Before distributing the Tomcat installation to the CAS servers, it should be tested on the master build server (casdev-master) to ensure that everything is working properly.

Modify the ROOT web application to identify the server and client

Before starting the testing, edit the file /opt/tomcat/latest/webapps/ROOT/index.jsp and find the “congrats” section (around line 51):

<div id="congrats" class="curved container">
    <h2>If you're seeing this, you've successfully installed Tomcat. Congratulations!</h2>
</div>

Insert the text shown below to display the host name, IP address, and port number of the Tomcat server:

<div id="congrats" class="curved container">
    <h2>If you're seeing this, you've successfully installed Tomcat. Congratulations!</h2>
    <p>Server:
       <%= request.getLocalName() %> /
       <%= request.getLocalAddr() %> /
       <%= request.getLocalPort() %></p>
    <p>Client:
       <%= request.getRemoteHost() %> /
       <%= request.getRemoteAddr() %> /
       <%= request.getRemotePort() %></p>
</div>

This will be helpful later when testing the CAS servers through the load balancer, to ensure that requests are being distributed across the server pool, and also to ensure that X-Forwarded-For header processing is working correctly.

Start Tomcat

Start the Tomcat server by running the command

casdev-master# systemctl start tomcat

Review the contents of the log file (/var/log/tomcat/catalina.yyyy-mm-dd.out) for errors. All log messages in a successful start should be at log level INFO. If any messages are at log level WARNING or SEVERE, then something is wrong and needs to be corrected.

The last line of the log file in a successful start should look like this:

DD-MMM-YYYY HH:MM:SS.sss INFO [main] org.apache.catalina.startup.Catalina.start Server startup in N ms

Check that the Tomcat Native Library was correctly installed

After reviewing the log file in general, look specifically for messages that the Tomcat Native Library was successfully loaded and that it’s using the OpenSSL library:

DD-MMM-YYYY HH:MM:SS.sss INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library [1.2.12] using APR version [1.6.2].
DD-MMM-YYYY HH:MM:SS.sss INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.0f  25 May 2017]

If instead a message like this appears:

DD-MMM-YYYY HH:MM:SS.sss INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib

then the Native Library was not installed correctly, and the installation needs to be fixed.

Access the ROOT web application

Open up a web browser and enter the URL of Tomcat’s TLS port on the master build server:

https://casdev-master.newschool.edu:8443

Expect the browser to complain about the TLS/SSL certificate because the host name of the server does not match the name in the certificate. Click through the prompts to visit the site anyway, and you should see something like Figure 3, below:

Browser Screen Shot
Figure 3. The ROOT web application page

Notice the host name, IP address, and port number of the server and client displayed in the top (dark green) section; this will be important when testing through the load balancer later.

Using the features of your web browser, examine the details of the TLS certificate. (In Google Chrome, this is done by typing Ctrl+Shift+I to bring up the Developer Tools window, selecting the “Security” tab, and clicking “View certificate.”) Check that the certificate is the one created and installed in Configure TLS/SSL settings and that the certificate chain is valid from the root to the certificate.