Deploy and configure OneSpan User Websites manually (Optional)
OneSpan User Websites is usually installed from the OneSpan User Websites Setup, which also includes an embedded Apache Tomcat web server and an embedded Java Runtime Environment. If you want to run OneSpan User Websites on an existing web server, you need to deploy the respective web applications manually.
When you deploy and configure OneSpan User Websites manually, you should use the OneSpan Web Configuration Tool Java executable (admintool.jar) to configure the OneSpan Authentication Server instances only, and use the Java Key and Certificate Management Tool (keytool) to configure the respective certificates.
Deploy and configure OneSpan User Websites to Apache Tomcat manually
To deploy OneSpan User Websites to Apache Tomcat manually
-
Copy the OneSpan Web Configuration Tool from the product CD to a folder on the web server and omit the version number:
cd_drive\OneSpan User Websites\Software\webapps\admintool_3.25.0.jar
-
Copy the respective web applications from the product CD to the Apache Tomcat web application folder and omit the version number:
cd_drive\OneSpan User Websites\Software\webapps\selfmgmt_3.25.0.war
cd_drive\OneSpan User Websites\Software\webapps\votp_3.25.0.war
- If you are using Linux, open a terminal. If you are using Windows, open a Command Prompt window.
- Change to the folder to which you copied the OneSpan Web Configuration Tool.
-
Run the following command:
java -Dcom.vasco.identikey.webapps.configfile=properties_file -jar admintool.jar type website server add nameurl
where:
- properties_file is the absolute path to the target properties file, i.e. the file that is used by OneSpan User Websites to save the configuration.
- website is the website to configure, i.e. selfmgmt for User Self-Management Website and votp for Virtual Mobile Authenticator OTP Request Website. If you deploy both websites, you need to run the command twice with different parameters for type.
- name is the parameter to set an instance of OneSpan Authentication Server as primary or backup server. Possible values are primary or backup.
- url is the IP address including the SOAP port of the OneSpan Authentication Server instance in URL format, e.g. https://10.2.2.15:8888.
A new server record is created for the OneSpan Authentication Server instance in the OneSpan User Websites configuration file.
Repeat this step for each OneSpan Authentication Server instance to which you want to connect OneSpan User Websites.
-
Use the Java Key and Certificate Management Tool (keytool) to add the server certificate of the OneSpan Authentication Server instance.
keytool -import -trustcacerts -file certificate_file -alias iassoap -keystore cacerts
where:
- certificate_file is the absolute path to the server certificate file.
- cacerts is the system-wide truststore, usually located in
JAVA_HOME/jre/lib/security/cacerts.
Adding a server certificate is required to allow OneSpan User Websites to establish a secure connection to OneSpan Authentication Server. The server certificate of a particular OneSpan Authentication Server instance is located the bin folder in the OneSpan Authentication Server installation folder on Windows (install_dir\bin\ikey_soap_serverca.pem), or in the configuration folder /etc/vasco/ias/ikey_soap.serverca.pem on Linux.
-
To instruct the Apache Tomcat web server to read the configuration file, add the following configuration option to the Apache Tomcat startup settings:
-Dcom.vasco.identikey.webapps.configfile=properties_file
The next time the Apache Tomcat web server restarts it will apply the Administration Web Interface settings from the configuration file.
- On Linux, restart the Apache Tomcat daemon. On Windows, restart the Apache Tomcat service.
For more information about the OneSpan Web Configuration Tool, refer to the OneSpan Authentication Server Administrator Reference.