Overview

Item	Description
Purpose	Provide configuration settings for TDS components
Communicates With	OpenAM Permissions ART Proctor Teacher Hand-Scoring System TestSpecBank
Repository Location	https://github.com/SmarterApp/SS_ProgramManagement
Additional Documentation	Program Management User Guide ProgMan Technical Design API Documentation Design Diagrams Sequence Diagrams

Instructions

Create AWS MongoDB Instance

Create server instance to host the MongoDB instance that will support the component being deployed
- Select an image with the Ubuntu 14.04 LTS 64-bit operating system
Create or choose an AWS security group with the following ports for inbount TCP traffic (can be done during instance creation):
- 22
- 27017 - 27019
- 28017 - 28018
Remove apparmor:
- sudo /etc/init.d/apparmor stop
- sudo update-rc.d -f apparmor remove
- sudo apt-get --purge remove -y apparmor apparmor-utils libapparmor-perl libapparmor1
Update package manager:
- sudo apt-get update
- sudo apt-get upgrade -y
Install packages to satisfy dependencies:
- sudo apt-get install -y ntp
Install MongoDB 2.4.9:
- sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
- echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | sudo tee /etc/apt/sources.list.d/mongodb.list
- sudo apt-get update
- sudo apt-get install mongodb-10gen=2.4.9
Pin the version of MongoDB so apt-get will not upgrade it:
- echo "mongodb-10gen hold" | sudo dpkg --set-selections
Configure MongoDB by copying the following into /etc/mongodb.conf:
IMPORTANT: The config file below has noauth=true set. This is a temporary configuration to allow for adding MongoDB user accounts. This setting will be changed later in the checklist.

# mongodb.conf

# Where to store the data.
dbpath=/var/lib/mongodb

#where to log
logpath=/var/log/mongodb/mongodb.log

logappend=true

#bind_ip = 127.0.0.1
bind_ip = 0.0.0.0
port = 27017

# Enable journaling, http://www.mongodb.org/display/DOCS/Journaling
journal=true

# Enables periodic logging of CPU utilization and I/O wait
#cpu = true

# Turn on/off security.  Off is currently the default
noauth = true
#auth = true

# Verbose logging output.
#verbose = true

# Inspect all client data for validity on receipt (useful for
# developing drivers)
#objcheck = true

# Enable db quota management
#quota = true

# Set oplogging level where n is
#   0=off (default)
#   1=W
#   2=R
#   3=both
#   7=W+some reads
#oplog = 0

# Diagnostic/debugging option
#nocursors = true

# Ignore query hints
#nohints = true

# Disable the HTTP interface (Defaults to localhost:27018).
#nohttpinterface = true

# Turns off server-side scripting.  This will result in greatly limited
# functionality
#noscripting = true

# Turns off table scans.  Any query that would do a table scan fails.
#notablescan = true

# Disable data file preallocation.
#noprealloc = true

# Specify .ns file size for new databases.
# nssize = <size>

# Accout token for Mongo monitoring server.
#mms-token = <token>

# Server name for Mongo monitoring server.
#mms-name = <server-name>

# Ping interval for Mongo monitoring server.
#mms-interval = <seconds>

# Replication Options

# in replicated mongo databases, specify here whether this is a slave or master
#slave = true
#source = master.example.com
# Slave only: specify a single database to replicate
#only = master.example.com
# or
#master = true
#source = slave.example.com

# Address of a server to pair with.
#pairwith = <server:port>
# Address of arbiter server.
#arbiter = <server:port>
# Automatically resync if slave data is stale
#autoresync
# Custom size for replication operation log.
#oplogSize = <MB>
# Size limit for in-memory storage of op ids.
#opIdMem = <bytes>

Restart MongoDB:
- sudo service mongodb restart
Add an administrative-level user to MongoDB:

$ mongo admin
db.addUser({
    user:"mongo_admin",
    pwd:"[choose a suitable password]",
    roles:["dbAdminAnyDatabase","userAdminAnyDatabase","clusterAdmin","readWrite"]
});

Update /etc/mongodb.conf to enable authentication:
- Comment out the noauth = true line
- Uncomment the auth = true line
Example:

# Turn on/off security.  Off is currently the default
#noauth = true
auth = true

Restart MongoDB:
- sudo service mongodb restart
Connect to MongoDB in the admin database:
- mongo admin -u mongo_admin -p [password for the mongo_admin user] --authenticationDatabase admin
Add a user for the component:

use [name of database];
db.addUser({
    user:"[name of user]",
    pwd:"[password for user]",
    roles:["readWrite"]
});

Example:

use progman;
db.addUser({
    user:"progman",
    pwd:"[redacted]",
    roles:["readWrite"]
});

Verify User Can Authenticate to MongoDB

On the AWS instance hosting MongoDB, run the following commands:
- mongo admin -u mongo_admin -p '[The password for the mongo_admin user]' --authenticationDatabase admin
- mongo [component database name] -u [Component user] -p '[The password for the component user]'
If successful, the prompt should appear as follows:

MongoDB shell version: 2.4.9
connecting to: admin
>

Create AWS Web Application Instance

Create server instance to host the Program Management (ProgMan) component
- Select an image with the Ubuntu 14.04 LTS 64-bit operating system
Create or choose an AWS security group with the following ports for inbound TCP traffic (can be done during instance creation):
- 22
- 80
- 443
- 1043
- 8080
- 8084
- 8443

ProgMan Setup

Update package manager:
- sudo apt-get update
- sudo apt-get upgrade -y
Install packages to satisfy dependencies:
- sudo apt-get install -y ntp mercurial openjdk-7-jdk

Set Up Tomcat Server

Remove apparmor:
- sudo /etc/init.d/apparmor stop
- sudo update-rc.d -f apparmor remove
- sudo apt-get --purge remove -y apparmor apparmor-utils libapparmor-perl libapparmor1
Install Tomcat Server (if not installed already):
- sudo apt-get install -y tomcat7
Stop the Tomcat service:
- sudo service tomcat7 stop
Remove the ROOT directory:
- sudo rm -rf /var/lib/tomcat7/webapps/ROOT
Update the server.xml to allow for large HTTP Headers:
- Edit the /etc/tomcat7/server.xml file
- Find the <Connector> element
- Add the following attribute and value to the <Connector> element:
  - maxHttpHeaderSize="65536"
- Example of an updated <Connector> element:


     <Connector port="8080" protocol="HTTP/1.1"
          connectionTimeout="20000"
          URIEncoding="UTF-8"
          redirectPort="8443"
          maxHttpHeaderSize="65536" />

Set Up a Keystore

Create resources directory and child directories:
- sudo mkdir -p /var/lib/tomcat7/resources/{progman,security}
- sudo chown -R tomcat7:tomcat7 /var/lib/tomcat7/resources/
Create the wildcard SSL cert public key (*.sbtds.org):
- sudo vi /var/lib/tomcat7/resources/security/sbtds_org.cer
Copy the certificate contents (including the BEGIN CERTIFICATE and END CERTIFICATE lines) into /var/lib/tomcat7/resources/security/sbtds_org.cer
- Example:

-----BEGIN CERTIFICATE-----
// This is where the certificate content is
-----END CERTIFICATE-----

Create the keystore (NOTE: the keystore file must be named samlKeystore.jks):
- cd /var/lib/tomcat7
- sudo keytool -importcert -alias [<A meaningful alias] -keystore ./resources/security/samlKeystore.jks -file ./resources/security/[name of certificate file]
  - Example: sudo keytool -importcert -alias sbtdsorg -keystore ./resources/security/samlKeystore.jks -file ./resources/security/sbtds_org.cer
  - provide password
  - Type yes when prompted to trust the certificate
Generate the private key:
- sudo keytool -genkey -alias [choose a meaningful alias] -keyalg RSA -keystore [path/to/keystore] -keysize 2048
  - Example: sudo keytool -genkey -alias proctor-saml-sp -keyalg RSA -keystore ./resources/security/samlKeystore.jks -keysize 2048
- Provide the password to the keystore created previously.
- Answer the prompts. Example of the command and prompts shown below:

sudo keytool -genkey -alias progman-saml-sp -keyalg RSA -keystore ./resources/security/samlKeystore.jks  -keysize 2048
Enter keystore password:
What is your first and last name?
  [Unknown]:  ProgMan Component
What is the name of your organizational unit?
  [Unknown]:  sbac
What is the name of your organization?
  [Unknown]:  SBAC
What is the name of your City or Locality?
  [Unknown]:  San Diego
What is the name of your State or Province?
  [Unknown]:  California
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=ProgMan Component, OU=sbac, O=SBAC, L=San Diego, ST=California, C=US correct?
  [no]:  yes

Verify Keystore Contents

To view the keystore contnets, use the following command:
- sudo keytool -list -keystore [path/to/samlKeystore.jks]
  - Example: sudo keytool -list -keystore /var/lib/tomcat7/resources/security/samlKeystore.jks
- Output will be similar to the following (after providing the correct password):

Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

sbtdsorg, Apr 6, 2016, trustedCertEntry,
Certificate fingerprint (SHA1): D6:06:FA:33:AB:E4:27:26:D5:E1:B2:AB:1E:1D:FF:1E:7E:C0:21:4F
progman-saml-sp, Apr 6, 2016, PrivateKeyEntry,
Certificate fingerprint (SHA1): 8D:3A:66:1D:0C:7B:0A:40:96:B7:A6:8F:13:27:AB:E8:05:7D:8D:3A

Additional Notes

Common keystore commands can be found here

Deploy ProgMan Components

Configure Tomcat

Stop the Tomcat service:
- sudo service tomcat7 stop
Edit the /etc/default/tomcat7 file, updating the JAVA_OPTS value to what’s shown below:

JAVA_OPTS="-Djava.awt.headless=true\
 -XX:+UseConcMarkSweepGC\
 -Xms[initial amount of memory that can be allocated to the JVM heap]\
 -Xmx[maximum amount of memory that can be allocated to the JVM heap]\
 -XX:PermSize=[initial amount of memory that can be used for PermGen]\
 -XX:MaxPermSize=[maximum amount of memory that can be used for PermGen]\
 -DSB11_CONFIG_DIR=$CATALINA_BASE/resources\
 -Dspring.profiles.active=progman.client.impl.integration,mna.client.null,server.singleinstance"

NOTE: If the component being set up will be load-balanced, then change the server.singleinstance (for the spring.profiles.active option) to server.loadbalanced.
Example:

JAVA_OPTS="-Djava.awt.headless=true\
 -XX:+UseConcMarkSweepGC\
 -Xms512m\
 -Xmx2048m\
 -XX:PermSize=512m\
 -XX:MaxPermSize=1512m\
 -DSB11_CONFIG_DIR=$CATALINA_BASE/resources\
 -Dspring.profiles.active=mna.client.null,server.singleinstance,progman.client.impl.null,special.role.required"

Create a directory for the ProgMan log files:
- sudo mkdir -p /usr/share/tomcat7/logs/{prog-mgmnt.webapp,prog-mgmnt.rest}
- sudo chown -R tomcat7:tomcat7 /usr/share/tomcat7/logs/
OPTIONAL: Create links in the Tomcat log directory to the REST and Web Application log files:
- sudo ln -s /usr/share/tomcat7/logs/prog-mgmnt.webapp/prog-mgmnt.webapp.log /var/lib/tomcat7/logs/webapp.log
- sudo ln -s /usr/share/tomcat7/logs/prog-mgmnt.rest/prog-mgmnt.rest.log /var/lib/tomcat7/logs/rest.log

Download REST Component War File

Download the latest .war file for the ProgMan REST Component into the Tomcat server’s webapps directory:
- sudo wget https://github.com/SmarterApp/SS_ProgramManagement/releases/download/R01.00.38/prog-mgmnt.rest-R01.00.38.war -O /var/lib/tomcat7/webapps/rest.war
Create a rest-endpoints.properties file in /var/lib/tomcat7/resources/progman
Copy the following into /var/lib/tomcat7/resources/progman/rest-endpoints.properties:

#base URLs for REST endpoints, replace with URLs that work for the server this is being run on
pm.rest.service.endpoint=http://[FQDN or IP Address of ProgMan REST component, defeault port is 8080]/rest
pm.rest.context.root=/rest/
pm.minJs=false

An example of a configured rest-endpoints.properties:

#base URLs for REST endpoints, replace with URLs that work for the server this is being run on
pm.rest.service.endpoint=http://52.32.255.241:8080/rest
pm.rest.context.root=/rest/
pm.minJs=false

Download ProgMan Web Application Component

Download the latest .war file for the ProgMan Web Application Component into the Tomcat server’s webapps directory:
- sudo wget https://github.com/SmarterApp/SS_ProgramManagement/releases/download/R01.00.38/prog-mgmnt.webapp-R01.00.38.war -O /var/lib/tomcat7/webapps/ROOT.war
Create a progman-bootstrap.properties file in /var/lib/tomcat7/resources/progman
Copy the following into /var/lib/tomcat7/resources/progman/progman-bootstrap.properties:

#mna.properties
progman.mna.description="The Program Management Component ([environment name])"
#mna.mnaUrl=https://your.mna.server/rest
#mna.logger.level=INFO
#mna.oauth.batch.account=mna-client-email-address
#mna.oauth.batch.password=mna-client-password
#mongo.properties
#placeholder for mongo settings - note: do not check in real credentials
pm.mongo.hostname=[FQDN or IP address of MongoDB server]
pm.mongo.port=[port that MongoDB listens on, default is 27017]
pm.mongo.user=[mongo user name, mongo_admin if following this checklist]
pm.mongo.password=[password for mongo_admin user account]
pm.mongo.dbname=[Name of database created for ProgMan in MongoDB]
#pbe.properties
pm.pbe.pass=password123
#pm.pbe.pass=secret-salt
#rest-endpoints.properties
#base URLs for REST endpoints, replace with URLs that work for the server this is being run on
pm.rest.service.endpoint=http://[FQDN or IP address of AWS instance hosting ProgMan REST component, default port is 8080]/rest
pm.minJs=false
pm.rest.context.root=/rest/
###########################
# pm-security.properties
###########################
#security props
pm.security.saml.keystore.user=[alias of private key stored in samlKeystore.jks]
pm.security.saml.keystore.pass=[password for samlKeystore.jks]
pm.security.dir=file:///[path to samlKeystore.jks, use /var/lib/tomcat7/resources/security if following this checklist]
pm.rest.saml.metadata.filename=[name of SAML metadata file for REST component]
pm.webapp.saml.metadata.filename=[name of SAML metadata file for web application component]
component.name=ProgramManagement
pm.oauth.checktoken.endpoint=https://[load balancer for OpenAM]/auth/oauth2/tokeninfo?realm=/sbac
pm.security.idp=https://[load balancer for OpenAM]/auth/saml2/jsp/exportmetadata.jsp?realm=/sbac
permission.uri=http://[FQDN or IP address of Permissions application. NOTE:  the Permissions program has not been installed yet.  This can be configured after Permissions has been deployed; ProgMan should still start up]/rest

logfile.path=/var/log/tomcat7/

An example of a configured progman-bootstrap.properties:

#mna.properties
progman.mna.description="The Program Management Component (Development)"
#mna.mnaUrl=https://your.mna.server/rest
#mna.logger.level=INFO
#mna.oauth.batch.account=mna-client-email-address
#mna.oauth.batch.password=mna-client-password
#mongo.properties
#placeholder for mongo settings - note: do not check in real credentials
pm.mongo.hostname=52.32.123.173
pm.mongo.port=27017
pm.mongo.user=mongo_admin
pm.mongo.password=[redacted]
pm.mongo.dbname=progman
#pbe.properties
pm.pbe.pass=[redacted]
#pm.pbe.pass=secret-salt
#rest-endpoints.properties
#base URLs for REST endpoints, replace with URLs that work for the server this is being run on
pm.rest.service.endpoint=http://52.34.140.123:8080/rest
pm.minJs=false
pm.rest.context.root=/rest/
###########################
# pm-security.properties
###########################
#security props
pm.security.saml.keystore.user=progman-saml-sp
pm.security.saml.keystore.pass=[redacted]
pm.security.dir=file:////var/lib/tomcat7/resources/security
pm.rest.saml.metadata.filename=rest_metadata.xml
pm.webapp.saml.metadata.filename=web_metadata.xml
component.name=ProgramManagement
pm.oauth.checktoken.endpoint=https://sso-dev.sbtds.org/auth/oauth2/tokeninfo?realm=/sbac
pm.security.idp=https://sso-dev.sbtds.org/auth/saml2/jsp/exportmetadata.jsp?realm=/sbac
permission.uri=http://52.32.19.35:8080/rest

logfile.path=/var/log/tomcat7/

IMPORTANT: Conduct the SAML Setup and Configuration for the REST component and Web Application Component. After completing the SAML Setup and Configuration steps, there should be two metadata files:

A SAML XML metadata file for the REST component, located where-ever the file name/path is configured for pm.security.dir and pm.rest.saml.metadata.filename (e.g. /var/lib/tomcat7/resources/security/rest_metadata.xml)
A SAML XML metadata file for the web application component located where-ever the file name/path is configured for pm.security.dir and pm.webapp.saml.metadata.filename (e.g. /var/lib/tomcat7/resources/security/web_metadata.xml)

SAML (Security Assertion Markup Language) Setup and Configuration

Configure Automatic Metadata Generation

Create SAML Metadata File For the Component

Use the following command to generate a SAML metadata file for use with the automatic generation process:
- sudo wget https://[FQDN or IP address of OpenAM server]/auth/saml2/jsp/exportmetadata.jsp?realm=/sbac -O /var/lib/tomcat7/resources/security/[Name of the saml.metadata.filename as configured in ProgMan]
  - Example: sudo wget https://sso-dev.sbtds.org/auth/saml2/jsp/exportmetadata.jsp?realm=/sbac -O /var/lib/tomcat7/resources/security/saml_metadata.xml
  - NOTE: When configuring ProgMan (and only ProgMan), the file name will be in the /var/lib/tomcat7/resources/progman/progman-bootstrap.properties file.
- Change ownership of the SAML metadata file(s) to tomcat7:
  - sudo chown tomcat7:tomcat7 /var/lib/tomcat7/resources/security/*.xml

Update the securityContext.xml File for Automatic Metadata Generation

Open securityContext.xml file in an editor for the deployed component
- NOTE: The securityContext.xml file can be found in [Tomcat web application directory]/[component]/WEB-INF/classes/security
  - Example: /var/lib/tomcat7/webapps/ROOT/WEB-INF/classes/security/securityContext.xml
- NOTE: When editing the securityContext.xml file, elevated privileges (i.e. sudo) may by required
Add the following line within a <security:http> element:
- <security:custom-filter before="FIRST" ref="metadataGeneratorFilter" />
- NOTE: Typically a <security:http> element can be found around line 31 of the securityContext.xml file
- Example:

<security:http entry-point-ref="delegatingAuthenticationEntryPoint" use-expressions="true">
    <security:custom-filter before="FIRST" ref="metadataGeneratorFilter" />
    <security:custom-filter ref="oauth2ProviderFilter" before="PRE_AUTH_FILTER" />
    <security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>
    <security:intercept-url pattern="/**" access="isFullyAuthenticated()"/>
</security:http>

Add configuration for the SAML metadata generator to securityContext.xml:
- Add the following <bean> definitions to securityContext.xml, immediately after the closing </security:http> tag:

<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
    <constructor-arg ref="metadataGenerator"/>
</bean>

<bean id="metadataGenerator" class="org.springframework.security.saml.metadata.MetadataGenerator">
    <property name="bindingsSSO">
        <list>
            <value>redirect</value>
            <value>artifact</value>
        </list>
    </property>
    <property name="entityId" value="[name of component]"/>
</bean>

NOTE: The component name should not have spaces.

Example of a metadataGenerator configured with an entityId of progman_rest:

<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
    <constructor-arg ref="metadataGenerator"/>
</bean>

<bean id="metadataGenerator" class="org.springframework.security.saml.metadata.MetadataGenerator">
    <property name="bindingsSSO">
        <list>
            <value>redirect</value>
            <value>artifact</value>
        </list>
    </property>
    <property name="entityId" value="progman_rest"/>
</bean>

Restart Tomcat:
- sudo service tomcat7 restart

Verify SAML Metadata Setup

Visit the /saml/metadata endpoint for the deployed component:
- Example: http://54.213.81.243:8080/rest/saml/metadata
The output should appear as XML containing:
- The X509 Certificate data
- URLs containing the domain name of the server hosting the component as the value of a Location attribute
  - Examples:
    - <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://54.213.81.243:8080/rest/saml/SingleLogout"/>
    - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="http://54.213.81.243:8080/rest/saml/SSO" index="0" isDefault="true"/>

SAML Pre-Configured Metadata Configuration

Use wget to save the output of /saml/metadata endpoint to /var/lib/tomcat7/resources/security/[Name of the saml.metadata.filename as configured in ProgMan]
- Example: save the sudo wget http://54.213.81.243:8080/saml/metadata -O /var/lib/tomcat7/resources/security/saml_metadata.xml
Disable (by removing or commenting out) the <security:custom-filter before="FIRST" ref="metadataGeneratorFilter" /> from the securityContext.xml file to disable the autoamtic generation of SAML metadata
- The automatic generation of SAML metadata is only needed once to generate the metadata file. After the metadata file is generated, there is no further need for automatically generating SAML metadata.
OPTIONAL: Remove the metadataGeneratorFilter and metadataGenerator bean definitions from the securityContext.xml
Set permissions on the metadata XML file(s) so that only the tomcat7 user can read it/them:
- sudo chmod 0400 /var/lib/tomcat/resources/security/*.xml

Verify SAML Metadata Setup

Visit the /saml/metadata endpoint for the deployed component:
- Example: http://54.213.81.243:8080/rest/saml/metadata
The output should appear as XML containing:
- The X509 Certificate data
- URLs containing the domain name of the server hosting the component as the value of a Location attribute
  - Examples:
    - <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://54.213.81.243:8080/rest/saml/SingleLogout"/>
    - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="http://54.213.81.243:8080/rest/saml/SSO" index="0" isDefault="true"/>

Additional Notes

Spring SAML Metadata Configuration

Update ProgMan Bootstrap Properties

Update the following lines of the progman-bootstrap.properties to use the correct SAML metadata files:
- pm.rest.saml.metadata.filename=[name of the SAML metadata file for the REST component]
- pm.webappt.saml.metadata.filename=[name of the SAML metadata file for the web application component]

SAML Service Provider Registration

Launch OpenAM
Log in with appropriate credentials
Click on Register Remote Service Provider
On the Create a SAMLv2 Remote Service Provider page:
- Select the /sbac realm
- Verify the URL option button is checked/selected
- Enter the /saml/metadata endpoint for the desired component in the URL field
  - Example: enter http://54.213.81.243:8080/saml/metadata in the URL field
- Under the Circle of Trust
  - Verify the Add to existing option button is checked/selected
  - Verify sbac is the selected value for the Existing Circle of Trust dropdown list
- Click the Configure button (upper righthand corner, across from the Create a SAMLv2 Remote Service Provider header)

Verify the Service Provider is Configured

Click on the Federation tab
Observe the following:
- The Circle of Trust table contains a record that represents the component that was added
- The Entity Providers table conains a record with a Name equal to the entityId set in the component’s SAML metadata file

Load Seed Data into ProgMan

IMPORTANT: MongoDB must be installed on whatever computer runs the script to load the ProgMan seed data.

Unless already done, clone the TDS_Build repository from GitHub:
- git clone https://github.com/SmarterApp/TDS_Build.git
Navigate to the directory where the seed data script is located:
- cd [Path to where the TDS_Build repository was cloned]/database/mongodb/progman
- Example:
  - cd ~/dev/ucla/sbac/sbrepo/TDS_Build/database/mongodb/progman
Edit the load-seed-data.sh script to configure the following:
- HOST=[The FQDN or IP address of the MongoDB server hosting the ProgMan database]
- PORT=[The port on which MongoDB is listening]
- USER=[The user account with “readWrite” privileges in the ProgMan database]
- PW=[The password for the user account]
- DB=[The name of the database containing ProgMan’s data]
Example:

HOST=54.201.173.209     # The FQDN or IP address of the MongoDB server hosting the ProgMan database
PORT=27017              # The port on which MongoDB is listening
USER=admin              # The user account with "readWrite" privileges in the ProgMan database
PW=[redacted]          # The password for the user account
DB=progman              # The name of the database containing ProgMan's data

Execute the load-seed-data.sh script:
- ./load-seed-data.sh

Verification

Log into ProgMan with the Prime User account created during the OpenDJ Verification process
- NOTE: If this is the first time using the Prime User account, you may be prompted to change the password and set up the security questions
Verify the home page of ProgMan appears
Click on the Manage Components link in navigation menu on the left rail
Verify records are displayed

back to Deployment Checklists