To install StrongKey Discover application, login as root user on a clean Rocky Linux 9 VM and follow the deployment steps.

Prerequisites

• Rocky Linux 9 VM

  NOTE: Please configure the host file and FQDN if not already done. Refer to step 4 for guidance.

• OpenJDK 11

  NOTE: Restrict the openjdk 11 version to update 20 (java-11-openjdk-11.0.20) as anything above update 20 will not deploy the fidoserver correctly.

• Latest StrongKey FIDO Server (SKFS), see release notes. Also, make sure skfs.cfg.property.jwt.create property for SKFS is set to true, see here.

  NOTE: If you don’t have DNS setup, add SKFS FQDN to the hosts file where you are installing the Discover application.

Deploy Instructions

NOTE: If the install fails for any reason, follow the instruction for Removal and restart from the beginning.

1. Install wget if it has not been already.
   

   sudo dnf install wget
   

2. Download the binary distribution file discover-dist.tgz.
   

   wget https://sourceforge.net/projects/strongkeyfido/files/v4.12.0/sampleapps/java/discover/discover-dist.tgz

3. Extract the downloaded file to the current directory:
   

   tar xvzf discover-dist.tgz
   cd discover-dist

4. Verify the machine's FQDN is set as its hostname. This is necessary to properly configure the self-signed certificate for the API. 

   Run the following command:

   hostname

   If only the machine name is returned, and not the public FQDN, run the following command:

   sudo hostnamectl set-hostname <SERVER PUBLIC FQDN>

   If no DNS is configured for this machine, please run the following command to add an entry to the /etc/hosts file.

   echo `hostname -I | awk '{print $1}'` $(hostname) | sudo tee -a /etc/hosts

5. Copy ssosigningtruststore.bcfks from your SKFS keystores (which is located at /usr/local/strongauth/skfs/keystores folder on the machine where SKFS is installed, to the root of the folder where the extracted Discover distribution is located. Your directory will look similar to the screenshot below.
   

   .
   ├─ certimport.sh
   ├─ cleanup.sh
   ├─ discover.war
   ├─ docs/
   ├─ install-discover.sh
   ├─ payara.service
   ├─ source/
   └─ ssosigningtruststore.bcfks

   
   
6. Edit the install-discover.sh  script based on the SKFS configurations, specifically the SFKSURL, RPID, DISCOVER_VM_INSTANCES, and SKFS service credentials in the #SERVICE CREDENTIALS FOR FIDO OPERATIONS section. 
   

   sudo vi install-discover.sh

   The installation script contains configurable values that allow one to customize how the SKSO will function. In particular, here are the MUST edit properties to be modified:

   SKFSURL: This should be the hostname for the machine where SKFS is installed. For example, "https://demo.strongkey.com:8181/".
   
   

7. Execute the install-discover.sh to start deploying the Discover application.
   

   sudo ./install-discover.sh

   NOTE: If there's no internet connection during installation, please manually download and transfer the required dependencies to the discover-dist directory before proceeding. 

   • Payara 6.2023.9

8. To trust SKFS in the Discover application, import the certificate from the SKFS installation to the application's trust stores. Run the commands as the strongauth user, once without -kGLASSFISH and again with. Change the -p8181 port if accessing SKFS on a different port.

    certimport.sh <SKFS-FQDN> -p8181
    certimport.sh <SKFS-FQDN> -p8181 -kGLASSFISH
   

9. Restart Payara by running :

    sudo systemctl restart payara
   

10. Access the Discover application by going to:

     https://<fqdn-of-discover-vm>:8181/discover
    

This is the first version of the Discover application. For any issues or feedback please contact StrongKey support at This email address is being protected from spambots. You need JavaScript enabled to view it..