JVM parameter additions for external Tomcat installations
The following initialization parameters must be specified for the JVM that is running an external Tomcat. If Tomcat is controlled via scripts, these JVM parameters can be included in a script file:
- (Microsoft Windows) setenv.bat
- (UNIX) setenv.sh
When Tomcat is installed as a Windows Service, include these values in the wrapper. When the wrapper is a supplied Apache wrapper (via Tomcat6w.exe or Tomcat7w.exe), the JVM additions are added to the Java tab.
-Dcom.sun.identity.configuration.directory=<tomcat-dir>\webapps\atriumsso\WEB-INF\config
-XX:PermSize=64m
-XX:MaxPermSize=256m
-Dcom.sun.identity.session.connectionfactory.provider=com.bmc.atrium.sso.opensso.extensions.ha.ConnectionFactoryProviderImpl
-Djava.security.auth.login.config=login.conf
-Djavax.net.ssl.trustStore=<truststore-canonical-name>
-Djavax.net.ssl.trustStorePassword=<truststore-password>
-Djavax.net.ssl.trustStoreType=PKCS12
-Djavax.net.ssl.trustStoreProvider=JsafeJCE
-Djavax.net.ssl.keyStore=<keystore-canonical-name>
-Djavax.net.ssl.keyStorePassword=<keystore-password>
-Djavax.net.ssl.keyStoreType=PKCS12
-Djavax.net.ssl.keyStoreProvider=JsafeJCE
-Dopensso.protocol.handler.pkgs=com.bmc.atrium.sso.common
-Djava.protocol.handler.pkgs=com.bmc.atrium.sso.common
-Datsso.in.sso.server=true
Note
<truststore-canonical-name> and <keystore-canonical-name> are the full path and name to the truststore and keystore that were created by the user for use by the Tomcat server.
Where to go from here
- To adhere to FIPS-140, Configuring an external Tomcat instance for FIPS-140 .
Comments
Log in or register to comment.