Provide Secure Backend for PPT (Windows)
Prerequisites
These are the prerequisites:
Install the required Java JDK version (please refer to PoolParty System Requirements
PoolParty installed
Have valid certificates in place in PKCS#12 format or .pfx and know the passphrase(s).
Either for both services
*.domain.org
, or,One for
poolparty.domain.org
and one forpoolparty-keycloak.domain.org
.
In our example we use two separate pfx files: C:\keycloak.pfx
and C:\poolparty.pfx
and have PoolParty installed in the C:\opt\poolparty
folder.
Create a Java Keystore (.JKS)
Keycloak and PoolParty use a Java keystore to secure traffic.
To make things easier we import both certificates into one keystore.
PS C:> keytool.exe -importkeystore -srckeystore .\keycloak.pfx -srcstoretype pkcs12 -destkeystore .\poolparty.jks -deststoretype JKS # Enter a secure password as the keystore password PS C:> keytool.exe -importkeystore -srckeystore .\poolparty.pfx -srcstoretype pkcs12 -destkeystore .\poolparty.jks -deststoretype JKS # Enter a secure password as the keystore password
Adjust the Keycloak Installation
To adjust the Keycloak Installation, do the following:
Stop the PoolParty Keycloak service if it's running.
Make sure the following properties are part of
C:\opt\poolparty\auth_service\keycloak\conf\keycloak.conf
:https-port=8181
#http-port
(comment it out)https-key-store-file=C:\\poolparty.jks
(use escape backslash)https-key-store-password=password
proxy=reencrypt
(if you run a proxy in front of Keycloak)hostname=poolparty-keycloak.domain.org
#http-enabled=true
(comment it out)
Run C:\opt\poolparty\auth_service\keycloak\bin\kc.bat build.
Run C:\opt\poolparty\auth_service\keycloak\bin\kc.bat start to check if it starts without any errors.
If it started without any error, go to
C:\opt\poolparty\auth_service\keycloak\bin
and:Rename
KcService.exe
toKcServiceOld.exe
.Rename
KcServiceProd.exe
toKcService.exe
.
Start the PoolParty Keycloak service.
Adjust the PoolParty Installation
To adjust the PoolParty installation, do the following:
Stop the PoolParty Tomcat service if it's still running.
In the
C:\opt\poolparty\config\keycloak
folder change theauth-server-url
tohttps://poolparty-keycloak.domain.org/auth/
in each{admin,ppgs,ppx,ppt}-keycloak.json
file.Change the following properties in
C:\opt\poolparty\config\poolparty.properties
:ppt-url
tohttps://poolparty.domain.org/PoolParty
.If not installed with this domain, also change the baseURIs for the following:
Scheme
Vocabulary
User
Add the following lines to the Tomcat Connector that you are using in
C:\opt\poolparty\tomcat\conf\server.xml
:secure="true"
scheme="https"
SSLEnabled="true"
keystoreFile="C:\poolparty.jks"
keystorePass="password"
keystoreType="PKCS12"
Start the PoolParty Tomcat service.