poolparty.jks -deststoretype JKS # Enter a secure password as the keystore password
PS C:> keytool.exe -importkeystore -srckeystore .\poolparty.pfx -srcstoretype pkcs12 -destkeystore .\poolparty.jks -deststoretype JKS # Enter a secure password as the keystore password
  • To make things easier we import both certificates into one keystore.

Adjust the Keycloak Installation

To adjust the Keycloak Installation, do the following:

  1. Stop the PoolParty Keycloak service if it's running.

  2. Make sure the following properties are part of C:\opt\poolparty\auth_service\keycloak\conf\keycloak.conf:

    1. https-port=8181

    2. #http-port (comment it out)

    3. https-key-store-file=C:\\poolparty.jks (use escape backslash)

    4. https-key-store-password=password

    5. proxy=reencrypt (if you run a proxy in front of Keycloak)

    6. hostname=poolparty-keycloak.domain.org

    7. #http-enabled=true (comment it out)

  3. Run C:\opt\poolparty\auth_service\keycloak\bin\kc.bat build.

  4. Run C:\opt\poolparty\auth_service\keycloak\bin\kc.bat start to check if it starts without any errors.

  5. If it started without any error, go to C:\opt\poolparty\auth_service\keycloak\bin and:

    1. Rename KcService.exe to KcServiceOld.exe.

    2. Rename KcServiceProd.exe to KcService.exe.

  6. Start the PoolParty Keycloak service.

Adjust the PoolParty Installation

To adjust the PoolParty installation, do the following:

  1. Stop the PoolParty Tomcat service if it's still running.

  2. In the C:\opt\poolparty\config\keycloak folder change the auth-server-url to https://poolparty-keycloak.domain.org/auth/ in each {admin,ppgs,ppx,ppt}-keycloak.json file.

  3. Change the following properties in C:\opt\poolparty\config\poolparty.properties:

    1. ppt-url to https://poolparty.domain.org/PoolParty.

    2. If not installed with this domain, also change the baseURIs for the following:

      1. Scheme

      2. Vocabulary

      3. User

  4. Add  the following lines to the Tomcat Connector that you are using in C:\opt\poolparty\tomcat\conf\server.xml:

    1. secure="true"

    2. scheme="https"

    3. SSLEnabled="true"

    4. keystoreFile="C:\poolparty.jks"

    5. keystorePass="password"

    6. keystoreType="PKCS12"

  5. Start the PoolParty Tomcat service.