Steps to Setup On-Premise IDP

The miniOrange identity provider (IdP) is a service that stores and verifies user identity. IdPs are typically cloud-hosted services, and they often work with single sign-on (SSO) providers to authenticate users. The purpose of this guide is to get you up and run as quickly as possible so that you can play with and test-drive various features that miniOrange has. It is a standalone application with default database and packaged tomcat and does not cover any complex deployment options. We support both Windows and Linux OS for installation.

This short tutorial walks you through starting up the server in standalone mode, setting up the initial admin account, and logging into the miniOrange admin dashboard.

System Requirements

miniOrange On-Premise server has the following system requirements. This section lists recommended versions and requirements.

Operating System (Linux preferred)	Any operating system that runs minimum Java 8
CPU Core	4 Core
RAM	16GB and above
Storage	32GB or above
JAVA Environment	jdk1.8.0_381 and above
Server Access Policies	Port 80 - HTTP Port 1812 & 1813 - Radius UDP (optional) Port 3389 - RDP (Windows Server) - For Login Port 22 - SSH (Linux Server) - For login
Database	Find the list of all supported versions here.
Server Ports	Ensure the following ports are available on the server for installing the required services: 6379 - Redis 5672 - RabbitMq

Install On-Premise Server

You can download miniOrange On-Premise server from here

Follow the steps to deploy miniOrange On-Premise server on your operating system:

Windows Installer
Linux Installer

Run the downloaded installer (exe) file.

Note:

You can verify the integrity of the installer using the SHA256 checksum. To verify the checksum, please follow the below steps:

Run the below command from command prompt in the directory where the exe file is.
CertUtil -hashfile mo-idp-server-4.9.3-installer.exe SHA256

You will be presented with a Welcome Screen simply click the Next button to proceed with the installation.

On-Premise IDP Server Windows Next Wizard

Select the checkbox I accept the agreement after reading the License Agreement carefully and then click the Next button.

On-Premise IDP Server Windows Accept Policy

Now Choose the Destination Location for the miniOrange identity provider installation. If you prefer to continue with the Default Location, simply click the Next Button.

Choose the location of your Start Menu Folder. If you wish to return to the default location, simply click the next button.

On-Premise IDP Server Windows Installer Path

You will then be greeted with the Select Additional Tasks screen, where you may choose to Install the Windows service. For windows service, Java must be installed on your computer. If it isn't already installed, it will be installed with the Windows service. These are mandatory for the product to work properly. Skip installation of the auxiliary softwares only if you have these services setup already.

On-Premise IDP Server Windows additional task

Select the configuration choices on the Select Service Configuration Options Page, then click next

You are now ready to begin installing the setup. You may review the details here and then click Install button to complete the installation, or click Back button to make any changes in the settings.

When you click the Install button, it will automatically download and extract all of the required additional files that you have selected in the previous steps.

Note:

In case of no internet connectivity. You can choose and download the offline installer from here.
Finally, Identity Provider has been installed on your computer by Setup. Make sure the Configure Identity Provider Service 'miniOrange' option is selected before clicking the Finish Button.

Now is the time to begin the service. Click the Start Button. A progress bar will appear once you click the Start Button. Simply wait for 30 seconds, and your service will be started. You can see it by visiting to https://localhost in your browser and after that you will be redirected to the Initialize page.

In case you close this module, you can easily access this again by using the <service_name>w.exe in the bin directory.

Alternatively you can also open windows services and start the miniOrange service from there manually.

Now start the miniOrange NGINX, miniOrangeRedis, and RabbitMQ services as well. Once done you should be able to see access the webpage on https://localhost:443.

1. Setup External Database

Set up miniOrange with the external database supported in the list below. This is recommended for production systems. miniOrange supports a number of databases and if you don’t have an established database of choice within your organization and do not have a strong preference for any of our supported databases, we recommend PostgreSQL, which is free and thoroughly tested against.
You can refer to the below document to see supported versions of MySQL, PostgreSQL, and MS SQL: click here.

Note:

If you already have a database setup which is not in the list below, you can contact us to add support for that database.

Create an empty database in your database server: PostgreSQL/MySQL/MS SQL/Oracle. Once done, start filling the form shown below:
If you choose MSSQL and want to enable MVCC behavior in MSSQL, run the following query: ALTER DATABASE YourDatabaseName SET ALLOW_SNAPSHOT_ISOLATION ON;

Note:

You can refer this link to know more about how miniOrange can enhance performance and data consistency by enabling Snapshot Isolation.
Enter Database Host: localhost or IP address.
Enter the Database Name created in your database server.
Enter username and password of your database server for the connection.

Once database is created successfully, you will be redirected to the admin set up page where you will configure admin account for Identity Provider.

2. Setup Admin Account

Setup your Admin Account. Enter a Username and Password for your admin account.

Once your admin account is created, you will be auto logged in to the dashboard screen.

3. Starting Accessory Services

We assume the entire suite of services will be installed on a standalone system. In case of a distributed system setup you can reach out to us and our engineers will help you to install this in a distributed, highly available manner.

Navigate to Tomcat Root folder/moas/WEB-INF/classes/db.properties.

Take a note of the URL, username and the password as we will need these values for the step below.

Navigate to Tomcat Root folder/services/config and edit the application.properties.

Update the MO_DB_DRIVER and MO_DB_DIALECT with the proper values.

	Database	Example values
Driver	Postgres	org.postgresql.Driver
	MySQL	com.mysql.cj.jdbc.Driver
	SQLServer	com.microsoft.sqlserver.jdbc.SQLServerDriver
	ORACLE	oracle.jdbc.OracleDriver
Dialect	Postgres	org.hibernate.dialect.PostgreSQLDialect
	MYSQL	org.hibernate.dialect.MYSQLDialect
	SQLServer	org.hibernate.dialect.SQLServerDialect
	ORACLE	org.hibernate.dialect.OracleDialect

Replace the Primary and Secondary property values with the db.properties values copied from the above step.

Properties	Property Values (from above step)
MO_DB_PRIMARY_URL & MO_DB_REPLICA_URL	jdbc.url
MO_DB_PRIMARY_USER & MO_DB_REPLICA_USER	jdbc.username
MO_DB_PRIMARY_PASS & MO_DB_REPLICA_PASS	jdbc.password

Save the file.
Navigate to your miniOrange Directory.
Navigate to <miniOrange Identity Provider Folder>/services/windows/
Open command prompt with admin rights on this location.
Run the command: windows-service.bat start (Wait 10-15 seconds for the services to start.)

The installation will set some of the system variables for you. We will be using system defaults for the StandAlone installation. These Include
- MO_CONFIG_PATH - This is the path where the configurations for the microservices will be saved. By default, the path is <miniOrange Directory\services\config>. This path should be considered for standalone installation.
- ROOT_LOG_LEVEL - DEBUG by default.
- MINIORANGE_LOG_LEVEL - DEBUG by default.
- MO_LOG_PATH - Path where all the log files will live. By default, the path is <miniOrange Directory\services\logs>
- MO_SERVICES_UTIL_TOKEN - (Optional) A manually set authorisation token for critical internal service communication
If you want to start/stop any service manually, you can start them in the following order:

miniOrange Eureka Service
miniOrange Config Service
miniOrange Gatekeeper Service
miniOrange Apps Service
miniOrange Auditing Service
miniOrange Provisioning Service
miniOrange Directory Service
miniOrange IDPs Service

You have setup miniOrange IDP successfully.

4. Setup Custom Branding

Modify the Server Base URL:

Log in to the miniOrange admin dashboard.
Navigate to Settings (located at the top right).
Enter the Server Base URL to your liking (for eg. https://xecuritest.com)

Click Save.

Prerequisites:

Follow this link to setup Redis for Windows.
Follow this link to setup RabbitMQ for Windows.
Installation of JDK 1.8 requires login through the oracle account. If you don't have the oracle account, Click here to directly install JDK 1.8.
If JAVA is already installed and Environment variables are set correctly on your system, then you don't need to follow this step, you can directly go to Install On-Premise Server.

Note:

Ensure Java 8 or higher is installed on your operating system.
Once the Java installation is complete, check that the JAVA_HOME environment variable has been set correctly.Open a command prompt and type echo %JAVA_HOME% and hit Enter. If you see a path to your Java installation directory, the JAVA_Home environment variable has been set correctly. If nothing is displayed, or only %JAVA_HOME% is returned, you'll need to set the JAVA_HOME environment variable manually.

Set Java environment variables i.e. JAVA_HOME and JRE_HOME and path variables. Lets say JDK software is installed on your computer, for example, at C:\Program Files\Java\jdk1.8.0_381 then JAVA_HOME and JRE_HOME paths can be as mentioned -

JAVA_HOME - C:\Program Files\Java\jdk1.8.0_381
JRE_HOME - C:\Program Files\Java\jdk1.8.0_381\jre

To Save these variables, right click My Computer and select Properties > Advanced System Settings.Click the Environment Variables button.Under System Variables, click New.In the Variable Name field, enter:

JAVA_HOME - C:\Program Files\Java\jdk1.8.0_381
JRE_HOME - C:\Program Files\Java\jdk1.8.0_381\jre

Also update the path variable set with path : path_to_JAVA_HOME/bin. You can Read more about java specific environment variables.
You can verify whether above environment variables are set correctly. Execute below commands to verify environment variables -

echo %JAVA_HOME%

echo %JRE_HOME%

Start miniOrange On-Premise IDP Server:

To start the miniOrange server, go to the mo-idp-server-<version>/bin directory of the server distribution. Execute the startup file based on your environment.

> ...\bin\startup.bat

Run Tomcat as a Service for miniOrange IDP

Make sure your environment variable like JAVA_HOME and CATALINA_HOME are set.
Navigate the to <Tomcat Root Directory>/bin.
Open a CMD in the current directory and run mo-service.bat
You will be prompted with an administrator grant screen. Click Yes.
Enter the required information and hit Enter.

The miniOrange Service should be installed successfully.

1. Setup External Database

Set up miniOrange with the external database supported in the list below. This is recommended for production systems. miniOrange supports a number of databases and if you don’t have an established database of choice within your organization and do not have a strong preference for any of our supported databases, we recommend PostgreSQL, which is free and thoroughly tested against.
You can refer to the below document to see supported versions of MySQL, PostgreSQL, and MS SQL: click here.

Note:

If you already have a database setup which is not in the list below, you can contact us to add support for that database.

Create an empty database in your database server: PostgreSQL/MySQL/MS SQL/Oracle. Once done, start filling the form shown below:
If you choose MSSQL and want to enable MVCC behavior in MSSQL, run the following query: ALTER DATABASE YourDatabaseName SET ALLOW_SNAPSHOT_ISOLATION ON;

Note:

You can refer this link to know more about how miniOrange can enhance performance and data consistency by enabling Snapshot Isolation.
Enter Database Host: localhost or IP address.
Enter the Database Name created in your database server.
Enter username and password of your database server for the connection.

Once database is created successfully, you will be redirected to the admin set up page where you will configure admin account for Identity Provider.

2. Setup Admin Account

Setup your Admin Account. Enter a Username and Password for your admin account.

Once your admin account is created, you will be auto logged in to the dashboard screen.

3. Starting Accessory Services

Navigate to Tomcat Root folder/moas/WEB-INF/classes/db.properties.

Take a note of the URL, username and the password as we will need these values for the step below.

Navigate to Tomcat Root folder/services/config and edit the application.properties.

Update the MO_DB_DRIVER and MO_DB_DIALECT with the proper values.

	Database	Example values
Driver	Postgres	org.postgresql.Driver
	MySQL	com.mysql.cj.jdbc.Driver
	SQLServer	com.microsoft.sqlserver.jdbc.SQLServerDriver
	ORACLE	oracle.jdbc.OracleDriver
Dialect	Postgres	org.hibernate.dialect.PostgreSQLDialect
	MYSQL	org.hibernate.dialect.MYSQLDialect
	SQLServer	org.hibernate.dialect.SQLServerDialect
	ORACLE	org.hibernate.dialect.OracleDialect

Replace the Primary and Secondary property values with the db.properties values copied from the above step.

Properties	Property Values (from above step)
MO_DB_PRIMARY_URL & MO_DB_REPLICA_URL	jdbc.url
MO_DB_PRIMARY_USER & MO_DB_REPLICA_USER	jdbc.username
MO_DB_PRIMARY_PASS & MO_DB_REPLICA_PASS	jdbc.password

Save the file.
Navigate to your miniOrange Directory.
Navigate to <miniOrange Identity Provider Folder>/services/windows/
Open command prompt with admin rights on this location.
Run the command: windows-service.bat start (Wait 10-15 seconds for the services to start.)

The installation will set some of the system variables for you. We will be using system defaults for the StandAlone installation. These Include
- MO_CONFIG_PATH - This is the path where the configurations for the microservices will be saved. By default, the path is <miniOrange Directory\services\config>. This path should be considered for standalone installation.
- ROOT_LOG_LEVEL - DEBUG by default.
- MINIORANGE_LOG_LEVEL - DEBUG by default.
- MO_LOG_PATH - Path where all the log files will live. By default, the path is <miniOrange Directory\services\logs>
- MO_SERVICES_UTIL_TOKEN - (Optional) A manually set authorisation token for critical internal service communication
If you want to start/stop any service manually, you can start them in the following order:

miniOrange Eureka Service
miniOrange Config Service
miniOrange Gatekeeper Service
miniOrange Apps Service
miniOrange Auditing Service
miniOrange Provisioning Service
miniOrange Directory Service
miniOrange IDPs Service

You have setup miniOrange IDP successfully.

4. Setup Custom Branding

Modify the Server Base URL:

Log in to the miniOrange admin dashboard.
Navigate to Settings (located at the top right).
Enter the Server Base URL to your liking (for eg. https://xecuritest.com)

Click Save.

1. Prerequisites and Setup

1.1. Pre-requisites

a. Database Setup:

Ensure you have a database configured with an empty schema.
Supported databases: PostgreSQL, MySQL, MSSQL.
e. g. PostgreSQL Installation Guides:
- Follow this link for Ubuntu Setup.
- Follow this link for CentOS/RedHat Setup.
Create a Database (PostgreSQL Example):
- To Enter psql, run the following command: sudo -u postgres psql
- In the prompt, enter the following command: create database <databasename>;
  (Replace 'databasename' with your desired database name)

b. Install RabbitMQ using the relevant guide:

Follow this link for Ubuntu Setup.
Follow this link for CentOS/RedHat Setup.

c. To verify the RabbitMQ installation, use the following command:

systemctl status rabbitmq-server.service

1.2. Running the Installer

To download the installer, Click here.
To add the permissions to installer script, run this command chmod +x mo-installer.sh
For running the script, run this command sudo sh mo-installer.sh

1.3. Starting the Identity Provider (IdP)

Start the IdP service sudo systemctl start mo-idp-miniorange.service
Open a web browser and navigate to: https://<IP/DNS> (e.g.: https://192.168.1.2)
(Ignore SSL warnings if prompted due to a self-signed certificate.)

1.4. Database Configuration

Enter the following details on the setup page:

Database Type	PostgreSQL/ MySQL/ MSSQL
Database Host	localhost
Database Username, Password, and Database Name	as set during installation

1.5. Admin Account Setup

Configure the admin username and password.
Click Next to create the admin account.

1.6. Use-Case Selection

Choose a predefined template that suits your requirements.
If unsure, you can skip this step.
Upon completion, the admin dashboard should be displayed.

2. Starting Accessory Services

Open the database configuration file: /opt/mo-idp-server-4.9.3/moas/WEB-INF/classes/db.properties. Copy the jdbc.url value.
Open the application properties file: /opt/mo-idp-server-4.9.3/services/config/application.properties
Enter the appropriate value of MO_DB_DRIVER based on the database you have set up.
For example, Postgres has value org.postgresql.Driver.
Enter the appropriate value of MO_DB_DIALECT based on the database you have set up.
For example, Postgres has value org.hibernate.dialect.PostgreSQLDialect.

Assign the following database connection details:

Properties	Values
MO_DB_PRIMARY_URL & MO_DB_REPLICA_URL	jdbc.url copied earlier
MO_DB_PRIMARY_USER & MO_DB_REPLICA_USER	<database_username>
MO_DB_PRIMARY_PASS & MO_DB_REPLICA_PASS	<database_password>

Restart the services by running the /opt/mo-idp-server-4.9.3/services/linux/start-services.sh file. To add permissions to the start-services script:
sudo chmod +x start-services.sh
./start-services.sh
When prompted, enter start.
To check status of services, navigate to http://<IP/DNS>:8070 and see that all services should come up.

3. FAQs & Troubleshooting

1. One or more services are not running

Restart the services using the start-services script with the restart prompt.
Check service status at: http://<IP/DNS>:8070.

2. Start or Stop any service manually

If you want to start/stop any service manually, you can start them in the following order:

miniOrange Eureka Service
miniOrange Config Service
miniOrange Gatekeeper Service
miniOrange Apps Service
miniOrange Auditing Service
miniOrange Provisioning Service
miniOrange Directory Service

How to Apply a SSL Certificate for Nginx:

Supported Certificate Formats for Nginx:
- PEM format (recommended: .crt, .cer, .pem)
- Private key must be in PEM format (.key).
- Nginx does not support certificates in DER or PFX formats directly. Use OpenSSL to convert them before using.

Generate SSL Certificate (optional if you don't have a CA-Signed Certificate)

1. Requirements

Ensure you have OpenSSL installed on your system:

Linux: sudo apt install openssl.
Windows: Download and install OpenSSL from: Win32 OpenSSL

2. Generate a Self-Signed Certificate

Run this command in your terminal (Linux) or Command Prompt (Windows): openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx-selfsigned.key -out nginx-selfsigned.crt -subj "/C=US/ST=State/L=City/O=Company/OU=Org/CN=example.com"

Command Breakdown:

Flag	Description
-x509	Generates a self-signed certificate
-nodes	No password for the private key
-days 365	Certificate valid for 1 year
-keyout	Path to save the private key
-out	Path to save the certificate
-subj	Set certificate details without prompts

-subj Format: /C=US/ST=State/L=City/O=Company/OU=Org/CN=example.com

Field	Meaning	Example
C	Country code (2 letters)	US, IN, DE
ST	State/Province	California, Karnataka
L	City	San Francisco, Bangalore
O	Organization	Acme Corp
OU	Department	IT, Engineering
CN	Domain name	example.com

Apply SSL Certificate in Nginx
1. Locate nginx.conf
- Linux: /etc/nginx/nginx.conf
- Windows: C:\nginx\conf\nginx.conf
2. Edit the Server Block
server { listen 443 ssl; server_name example.com; # Replace with your domain ssl_certificate /path/to/nginx-selfsigned.crt; ssl_certificate_key /path/to/nginx-selfsigned.key; location / { # Your application settings } }

3. Restart Nginx
- Linux:
  sudo nginx -t # Test configuration sudo systemctl restart nginx
- Windows (Admin Command Prompt):
  nginx -s reload

⚠ Note: Self-signed certificates will show a browser warning because they are not issued by a trusted Certificate Authority (CA). Use only for local development or internal testing.

For Self Signed Certificate
For Certificates from Trusted CAs

1. Generate a Keystore

Open a command prompt or terminal. And go to <Path to JAVA_HOME/bin> path and enter the command given below.
keytool -genkey -alias onpremssoidp -keyalg RSA -keystore onpremssoidp.jks
If you get a permission error (mostly on a windows machine) in this step.Then change the location in command prompt or terminal to Desktop or any other location of your choice.
Enter your convenient password and remember it.(If the password you entered didn’t work then keep the password as “changeit” ).

2. Generate SSL Certificate

After Pressing the Return key it will prompt for a password for <onpremssoidp>. Hit Return to continue.
(Note: firstname and lastname needs to be the server DNS name/hostname of the server)

SSL self-signed certificate is generated at the given location.

3. Configure Tomcat with above-generated Keystore

1. Open Tomcat Configuration:

Navigate to the conf directory within the miniOrange installation folder.
Open the server.xml file in a text editor.

2. Edit server.xml:

Locate the line <Service name=”Catalina”>.

Immediately after this line, insert the following snippet:

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="<JKS Keystore Path>" ciphers="ALL" keystorePass="<Password while keystore generation>"/>

Replace <JKS Keystore Path> with your keystore file path and <Password while keystore generation> with your keystore password.

Note: Make sure the .jks file has appropriate permissions/run command prompt as Administrator.

Using a certificate from Trusted CAs like LetsEncrypt, GoDaddy, Comodo SSL.

a) LetsEncrypt

The following steps assume that you have a valid certificate generated through Certbot. In case you do not have the certificates, you can use the Certbot commands below to generate the certificate for your domain
certbot certonly --standalone -d.example.com
Once the certificate is generated, the following folder structure will be obtained.
#:/etc/letsencrypt/live/example.com# ls cert.pem chain.pem fullchain.pem privkey.pem README
Copy over the cert.pem, chain.pem, fullchain.pem and privkey.pem in the conf directory of the IdP.

Edit the conf/server.xml and add the following connector element.

 <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                      maxThreads="150" SSLEnabled="true">
                      <SSLHostConfig>
                      <Certificate certificateFile="conf/cert.pem"
                      certificateKeyFile="conf/privkey.pem"
                      certificateChainFile="conf/chain.pem" />
                      <SSLHostConfig>
                      <Connector>

Restart the IdP. The IdP should now use the valid certificate from LetsEncrypt.

b) Go Daddy

The steps below assume that you have downloaded the valid SSL certificates from GoDaddy. The certificates need to be imported in a Java Keystore (JKS). In order to create a JKS, the keytool utility can be used.
keytool -genkey -alias onpremssoidp -keyalg RSA -keystore onpremssoidp.jks
The original certificates need to be removed from the keystore. That can be done using the below command.
keytool -delete -alias onpremssoidp -keystore onpremssoidp.jks
OpenSSL commands can be used to import the certificates downloaded from GoDaddy into the Java Keystore.
openssl pkcs12 -export -in <GoDaddyCertificate>.crt -inkey <PrivateKey>.key -out <PublicPrivateKeyPair>.p12 -name tomcat -CAfile gd_bundle-g2-g1.crt -caname root

The keystore can now be used to configure the connector in conf/server.xml.

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
                      clientAuth="false" sslProtocol="TLS" keystoreFile="<JKS Keystore Path>" ciphers="ALL"
                      keystorePass="<Password while keystore generation>"/>

Restart the IdP. The IdP should now use the valid certificate from GoDaddy.

c) Comodo SSL

Creating a New Keystore

Navigate to the directory where you plan to locate the new keystore.
Enter the following command:
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore your_site_name.jks
When prompted, create a password for your new Keystore.
Enter the required information (Note: Do not type your own name into the name field, type your FQDN).
When finished, verify your information by typing “Y” or “Yes”.
Finally, enter the password you just created in step three.

Creating a CSR on Tomcat Servers

Run the following command:
keytool -certreq -alias server -file csr.txt -keystore your_site_name.jks
Once prompted, enter the password you created in step three of the Keystore instructions
Use the information you supplied when creating the keystore. The CSR will be generated and saved in the chosen directory as “CSR.txt.”
We recommend saving and backing up the keystore file once you’ve complete generating the CSR. Once you’ve got the CSR complete, choose the SSL certificate you’d like to install on your Tomcat server and then purchase it, copy/pasting the CSR (open the .txt file) into the relevant field (usually the one labelled CSR).
Once the purchase and validation are complete, the CA will email you a bundle that includes your SSL certificate and an intermediate certificate that needs to be installed with it.

How to Install an SSL Certificate on Your Tomcat Server

Save your certificate(s) to the Keystore directory you created.
Use the following command to import the keystore:
keytool -import -alias server -file your_site_name.p7b -keystore your_site_name.jks
You should see a confirmation message that says: “Certificate reply was installed in keystore.”
Type “Y” or “Yes” to trust the certificate.
Now, finally, we just need to configure the Tomcat server to serve the website via HTTPS.

Configuring Your SSL/TLS Connector

Using a text editor, open your Tomcat server.xml file.
Locate the connector you want to secure with your new keystore.

Configure the connector to use port 443 (HTTPS), your configuration file should look something like this:

<Connector port="443" maxHttpHeaderSize="8192" maxThreads="100"
                      minSpareThreads="25" maxSpareThreads="75"
                      enableLookups="false" disableUploadTimeout="true"
                      acceptCount="100" scheme="https" secure="true"
                      SSLEnabled="true" clientAuth="false"
                      sslProtocol="TLS" keyAlias="server"
                      keystoreFile="/home/user_name/your_site_name.jks"
                      keystorePass="your_keystore_password" />

Save the changes to your server.xml file.
Restart your Tomcat server.

If the above methods don't work follow the link given below
Click here to follow the steps if you have any other CA certificates.

Migration from Zip Distribution to Installer

Navigate to your current Tomcat Installation Directory and take backup of your current moas directory present in <tomcat-root>
Take a backup of your database. In case you are using the internal integrated database, then you can take a backup of the data folder present in the <tomcat-root>. In the case of an external database, you can take a snapshot of the DB.
Take backup of <tomcat-root>/conf/server.xml file if you have added additional connectors for SSL in tomcat itself.

On-Premise IDP Server Windows Migration from Zip to Installer

Delete the current tomcat installation.
In case of it being installed as a service then make sure to uninstall the Windows Service.
Download the installer and run the downloaded installer file and install the latest On-Premise Server.

Stop the On-Premise service which was just installed.

Go to the installed directory root.

Go to path <moas-backup-root>/WEB-INF/classes/ and copy db.properties and license files.

Go to path <On-Premise-service-root>/moas/WEB-INF/classes/ and paste the db.properties and license files.

Start the On-Premise IDP Server service that you installed.

Upgrade On-Premise IDP

Windows Installer
Linux

Download the latest version of the Windows Installer from the downloadables section.
Run the installer, it will automatically detect and install the latest version.
Navigate to C:\Program Files\miniOrange Identity Provider\bin and open file: miniOrangew.exe
Click on Java tab. Inside Java options, add the following line if it is not present: -Dspring.profiles.active=redis

On-Premise IDP Server: Update on-premise IDP

Click on Ok.
Navigate to C:\Program Files\miniOrange Identity Provider\moas\WEB-INF\classes\ and open db.properties

Take a note of the URL, username and the password as we will need these values for the step below.

Navigate to C:\Program Files\miniOrange Identity Provider\services\config and edit the application.properties.

Update the MO_DB_DRIVER and MO_DB_DIALECT with the proper values. Update the Driver and Dialect database values as shown in the table below.

	Database	Example values
Driver	Postgres	org.postgresql.Driver
	MySQL	com.mysql.cj.jdbc.Driver
	SQLServer	com.microsoft.sqlserver.jdbc.SQLServerDriver
	ORACLE	oracle.jdbc.OracleDriver
Dialect	Postgres	org.hibernate.dialect.PostgreSQLDialect
	MYSQL	org.hibernate.dialect.MYSQLDialect
	SQLServer	org.hibernate.dialect.SQLServerDialect
	ORACLE	org.hibernate.dialect.OracleDialect

Replace the Primary and Secondary property values with the db.properties values copied from the above step.

Properties	Property Values (from above step)
MO_DB_PRIMARY_URL & MO_DB_REPLICA_URL	jdbc.url
MO_DB_PRIMARY_USER & MO_DB_REPLICA_USER	jdbc.username
MO_DB_PRIMARY_PASS & MO_DB_REPLICA_PASS	jdbc.password

Save the file.
Now, open Services.msc and check if the following services are present.

On-Premise IDP Server Disable IPv6 on Windows

Click here for further steps if the above services are not present:

Navigate to your downloaded package from miniOrange Directory.
Navigate to <miniOrange Identity Provider Folder>/services/windows/
Open command prompt with admin rights on this location.
Run the command: windows-service.bat start (Wait 10-15 seconds for the services to start.)

The installation will set some of the system variables for you. We will be using system defaults for the StandAlone installation. These Include
- MO_CONFIG_PATH - This is the path where the configurations for the microservices will be saved. By default, the path is <miniOrange Directory\services\config>. This path should be considered for standalone installation.
- ROOT_LOG_LEVEL - DEBUG by default.
- MINIORANGE_LOG_LEVEL - DEBUG by default.
- MO_LOG_PATH - Path where all the log files will live. By default, the path is <miniOrange Directory\services\logs>
- MO_SERVICES_UTIL_TOKEN - (Optional) A manually set authorisation token for critical internal service communication
Now, you can start all the miniOrange services by navigating to services.msc

The newer version of minOrange requires Redis and RabbitMQ to be installed on your system.
- Follow this link to setup Redis for Windows.
- Follow this link to setup RabbitMQ for Windows.
Stop the IDP Server.
Navigate to your current Tomcat Installation Directory and take backup of your current moas directory present in <tomcat-root>.

On-Premise IDP Server Windows Upgrade Zip Distribution

Take a backup of your database. In case you are using the internal integrated database,then you can take a backup of the data folder present in the <tomcat-root>. In the case of an external database, you can take a snapshot of the DB.
Now replace the moas folder in the Tomcat Root Directory with the moas folder present in the downloaded package.
Now copy over the following files from backup moas to the newly deployed moas.

\moas\WEB-INF\classes\db.properties
\moas\WEB-INF\classes\license.
\moas\images\logo.png
\moas\images\favicon.ico

Start the Tomcat Server.

Follow the below steps to start the microservices:

Navigate to Tomcat Root of older miniOrange version: /moas/WEB-INF/classes/db.properties.

Take a note of the URL, username and the password as we will need these values for the step below.

Navigate to Tomcat Root folder of downloaded package /services/config and edit the application.properties.

Update the MO_DB_DRIVER and MO_DB_DIALECT with the proper values. Update the Driver and Dialect database values as shown in the table below.

	Database	Example values
Driver	Postgres	org.postgresql.Driver
	MySQL	com.mysql.cj.jdbc.Driver
	SQLServer	com.microsoft.sqlserver.jdbc.SQLServerDriver
	ORACLE	oracle.jdbc.OracleDriver
Dialect	Postgres	org.hibernate.dialect.PostgreSQLDialect
	MYSQL	org.hibernate.dialect.MYSQLDialect
	SQLServer	org.hibernate.dialect.SQLServerDialect
	ORACLE	org.hibernate.dialect.OracleDialect

Replace the Primary and Secondary property values with the db.properties values copied from the above step.

Properties	Property Values (from above step)
MO_DB_PRIMARY_URL & MO_DB_REPLICA_URL	jdbc.url
MO_DB_PRIMARY_USER & MO_DB_REPLICA_USER	jdbc.username
MO_DB_PRIMARY_PASS & MO_DB_REPLICA_PASS	jdbc.password

Save the file.
Navigate to your downloaded package from miniOrange Directory.
Navigate to <miniOrange Identity Provider Folder>/services/windows/
Open command prompt with admin rights on this location.
Run the command: windows-service.bat start (Wait 10-15 seconds for the services to start.)

The installation will set some of the system variables for you. We will be using system defaults for the StandAlone installation. These Include
- MO_CONFIG_PATH - This is the path where the configurations for the microservices will be saved. By default, the path is <miniOrange Directory\services\config>. This path should be considered for standalone installation.
- ROOT_LOG_LEVEL - DEBUG by default.
- MINIORANGE_LOG_LEVEL - DEBUG by default.
- MO_LOG_PATH - Path where all the log files will live. By default, the path is <miniOrange Directory\services\logs>
- MO_SERVICES_UTIL_TOKEN - (Optional) A manually set authorisation token for critical internal service communication
Now, you can start all the miniOrange services by navigating to services.msc.

Prerequisites:

Login to your admin account and go to Settings>>Product Settings. Copy your Server Base URL.
Take a backup of the miniorange db in your db instance.
Take a backup of the following files in the server.

mo-idp-server-*/moas/WEB-INF/classes/db.properties
mo-idp-server-*/moas/WEB-INF/classes/license

Go to mo-idp-server-*/bin and Shut down the running tomcat instance. (you can use sh shutdown.sh)

Steps to upgrade:

Download the latest version to your linux server and unzip it.
You will find moas folder inside the uncompressed folder. Replace the mo-idp-server-3.3.*/moas with the new moas folder
Replace the backups of db.properties and license file on the same path as mentioned above.
Go to mo-idp-server-*/bin and Shut down the running tomcat instance. (you can use sh shutdown.sh)
Restart the tomcat instance using sh startup.sh
Open a browser and go to < Your-Server-Base-URL >/initialize

Uninstall On-Premise IDP

Windows Installer
Linux

Navigate to Add or remove Programs on your windows System.

Search for miniOrange in the list and click on uninstall.

On-Premise IDP Server Windows Uninstall Search

Click Yes when prompted for confirmation.

On-Premise IDP Server Windows Confirm Uninstall

Let the uninstall process be completed.

On-Premise IDP Server Windows Uninstall Progress

Click OK on the confirmation prompt.

On-Premise IDP Server Windows Windows Uninstall

If you have installed the Tomcat as a Windows Service then we need to remove that first. Navigate to <Tomcat Root>/bin directory and open a CMD in the current directory. Run the command mo-service.bat uninstall
Delete the Tomcat Directory.

Shutdown any running miniOrange tomcat process/ service.
Take any backups you might need for the database.
Go to the folder mo-idp-server-* and delete it.

Frequently Asked Questions

Error Handling for Keystore Issues

If you encounter the error:"keytool error: java.lang.Exception: Key pair not generated, alias <onpremssoidp> already exists"

This indicates that the keystore file already exists. To resolve this, follow these steps:

Delete the existing keystore file located from path <Path to JAVA_HOME/bin> file named as "onpremssoidp.jks"
Rerun the key generation command “keytool -genkey -alias onpremssoidp -keyalg RSA -keystore onpremssoidp.jks” and fill in the details.

Online Installer errors out saying that connection timed out.

Encounter the error:

On-Premise IDP Server Online Error Time Out

If you get an error similar to the above image, follow these steps.

Disable IPv6 on Windows:

Open Network and Sharing Center:
- Go to Control Panel > Network and Sharing Center.
Change Adapter Settings:
- Click on Change adapter settings on the left sidebar.
Disable IPv6:
- Right-click on your active network connection (Ethernet or Wi-Fi) and select Properties.
- Uncheck the box for Internet Protocol Version 6 (TCP/IPv6). Click OK to save the changes.

Contents

Steps to Setup On-Premise IDP

System Requirements

Install On-Premise Server

Note:

Note:

1. Setup External Database

Note:

Note:

2. Setup Admin Account

3. Starting Accessory Services

4. Setup Custom Branding

Prerequisites:

Note:

Start miniOrange On-Premise IDP Server:

Run Tomcat as a Service for miniOrange IDP

1. Setup External Database

Note:

Note:

2. Setup Admin Account

3. Starting Accessory Services

4. Setup Custom Branding

1. Prerequisites and Setup

1.1. Pre-requisites

1.2. Running the Installer

1.3. Starting the Identity Provider (IdP)

1.4. Database Configuration

1.5. Admin Account Setup

1.6. Use-Case Selection

2. Starting Accessory Services

3. FAQs & Troubleshooting

Run miniOrange IDP server over SSL

How to Apply a SSL Certificate for Nginx:

1. Requirements

2. Generate a Self-Signed Certificate

1. Generate a Keystore

2. Generate SSL Certificate

3. Configure Tomcat with above-generated Keystore

Migration from Zip Distribution to Installer

Upgrade On-Premise IDP

Prerequisites:

Steps to upgrade:

Uninstall On-Premise IDP

Frequently Asked Questions

Further References

Want To Schedule A Demo?

Our Other Identity & Access Management Products

Single Sign-On

Multi-factor Authentication

Adaptive Authentication

Lifecycle Management