Show Table of Contents
1.3. Installing Red Hat JBoss BRMS Using the Installer
The installer for Red Hat JBoss BRMS is an executable Java jar file. You can use it to install JBoss BRMS on an existing EAP 6.4 installation.
Note
For security reasons, you should run the installer as a
non-root user.
Prerequisite
Before attempting to install JBoss BRMS, ensure you have already installed Red Hat JBoss EAP 6.4 or better.
Setup Location and Users
Navigate to the folder where you downloaded the installer file in a command prompt and execute the following command.java -jar jboss-brms-6.2.0.GA-installer.jarNote
When running the installer on Windows, you may be prompted to provide administrator credentials during the installation. To prevent this, add theizpack.mode=privilegedoption to the installation command:java -Dizpack.mode=privileged -jar jboss-brms-6.2.0.GA-installer.jar- The graphical installer will execute and display a splash screen and a license agreement page. Accept the license to proceed.
- In the next screen, provide the parent location of an existing JBoss EAP where JBoss BRMS must be installed. The screenshot below depicts an example directory path:
Figure 1.1. Red Hat JBoss BRMS Installer for EAP Directory Path
- In the next two screens, create two users: the first one for the management console of the EAP (ManagementRealm) and the second one for managing JBoss BRMS itself (ApplicationRealm).Creation of the first user for the management console of JBoss EAP is optional and you may skip it if it is not required.Make a note of these usernames and passwords as you will need them to access the JBoss EAP server (if you do decide to create it) and the JBoss BRMS application respectively.
Note
The username that you create should not be the same as any of the pre-defined roles (See Section 1.8, “Defining Roles”).The passwords that you create must have at least 8 characters and must contain at least one number and one non-alphanumeric character (not including the character &).Note
The application role assigned to the second user that you create is theadminrole. This is the only role that can be assigned to this newly created user. You can create more users with narrow roles afterwards by using the command line. Setup Security Environment
Next, you will setup the security environment of your new JBoss BRMS install. Decide to enable or disable the Java Security Manager in this step by clicking on the check box. The Java Security Manager makes your system more secure but may downgrade performance. You need to make a decision based on your environment.- Choose whether you want to setup pure IPv6 configuration on the server that the installation is taking place. This will allow you to setup runtime IPv6 specific configurations later.
Configure Runtime Environment
This step provides the option of using a default configuration or specifying an advanced configuration.Default Configuration
Choose default configuration for the runtime environment in the next step and click to review the installation details. If you are happy with the details, click to start the actual installation or click to go back and make changes.Advanced Configuration
Choose to enable advanced configuration options. Select "Perform advanced configuration" and choose the advanced configuration options you want to enable for your environment via the check boxes.
Figure 1.2. Advanced Configuration Options
Configure Vault Password
Vault passwords are used to obfuscate passwords in the various server descriptors using a java secret key generated during the installation process, or manually using the keytool. This prevents passwords from being stored as plain text in the descriptors. Theiteration countandsaltare both parameters to the encryption process.For more information about vault passwords, see the Red Hat JBoss EAP Security Guide.
Figure 1.3. Configure vault password
SSL Security
This screen allows you to add the<ssl>and<truststore>elements to the ManagementRealm security-realm using the provided keystore.The end result is an encrypted connection that is secure between the client and the server for the ManagementRealm.- The
<ssl>element causes the server to present the certificate within the keystore as its identity, which allows the user to apply their official certificate. - The
<truststore>element enables "Client-Cert" authentication. This means that, if a remote client attempts to connect to any resource managed by the ManagementRealm, the client can present a certificate, and if an entry in the truststore matches, will be authenticated without needing to provide a username / password.
Figure 1.4. SSL Security Configuration
LDAP Security
This step in the installer allows the user to define an LDAP server, which in turn defines users which should be allowed to authenticate with the ManagementRealm. This replaces the default configuration.The screen allows users to define how to connect to the LDAP server.- The Distinguished Name(DN): the user that can connect to the LDAP server. Typically the DN will uniquely define a special user for this purpose.
Figure 1.5. LDAP Connection Configuration
LDAP Security (Management Console)
The screen allows you to set up a security realm. This defines the<security-realm>element to be added to the descriptors, and utilizes the connection defined previously.
Figure 1.6. Management Console LDAP Configuration
- Base DN: Will typically define a 'base search' or 'root context' to begin searching for users.
- Filter type: Tells JBoss EAP how to find the LDAP attribute that defines a user; it is can be a simple attribute, but can also be a complex "LDAP Filter".
- Username attribute: The LDAP attribute which holds the username values. A username entered in this field is used for search queries as a value of the 'uid' attribute. If a user chooses 'LDAP syntax query' as a filter type, this query must be specified in this field.
- Recursive directory search: If enabled, JBoss EAP will traverse the LDAP tree recursively, starting at Base DN. Otherwise, the search will be limited to Base DN.
LDAP Security (Business Central)
Most of the following fields are similar to the Base DN. Contexts are used to search for roles, which allows it to perform authorization in addition to authentication. Otherwise, thecontextfields are analogous to the Base DN from the previous, andattributefields are analogous to Username attribute. The filters allow fine grained control over which values of the given attribute will be accepted.Input values from Business Central LDAP Configuration page are used to configure a new security domain, which make use ofLdapExtendedlogin module. This security domain is set as default for Business Central web application. For more information about security domains and login modules, see the Red Hat JBoss EAP Security Guide.
Figure 1.7. Business Central LDAP Configuration
Security Domain and JSSE
The Security Domain screen allows you to configure all of the elements of the<security-domain>security subsystem for managing security information, including JSSE configuration. For more detailed information about configuring security domains, see the Red Hat JBoss EAP Security Guide.
Figure 1.8. Security Domain
Figure 1.9. JSSE Configuration
- The installer will go through the steps to install JBoss BRMS and will perform post installation configuration steps when you click . The installer will also start the JBoss BRMS server and connect to it to validate the installation. Click to get to the last screen where you can generate the installation script and properties file. Click to quit the installer.
You have successfully installed Red Hat JBoss BRMS using the installer.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.