Deploying Administration Web Interface to Apache Tomcat manually

To deploy Administration Web Interface to Apache Tomcat manually

  1. Copy the OneSpan Web Configuration Tool from the product CD to a folder on the web server and omit the version number:

    cd_drive/Software/webadmin/admintool_3.26.0.jar

  2. Copy the Administration Web Interface web application from the product CD to the Apache Tomcat web application folder and omit the version number:

    cd_drive/Software/webadmin/webadmin_3.26.0.war

  3. Open a terminal window.

  4. Change to the folder to which you copied the OneSpan Web Configuration Tool.

  5. Run the following command:

    java -Dcom.vasco.identikey.webapps.configfile=properties_file -jar admintool.jar server add name url

    where:

    • properties_file is the absolute path to the target properties file, i.e. the file the Administration Web Interface uses to save its configuration.
    • name is the display name for OneSpan Authentication Server.
    • url is the IP address including the SOAP port of the OneSpan Authentication Server instance in URL format, e.g. https://192.0.2.1:8888.

    This creates a new server record for the OneSpan Authentication Server instance in the Web Administration Service, which can be selected on the Login page of the Administration Web Interface.

    Repeat this step for each OneSpan Authentication Server instance you want to manage using the Administration Web Interface.

  6. If required, run the following command to enforce a specific IP address for the Administration Web Interface to use:

    java -Dcom.vasco.identikey.webapps.configfile=properties_file -jar admintool.jar server localaddress name local_address

    where:

    • properties_file is the absolute path to the target properties file, i.e. the file the Administration Web Interface uses to save its configuration.
    • name is the display name for OneSpan Authentication Server used in the previous step.
    • local_address is the IP address you want the Administration Web Interface to use when connecting to that OneSpan Authentication Server instance. This should match the IP address set in the client record created earlier.

    This ensures that the same source IP address is used each time a connection to the server is made if the Administration Web Interface has been installed on a machine with more than one IP addresses.

  7. Use the Java Key and Certificate Management Tool (keytool) to add the server certificate of the OneSpan Authentication Server instance and any client certificate required.

    Adding a server certificate is required to allow the Administration Web Interface to establish a secure connection to OneSpan Authentication Server. You can get the server certificate of a particular OneSpan Authentication Server instance from the bin folder in the OneSpan Authentication Server installation folder, i.e. /opt/vasco/ias/bin/ikey_soap_cert.pem.

    Adding a client certificate is only required if you have Client Certificate Verification enabled in OneSpan Authentication Server.

  8. To instruct the Apache Tomcat web server to read the configuration file, add the following configuration option to the Apache Tomcat startup settings:

    -Dcom.vasco.identikey.webapps.configfile=<properties_file>

    The next time the Apache Tomcat web server restarts, it will apply the Administration Web Interface settings from the configuration file.

  9. Restart the Apache Tomcat daemon.

For more information about the OneSpan Web Configuration Tool, refer to the OneSpan Authentication Server Administrator Guide.