This documentation refers to an earlier version of Islandora. is current.

Fedora, along with Drupal, is one of the core technologies behind Islandora. This chapter will cover the basic steps for installing Fedora - for more information, please see the FedoraCommons documentation.

Fedora is available under the terms of the Apache License and has a very active open source community producing additional tools, applications and utilities. Islandora currently uses Fedora version 3.4.2.

Pre-installation software checklist

Fedora requires the following to be set-up and running prior to beginning your installation:

  • Java SE Development Kit (JDK) 6
  • A database: Installed for Drupal. Consult the Fedora installation guide for notes on running other databases.
  • An application server: Fedora includes the Tomcat Application Server. Consult the Fedora installation guide for notes on running other application servers.

Installation Steps

1. Download the Fedora Repository software.

2. Read through the online guide to ensure the pre-installation system pre-requisites are met.

3. Prepare your local environment variables by modifying the .bash_profile or .profile file in the home directory of the fedora user.

 Fedora will need to be given variables to find the main fedora directory, the main tomcat directory, and the location of your Java installation (JDK 6).

The following example assumes Java is installed in /opt/java and Fedora is installed in /usr/local/fedora:

export FEDORA_HOME=/usr/local/fedora
export CATALINA_HOME=/usr/local/fedora/tomcat
export JAVA_OPTS="-Xms1024m -Xmx1024m -XX:MaxPermSize=128m"
export JAVA_HOME=/opt/java

4. Before beginning your Fedora installation, create a database for Fedora to use (In the file example that follows the database is called fedora3. This is referenced as part of the value string for database.jdbcURL). This is not the same database that you used for your Drupal installation.

5. To start the installer, navigate to the directory where the install file (fcrepo-installer-3.4.2.jar) was downloaded and run the following command:

java -jar fcrepo-installer-3.4.2.jar

6. Select the CUSTOM INSTALL.

It is important to select the Custom Install as it will enable the resource index by default, which is the backbone of Islandora's collection views and other functionality.

7. The Fedora installer script will ask you a series of questions (Source: Installation and Configuration Guide - Fedora 3.4 Documentation):

Servlet Container

The installer will automatically configure and deploy to Tomcat 5.0.x, 5.5.x, and 6.0.x servlet containers. However, if an existing Tomcat installation (as opposed to the Tomcat bundled with the installer) was selected, the installer will not overwrite your existing server.xml, but rather, place a modified copy at FEDORA_HOME/install so that you may review it before before installing it yourself.

Other servlet containers will require manual deployment of the war files located at FEDORA_HOME/install.

Application Server Context

The installer provides the option to enter an application server context name under which Fedora will be deployed. The context name defaults to Fedora (resulting in http[s]://host:port/fedora), however any other valid context name can be supplied. The installer will name the resulting war file according to the supplied context name (defaults to fedora.war). Please ensure that the servlet container configuration reflects the name of the Fedora context name in case it needs to be configured explicitly. For further details see Alternative Webapp Context Configuration.


Configuring SSL support for Fedora's API-M interface is an optional feature. It strongly recommended for production environments if Fedora is exposed to unsecured applications and users. However, if your installation is within a managed data center with firewall services, you may choose to provide SSL using a software or hardware front-end instead. For example, a reverse proxy implemented using the Apache HTTP Server and hiding Fedora generally provides better SSL performance.

If the Tomcat servlet container is selected, the installer will configure server.xml for you. However, as noted above, if an existing Tomcat installation was selected, the installer will not overwrite your existing server.xml.

Please consult your servlet container's documentation for certificate generation and installation. (In particular, the example certificate provided by the installer for Tomcat should not be used in a production environment).

If Fedora is configured to use SSL, the JAVA_OPTS environment variable must include the and properties. The value of should be the location of the truststore file and the value of is the password for the keystore. The following values may be used with the sample keystore included with the installer:$FEDORA_HOME/server/truststore


The Fedora Security Layer is an experimental feature introduced from Fedora 3.3. FeSL Authentication is now the default authentication mechanism, however Fesl Authorization is still considered experimental. Enabling FeSL Authorization will disable the legacy policy enforcement. See FeSL Installation for more information about FeSL requirements that must be satisfied prior to installation.

Resource Index

If the Resource Index is enabled, Fedora will use Mulgara as its underlying triplestore, with full-text indexing disabled.


If Messaging is enabled, Fedora will create and send a message via JMS whenever an API-M method is called.

Once the script has collected your answers and configured Fedora on your system, the values are written to the file located in $FEDORA_HOME/install.

An output of a sample file is included here to guide you through the installation.  To use this file, copy the full contents of the textbox below into a text editor, change the database name, database user, database password and database port number to match your database configuration, and save the edited file as to the same directory where the fcrepo jar is stored.  Fedora can now be installed by entering sudo java -jar fcrepo-installer-3.4.2.jar

An example of an file (specific to an OSX environment):

#Install Options
#Wed Mar02 15:58:59 AST2011

8. Once the installation script has completed and Fedora is installed, you should start your Fedora instance by running:


9. To verify that Fedora has successfully started:

 a. $FEDORA_HOME/tomcat/logs/catalina.out should contain no errors.
 b. View your Fedora instance through a web browser: http://localhost:8080/fedora/

10. Stop your Fedora instance by running:$FEDORA_HOME/tomcat/bin/
11. Navigate to $FEDORA_HOME/data/fedora-xacml-policies/repository-policies/default and create a file with the following xml -

<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy"
  <Description>note that other policies may provide exceptions to this broad policy.  This policy assumes api-m users have to be authenticated</Description>
        <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
          <AttributeValue DataType="">urn:fedora:names:fedora:2.1:action:api-m</AttributeValue>
          <ActionAttributeDesignator DataType=""
  <Rule RuleId="1" Effect="Permit"/>

Save as permit-apim-to-authenticated.xml.

11. Restart Fedora by using the startup command from step 8:


12. Access the Fedora Web Administrator: http://localhost:8080/fedora/admin and ensure you can ingest and purge objects.

13. For information on using Fedora, make use of the tutorials at the Fedora Commons site.

There are two global policies that block/override purge rights. This behaviour is correct as it assumes that items will be set to a status of "deleted" rather than being purged directly. By default it assumes that if an object or Datastream is set to active or inactive, then only the "administrator" role can purge.

To resolve this, you can simply remove these policies in $FEDORA_HOME/data/fedora-xacml-policies/repository-policies/default/:

  • deny-purge-datastream-if-active-or-inactive.xml 
  • deny-purge-object-if-active-or-inactive.xml
  • No labels


  1. Some notes:

    1. The example seems to be aimed at an OSX environment, specifically the mysql port is the default for MAMP.  Probably won't work in other situations.  In most "normal" environments, no port number need be specified.
    2. The directory $FEDORA_HOME/data/fedora-xacml-policies/repository-policies/default probably won't exist until after Fedora has been started.
    3. We used to have to delete the policy deny-apim-if-not-localhost.xml in order to access api-m from anywhere but localhost.  I'm guessing that the policy permit-apim-to-authenticated.xml is intended to solve the same problem, but in a recent install this didn't work for me.  I still had to delete the denial policy (or I could have edited it to include additional permitted client addresses).
    1. Thanks for the notes, Zach:

      1. I'll add some clarification of this point to the instructions

      2. So should the user start Fedora after installing it using the file, then create permit-apim-to-authenticated.xml and restart Fedora?

      3. After deleting the denial policy did you still have to add permit-apim-to-authenticated.xml ? 

      1. 2. I'm pretty sure the best instructions are to:

        • install fedora (using or interactively)
        • start fedora
        • stop fedora
        • create permit-apim-to-authenticated.xml
        • start fedora again

        3. First I tried just adding the permit policy as stated.  No go.  Then I deleted the denial policy and was successful.  So I can't confidently answer that question just yet, but maybe if I get a chance I can try deleting the permit-apim policy and see if I can still access.

  2. It might be worth noting here that the resource index has to be enabled to use Islandora and that messaging has to be enabled to use gsearch/microservices.

  3. Unknown User (daniel-dgi)

    Was running through this installation and only hiccup I had was mentioned by Zachary.  The example file is geared towards OSX and uses port 8889 for mysql.  If you're on Linux, the port is most likely 3306.  You can verify your mysql port by looking in /etc/mysql/my.cnf.