Skip to main content

This document describes how to install the WiKID Strong Authentication Enterprise Edition using the RPMs.

Thank you for your interest in the WiKID Strong Authentication System for your two-factor authentication needs. We have made a number of changes in the 3.0 release, mostly in the underlying architecture. We are continuing to move away from an appliance-only model. As such, we have moved from multiple controller scripts (setup, start, stop, etc) to a single 'wikidctl' script that takes arguments start, stop, etc. We have packaged all webapps as WAR files and bundled Tomcat with the server, so you should be able to drop the WARs into an existing servlet container.

Requirements

Hardware Requirements

  • 100+ gbs of hard drive space.
  • 2g of RAM (4 gigs if using replication)
  • 2 Ethernet connections (Or one if the server will be NAT'd,)
  • 2 CPUs required
 dnf install java-1.8.0-openjdk postgresql postgresql-libs postgresql-jdbc postgresql-server perl postgresql-libs postgresql-jdbc  policycoreutils-python-utils

Make sure that postgresql is initialized:

service postgresql initdb

Test that the system is using the correct Java:

java -version

Download and install the WiKID RPMs. You need both the Enterprise Server RPM and the Utilities RPM:

dnf install --nogpg wikid-*

Then run setup:

/opt/WiKID/bin/wikidctl setup

Select that you want to change your network settings. The script will pick up your existing network settings, walk you through them and create an SSL cert for the server. Once done, start the server:

/opt/WiKID/bin/wikidctl start

Go to http:// to complete the set up.

To stop the server:

/opt/WiKID/bin/wikidctl stop

From here, you can follow the standard documentation, such as the  Quickstart Guide or the Complete installation manual.

Ports:

The WiKID token clients require port 80. You can use NAT, but it needs to be routable for the token clients.

The following services may only need internal access based on your needs:

  • The WiKIDAdmin uses 443.
  • wAuth uses 8388.
  • LDAP uses 389.
  • Radius uses 1812 UDP.
  • TACACS+ uses 49.

You can NAT the WiKID IP. Use the public IP as the domain identifier so that the software tokens know how to connect to the server.

Troubleshooting:

You may need to install the JCE Unlimited Strength Jurisdiction Policy Files to avoid the "Illegal Key Size error".

If you can't login to the WiKIDAdmin site due to a bad username and password, there is probably an issue with database connectivity. Check that postgres is running on the proper port:

netstat -anp | grep 5432

Check that 127.0.0.1 is the first item in /etc/hosts and not the IPv6 ::1 listing.

Make sure that postgresql-jdbc is installed.

Disable SELinux.

Check that the pg_hba.conf file copied properly:

diff /opt/WiKID/conf/templates/pg_hba.conf  /var/lib/pgsql/data/pg_hba.conf

If you get any response to this command, you can copy the /opt/WiKID/conf/templates version to /var/lib/pgsql/data. However, this may indicate that the rpm did not fully install and you may want to reinstall

LEARN MORE
SUPPPORT
DOWNLOADS
COMPANY
  
2FA Pricing
Installation How-tos
Server Downloads
Management
Community Version
Read the Manual
Token Downloads
Press Releases
Technology
Integration How-tos
API downloads
Partners
White Papers
Changelogs
Privacy Policy

 

Copyright © WiKID Systems, Inc. 2024 | Two-factor Authentication