Installation Guide

This short guide shall enable you to install TIM v8 on Windows or Linux OS.

JBOSS = WildFly

Preconditions for Windows or UNIX

Database access preferably db_owner on either MySQL 8, SQL Server 2019 / 2022, or Oracle 19c according to our latest requirements in the release notes → Release Notes - Documentation EN - TIM BPM Documentation (atlassian.net)

Get additional tools if possible:

Windows OS

Quick guide for Windows installation with WildFly29 & TIM v8

Resources

Installation

  1. Install JDK and set JAVA_HOME for the system. Can be checked via system environmental variables.

  2. On Disk create folder tim e.g. C:\tim

  3. Unzip wildfly as per request to C:\tim\wildfly-[VERSION] and rename the folder to wildfly-[VERSION]-dev, -stage or -prod according to purpose.

  4. Copy & replace the content of wildfly-[VERSION]-JWT-delta.zip into WildFly Home e.g. C:\tim\wildfly-[VERSION]-dev

  5. Copy the folder “service” from C:\tim\wildfly-[VERSION]-\docs\contrib\scripts to C:\tim\wildfly-[VERSION].Final-\bin. Edit with notepad++ C:\tim\wildfly-[VERSION]-dev\bin\service\service.bat and change SHORTNAME and DISPLAYNAME to e.g. TIM[VERSION]DEV / Timprod-WildFly[VERSION]

CONTROLLER=localhost:9990 in service.bat needs to match jboss.management.http.port in standalone-tim.xml

important if multiple app server are installed on one host machine

Copy from https://s3.eu-central-1.amazonaws.com/delivery.aws.tim-bpm.com/setup/jbcs-jsvc-1.1.0-win6-x86_64.zip

\jbcs-jsvc-1.1.0-win6-x86_64\jbcs-jsvc-1.1\bin\prunmgr.exe
\jbcs-jsvc-1.1.0-win6-x86_64\jbcs-jsvc-1.1\sbinprunsrv.exe

into the \bin folder when having trouble with shut-down of service

  1. Open C:\tim\wildfly-[VERSION].Final\standalone\configuration\tim.properties and add

    keypair-password=changeit
  2. Run the following keytool command in your windows cmd to create a jwt.keystore and add the key

    keytool -genkey -alias jwt.key -keyalg RSA -keysize 2048 -keystore C:\tim\wildfly-[VERSION].Final\standalone\configuration\jwt.keystore -storepass changeit -validity 900 -keypass changeit
  3. Iterate through the questions

     

  4. Open C:\tim\wildfly-[VERSION].Final-dev\bin\standalone.conf.bat to check for XMS and write rem before all lines from 96 to 104 regarding port offset and the DB connection string. c.f.:

    set "JAVA_OPTS=%JAVA_OPTS% -Xms2G -Xmx2G -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=512m" rem TIM Solutions GmbH Configuration part rem Feel free to edit this configuration below! rem set "JAVA_OPTS=%JAVA_OPTS% -Djboss.socket.binding.port-offset=0" rem set "JAVA_OPTS=%JAVA_OPTS% -Djboss.http.port=8080" rem set "JAVA_OPTS=%JAVA_OPTS% -Djboss.JDBC_CONNECTION=jdbc:sqlserver://database.fqdn:1433;database=tim;encrypt=true;loginTimeout=30;" rem set "JAVA_OPTS=%JAVA_OPTS% -Djboss.JDBC_DRIVER=sqlserver" rem set 'JAVA_OPTS=%JAVA_OPTS% -Djboss.CHECK_ALIVE_QUERY="SELECT 1 FROM TIM_DUAL"' rem set "JAVA_OPTS=%JAVA_OPTS% -Djboss.DBUSER=tim" rem set "JAVA_OPTS=%JAVA_OPTS% -Djboss.DBPASSWORD=t1m"
  5. Open under C:\tim\wildfly-[VERSION].Final-dev\standalone\configuration\standalone-tim.xml to configure the data source. e.g. connection URL

  6. SET ‘SELECT 1 FROM TIM_DUAL’ only for ORACLE DB

  7. Open under C:\tim\wildfly-[VERSION].Final-dev\standalone\configuration\tim.properties to set default client and add initpass for custom passwords (after the initial init of the system credentials can be encrypted via admin panel). Comment out # to not use the default passwords.

  8. Encoding the passwords via the administration panel of secrets is possible after the initialization of the application.

  9. Copy tim.ear and dashboard.war from TIM_x.x.x.zip into C:\tim\wildfly-[VERSION].Final-dev\standalone\deployments

  10. Open cmd as admin and install the service.

  11. Open Windows Services and navigate to e.g. TIM[VERSION]DEV. Set Startup type to Automatic.

  12. Start TIM Service and check server.log C:\tim\wildfly-[VERSION].Final-dev\standalone\log for any issues to resolve. Popular issues: closed ports, the network connection to the database, missing permissions, or antivirus tool intervention.

  13. Open http://127.0.0.1:8080/loom-portal/hidden.htm to initialize the database. (InitDB)

  14. Open Eclipse for license generation, ID Token, Multi or Single Node, Validity in month, Customer Name, values have to be provided from Ticket except ID and Node copy and paste license into customer page. Customers can order a license under https://webform.tim-solutions.de/licenserequest/

  1. Open http://127.0.0.1:8080/loom-portal/license.htm to install the license as super/admin.

  2. Log into super tenant http://localhost:8080/tim/client/ to create a customer tenant. Tenant Creation - Documentation EN - TIM BPM Documentation (atlassian.net)

  3. Replace unencrypted Passwords with encrypted ones in C:\tim\wildfly-[VERSION].Final-dev\standalone\configuration\tim.properties

For further configuration e.g SMTP, LDAP Auth & Sync or SSO with SAML please check the links under Additional Configuration.

UNIX

Resources

Installation

  1. Similar to the Windows installation, create a folder tim under e.g /usr/local/

  2. Create a user and group, e.g. tim that owns folder tim

  3. Copy WildFly and WildFly JWT Delta into tim folder

  4. Copy docs/contrib/scripts/systemd/launch.sh to bin\

  5. Copy docs/contrib/scripts/systemd/wildfly.conf to /etc/default/

  6. Copy docs/contrib/scripts/systemd/wildfly.service to /etc/systemd/system/

  7. Open bin/standalone.conf to disable.

  8. Open standalone/configuration/standalone-tim.xml to set datasources to the desired database.

    SET ‘SELECT 1 FROM TIM_DUAL’ only for ORA DB

  9. Check socket-binding for correct port offset

  10. Open /usr/local/tim/wildfly-[VERSION].Final/standalone/configuration/tim.properties and add

     

  11. Run the following keytool command to create a jwt.keystore and add the key

  12. Iterate through the questions

  13. Open under /usr/local/tim/wildfly-[VERSION].Final/standalone/configuration/tim.properties to set default client and add initpass for custom passwords (after the initial init of the system credentials can be encrypted via admin panel). Comment out # to not make use of the default passwords.

  14. Encoding via the administration panel of secrets is possible after the initialization of the application.

  15. Copy tim.ear and dashboard.war from TIM_x.x.x.zip into /usr/local/tim/wildfly-[VERSION].Final/standalone/deployments

  16. Set WILDFLY_CONFIG=standalone-tim.xml in /etc/default/wildfly.conf

  17. Set below parameters for /etc/systemd/system/wildfly.service

  18. Enable service with systemctl enable wildfly.service & systemctl daemon-reload

  19. Run systemctl start wildfly.service and check server.log /usr/local/tim/wildfly-[VERSION].Final/standalone/log for any issues to resolve. Popular issues: closed ports, the network connection to the database, missing permissions, or antivirus tool intervention.

  20. Open http://127.0.0.1:8080/loom-portal/hidden.htm to initialize the database. (InitDB)

  21. Open Eclipse for license generation, ID Token, Multi or Single Node, Validity in month, Customer Name, values have to be provided from Ticket except ID and Node copy and paste license into customer page. Customers can order a license under https://webform.tim-solutions.de/licenserequest/

  1. Open http://127.0.0.1:8080/loom-portal/license.htm to install the license as super/admin.

  2. Log into super tenant http://localhost:8080/tim/client/ to create a customer tenant. Tenant Creation - Documentation EN - TIM BPM Documentation (atlassian.net)

  3. Replace unencrypted Passwords with encrypted ones in /usr/local/tim/wildfly-[VERSION].Final/standalone/configuration/tim.properties

 

For further configuration - e.g SMTP, LDAP Auth & Sync or SSO with SAML - please check the links below.

Additional Configuration

Configuration Properties / tim.properties
Module Requirements | Mailserver
Module Requirements | SAML 2.0
Module Requirements | LDAP
LDAP
Dashboard

 

KEYSTORE GENERATION

There is a command to create a keystore: 

The generated keystore must be located under standalone/configuration folder and must have a name jwt.keystore

TIM.PROPERTIES CONFIGURATION

Text above highlighted in bold can be changed and must be the same as defined in tim.properties. The tim.properties file has the following properties:

  1. Value of keystore-password property must be equal to the -storepass value of the aforementioned command 

  2. Value of keypair-name property must be equal to the -alias value of the aforementioned command 

  3. Value of keypair-password property must be equal to the -keypass value of the aforementioned command 

STANDALONE XML CONFIGURATION

Additionally, the standalone file must contain the keystore-password in the section of keystores definition:

Have a look at the   <credential-reference clear-text="changeit"/> . Credential-reference must be equal to the keystore-password.

When defining a certificate parameter for jwt issuer in the standalone config, we must put a value of the certificate name:

This value must be equal to keypair-name property value in tim.properties and -alias of the keystore generation command 

Azure SaaS Considerations

  1. Azure Application Gateway

  2. App Gateway Listener

  3. Check Firewall Port

  4. Log into the customer tenant to configure SMTP settings or create customer accounts as per ticket.