FAQ
FAQ by Product
Most Popular
Load More
Latest
$MUSE_HOME/tomcat/docs/Apache Tomcat embedded within Muse.pdf manual, chapter “3.2.1.1 Secured Connections” you can find all details about securing the access to the Muse Embedded Tomcat server using SSL certificates.
Basically you need to generate a keystore from the private key and certificate, and enable it into the Tomcat’s configuration file: $MUSE_HOME/tomcat/conf/server.xml by uncommenting or adding if not already existing the connector:
- File menu –> New KeyStore File name: keystore New KeyStore Type: jks Click on Save.
- KeyStore menu –> Import Key Pair
– select PKCS #8
– uncheck Private Key Encrypted
– Private Key File: browse to your (.KEY) private key file
– Certificate(s) File: browse to your (.CRT) certificates file
– then OK
– Alias should remain as suggested –> then OK
– enter pass “changeit” without quotes (as it is default into the
${MUSE_HOME}/tomcat/conf/server.xmlfile) –> then OK - File menu –> Save
- KeyStore menu –> Change Keystore Password
– enter pass “changeit” without quotes (as it is configured into the
${MUSE_HOME}/tomcat/conf/server.xmlfile) –> then OK - File –> Save
- Rename the resulted file from “keystore.jks” to “keystore” and place it into the
${MUSE_HOME}/tomcat/conf/directory.
Below are the steps to enable and configure the “IP on campus/personal account off campus” authentication workflow for a MuseKnowledge Application. Note that they apply for versions starting with 7.6.
1) Configure the login modules.
Edit the ${ICE_HOME}/jaas.config file, locate the application entry for which to make the settings
(refered below ad AppID). It should look like below:
AppID {
com.edulib.ice.security.authentication.ICELoginModuleXML required passwords="${ICE_HOME}/profiles/passwords.xml";
};
The entry must be modified to look like below:
AppID {
com.edulib.ice.security.authentication.ICELoginModuleXML required passwords="${ICE_HOME}/profiles/passwords.xml" justUser="true";
com.edulib.ice.security.authentication.ICELoginModuleIP sufficient hosts="${ICE_HOME}/profiles/hosts.xml";
com.edulib.ice.security.authentication.ICELoginModulePPMS required xmldbLocation="xmldb:exist:http://admin:@localhost:8000/xmldb/exist/xmlrpc";
};
(the 8000 port must be adjusted accordingly as per the Tomcat’s installation port)
2) Add the allowed IP(s) for the IP authentication
Login into the MCAA console, select the application from the list (AppID) and click on the “Login Modules” left menu. In the login modules listing click the “Edit” link corresponding to the ICELoginModuleXML module. In the new panel click the “Insert” link and start adding the IP(s). Consult the available help details to see the accepted format entries.
3) Make the end-user interface changes
Login into the MCAA console, select the application from the list (AppID) and click on the “Application General Settings->Interface Options” left menu link. In the Branding tab, “Login Page” section, press the “Load remap U/P Form”, then click the Update button from the bottom of the page.
4) Enable the “My Account” functionality
Login into the MCAA console, select the application from the list (AppID) and click on the “Application General Settings->Interface Options” left menu link. In the Functionality tab, locate the My Account” section and enable the “Enable Account:”, “Enable Saved Searches” and “Enable WorkRoom” features.
From this moment the “IP on campus/personal account off campus” authentication workflow should work, the access URL to use is:
http://hostname:port/muse/logon/AppID/autologin.html
This is explained in the “Adding a new slave machine to the environment” chapter from the “Muse Advanced Configuration.pdf” manual.
In a shared Muse environment all files are shared, including the $ICE_HOME/serial.properties file containing licensing information and necessary for the ICE to start.
When adding new servers to a Muse cluster one cannot just run the Registration process to register the new machine because of the following reason: Muse was not installed on the new machine using the Muse setup kit, hence the InstallShield files necessary for running the Registration do not exist.
In the shared Muse environment the Muse files are loaded/mounted from the master machine.
Below are the steps to be performed when a new slave machine is added into the Muse environment after the initial setup an it needs to be registered:
1. An “Extension Request” procedure for the Serial Number is performed to add all IPv4 and IPv6
IPs of the new machine to the Serial Number in use. In case the Serial Number already contains the IPs of the new machine then there is no need to run the “Extension Request” and the Muse servers can be started on the new machine (step 4).
2. After the extension request is processed by MuseGlobal, the Muse Registration Setup must be run on the master machine.
3 A synchronization of the slave machines with the master must be performed in order for the new serial.properties file to get on the new machine.
4 The Muse servers can now be started on the new machine.
The hosts.xml files are used to allow/deny access to different products from some IPs or classes of IPs. The client’s IP is tested against the rules in the hosts.xml file and the first one that matches is applied – all the following rules are ignored.
When getting the hostname related to a given IP the Java mechanism has a spoof protection that, sometimes, will not give optimal results.
The following situation will not give the expected results:
1. Java asks the DNS server for the hostname related to an IP address (reverse DNS)
2. When the DNS server replies with the hostname, Java asks the same DNS server for the IP address of that particular hostname
3. If the initial IP address and the one returned as the result of request #2 above do not match, then Java returns the initial IP address.
This process may interfere with the way we compare the client IP address against the ones stored in the hosts.xml file. Due to the above Java protection, some IP addresses will not match against a given domain even if their reverse DNS name belongs to that particular domain.
When unistall Muse Proxy 3101 or Muse 2700 (and any interanl 2601,2602, 2603) on a common installation of both of them on some machines the following error is obtained:
Errors occurred during the uninstallation.
com.installshield.product.service.registry.LoggedSoftwareObject cannot be cast to com.installshield.product.ProductBean
This seems to be related to having components with the same UIDs (using two or more Assemblies (in a dynamic installer) where some features and components had the same key (UUID)).
The workaround to solve this problem is:
1) Go to the folder
C:\Program Files\Common Files\InstallShield\Universal\common\Gen1
2) Delete the entire folder named “_vpddb”
3) Restart the uninstallation.
See: [http://cdac.in/index.aspx?id=hi_hs_HL7Tutorial#Uninstallation instructions for SDK for HL7 Java Edition(Windows/Linux/Mac)]