Installing ForgeRock OpenAM and Apache 2.4.6 on Ubuntu 13.10

TL;DR

touch /etc/apache2/httpd.conf

Enter /etc/apache2 as your Apache Server Config Directory Path

copy the generated line from httpd.conf to apache2.conf

The Story

I’m no sysadmin, as will become clear rapidly in this post. I develop software, including Web software, so I have some knowledge of Apache and how to set it up and configure it, but for anything tough I scurry to real sysadmins.

I’m currently on a project at work to replace our Sun/Oracle OpenSSO installation with ForgeRock OpenAM, so I plopped a Linux VM on my MacBook Pro and worked my way through installing OpenAM using the ForgeRock’s Getting Started with OpenAM document, which is easy to follow and works well. When I got to the OpenAM Web Policy Agent installation, however, I stumbled. I ran the commands:

$ cd /path/to/web_agents/apache22_agent/bin
$ ./agentadmin --install

I was prompted for the Apache configuration directory:

Enter the Apache Server Config Directory Path [/opt/apache24/conf]:

I had installed Apache 2.4 through apt-get, so I knew /opt/apache24/conf wasn’t correct. I poked around a bit and found /etc/apache2, which looked like a configuration directory to me, so I entered that. I got this error message:

ERROR: Invalid Apache Server Config directory . Please try again.

After trying all kinds of directories that had “apache2” in the path (see? I told you I’m no sysadmin) and getting the same error each time, and after prying open the shell script and seeing that all work was being done in Java, so I’d need a decompiler to crack this open, I paused a moment to think: What would this script be looking for to validate that the directory I entered was indeed an Apache Server Config directory? I figured it was probably looking for httpd.conf, which is the configuration file I’m (slightly) familiar with and which didn’t exist anywhere on my system. So, I typed:

touch /etc/apache2/httpd.conf

I re-ran the OpenAM Web Policy Agent installation, and everything worked. The installation wrote this line to httpd.conf:

include /opt/web_agents/apache24_agent/Agent_001/config/dsame.conf

When I tested my newly-protected page, however, OpenAM did nothing to prevent access. After a bit of thought, I figured that httpd.conf was being ignored, so I copied that line into apache2.conf, and then OpenAM blocked the page appropriately. Success!

Hope this helps someone.