Install the First System

CA Strong Authentication UNIX Installation Guide › How to Deploy CA Strong Authentication on Distributed Systems › Install the First System

Install the First System

Perform the following steps to install CA Strong Authentication and related components.

Follow these steps:

Log in and navigate to the directory where you untarred the installer.
Ensure that you have the permission to run the installer. If you do not have the required permission, run the following command:
```
chmod a=rx CA-StrongAuthentication-8.0-Linux-Installer.bin
```
Run the installer as follows:
```
sh CA Strong Authentication-<version_number>-<platform_name>-Installer.bin
```
If you are running the installer with root login, then a warning message appears. Enter Y to continue, or N to quit the installation. If you exit the installer, then run the installer again.

The Welcome message appears.
Press Enter to continue with the installation.
The License Agreement appears.
Accept the License Agreement.
1. Enter y to accept the acceptance of License Agreement and to continue with the installation.
The Choose Installation Location options appear.
Perform one of the following steps:
- If the installer detects an existing home directory, then it displays the path to that directory. Press Enter to accept this directory path.
- If the installer does not detect an existing home directory, it displays the default directory path and prompts you to either accept the default path or specify a new path. Press Enter if you want to accept the default path. Alternatively, enter the absolute path of the directory where you want to install CA Strong Authentication and press Enter to continue.
  Note: The installation directory name that you specify must not contain spaces.
The installation types (Complete and Custom) screen appear.
Select the required option and press Enter to continue with the installation.
Type 2 and press Enter to accept the Custom installation option and to continue with the installation.
The Choose Product Features options appear.
Specify a comma-separated list (without any space between the comma and the number) of numbers representing the CA Strong Authentication components you want to install.
On the first system, you install the following components:
1. CA Strong Authentication Authentication Server
2. Administration Console
3. User Data Service
The following table describes all components that are installed by the installer and the numbers that you must enter to install them.

Option	Component	Description
1	CA Strong Authentication Authentication Server	This option installs the core Processing engine (CA Strong Authentication Server) that serves the following requests from SDKs, Administration Console, and Web Services: Credential Issuance Configurations Credential Authentication Configurations Server Configurations In addition, this component also enables you to access the following Web Services: Authentication and Authorization Web service - Provides the programming interface for authenticating and authorizing users. Issuance SDK and Web Services - Provides the programming interface for creating, reading, and updating user credential information in the CA Strong Authentication database. Authentication Web Service - Provides the programming interface for authenticating users. Credential Management Web Service - Provides the programming interface for creation and management of user credentials. Administration Web Service - Provides the programming interface used by the CA Strong Authentication Administration Console. Bulk Operations Web Service: Provides the programming interface for uploading and fetching OATH tokens.
2	Java SDK and WS	This option provides programming interfaces (in form of APIs and Web Services) that can be invoked by your application to forward authentication and user credential issuance requests to the CA Strong Authentication Server. This package comprises the following sub-components: Authentication Java SDK and Web Services- Provides the programming interface for authentication with CA Strong Authentication Server. Credential Management Java SDK and Web Services - Provides the programming interface for creation and management of user credentials. Administration Web Service - Provides the programming interface for creating configurations. Bulk Operations Web Service: Provides the programming interface for uploading and fetching OATH tokens. See chapter, "Configuring CA Strong Authentication Java SDKs and Web Services" for more information about configuring these components.
3	CA Strong Authentication Sample Application	This option provides Web-based interface for demonstrating the use of Java APIs and verify if CA Strong Authentication was installed successfully, and if it is able to perform credential management and authentication requests.
4	Administration Console	This option provides the Web-based interface for managing CA Strong Authentication Server and authentication-related configurations.
5	User Data Service	This option installs UDS that acts as an abstraction layer for accessing different types of user repositories, such as relational databases (RDBMSs) and directory servers (LDAPs.)

Press Enter to continue.
The database types screen appear.
Specify the number corresponding to the database, and press Enter to continue:
- 1 - Microsoft SQL Server
- 2 - IBM DB2 (UDB)
- 3 - Oracle Database
- 4 - MySQL
The Primary Database Access Configuration options appear.

Note: CA Strong Authentication Oracle Real Application Clusters (Oracle RAC). To use Oracle RAC with your CA Strong Authentication Installation, select Oracle Database in this step, perform the next step (Step 12), and then perform the steps in Configuring CA Strong Authentication for Oracle RAC.
Depending on the database that you are using:
- Specify the information that is listed in the following table if you specified Microsoft SQL Server:

Parameter	Description
Primary ODBC DSN	The installer creates an ODBC connection that CA Strong Authentication uses to connect to the database. The recommended value to enter is arcotdsn.
User Name	The database user name for CA Strong Authentication to access the database. This name is specified by the database administrator. (MS SQL Server, typically, refers to this as login.) Note: The User Name for the Primary and Backup DSNs must be different.
Password	The password associated with the User Name you specified in the previous field and which is used by CA Strong Authentication to access the database. This password is specified by the database administrator.
Server Name	The host name or IP address of the datastore. Default Instance Syntax: <server_name> Example: demodatabase Named Instance Syntax: <server_name>\<instance_name> Example: demodatabase\instance1
Port Number	The port on which the database server listens to the incoming requests. Note: Press Enter, if you want to accept the default port.
Database	The name of the MS SQL database instance.

Specify the information that is listed in the following table if you specified IBM DB2 (UDB):

Parameter	Description
Primary ODBC DSN	The installer creates an ODBC connection that CA Strong Authentication uses to connect to the database. The recommended value to enter is arcotdsn.
User Name	The database user name for CA Strong Authentication to access the database. This name is specified by the database administrator. Note: The User Name for the Primary and Backup DSNs must be different.
Password	The password associated with the User Name you specified in the previous field and which is used by CA Strong Authentication to access the database. This password is specified by the database administrator.
Host Name	The host name or IP address of the datastore. Default Instance Syntax: <server_name> Example: demodatabase Named Instance Syntax: <server_name>\<instance_name> Example: demodatabase\instance1
Port Number	The port at which the Database listens to the incoming requests. Note: Press Enter, if you want to accept the default port.
Database	The name of the database that CA Strong Authentication will access.

Specify the information that is listed in the following table if you specified Oracle Database Server:

Parameter	Description
Primary ODBC DSN	The installer creates an ODBC connection that CA Strong Authentication uses to connect to the database. The recommended value to enter is arcotdsn.
User Name	The database user name for CA Strong Authenticationto access the database. This name is specified by the database administrator. Note: The User Name for the Primary and Backup DSNs must be different.
Password	The password associated with the User Name you specified in the previous field and which is used by CA Strong Authentication to access the database. This password is specified by the database administrator.
Service ID	The Oracle System Identifier (SID) that refers to the instance of the Oracle database running on the server.
Port Number	The port at which the Database listens to the incoming requests. Note: Press Enter, if you want to accept the default port.
Host Name	The host name or IP address of the datastore. Syntax: <server_name> Example: demodatabase

Specify the information that is listed in the following table if you specified MySQL.

Parameter	Description
Primary ODBC DSN	The installer creates an ODBC connection that CA Strong Authentication uses to connect to the database. The recommended value to enter is arcotdsn.
User Name	The database user name for CA Strong Authentication to access the database. This name is specified by the database administrator. (Microsoft SQL Server, typically, refers to this as login.) Note: The User Name for the Primary and Backup DSNs must be different.
Password	The password associated with the User Name you specified in the previous field and which is used by CA Strong Authentication to access the database. This password is specified by the database administrator.
Server Name	The host name or IP address of the datastore. Default Instance Syntax: <server_name> Example: demodatabase Named Instance Syntax: <server_name>\<instance_name> Example: demodatabase\instance1
Port Number	The port on which the database server listens to the incoming requests. Note: Press Enter, if you want to accept the default port.
Database	The name of the Microsoft SQL Server database instance.

The Backup Database Access Configuration options appear.

Perform one of the following steps:
- Type N to skip the configuration of the secondary DSN, when prompted, and press Enter to continue.
- Type Y to configure the secondary DSN, when prompted, and press Enter to continue.
  For information about the tasks to be performed, see the table in the preceding step.
The Encryption Configuration options appear.
Specify the following information:
- Master Key: Enter the master key, which is used to encrypt the data stored in the database. By default, the value of master key is set to MasterKey. This key is stored in the securestore.enc file, which is located at <install_location>/arcot/conf.
  If you want to change the value of the master key after the installation, then regenerate the securestore.enc file with a new master key. For more information, see the CA Strong Authentication Administration Guide.
- Enter y if you want to use a Hardware Security Module (HSM) to encrypt the sensitive data. Enter n if you want to use the software encryption, in this case you do not have to provide the following HSM information.
1. Enter 1 if you want to use Luna HSM or 2 if you want to use nCipher netHSM.
2. HSM PIN: Enter the password that is used to connect to the HSM.
- Shared Library: The absolute path to the PKCS#11 shared library corresponding to the HSM.
  For Luna (libCryptoki2.so) and for nCipher netHSM (libcknfast.so), enter the absolute path and full name of the file.
- Storage Slot Number: The HSM slot where the 3DES keys used for encrypting the data are present. The default value for Luna is 0, and for nCipher netHSM the default value is 1.
  Note: The HSM parameter values are recorded in the arcotcommon.ini file located at <install_location>/arcot/conf. To change these values after installation, edit the arcotcommon.ini file, as discussed in appendix, "Configuration Files and Options".
Press Enter to continue.
The Pre-Installation Summary appears.
Review the product details displayed carefully and press Enter to proceed.
After the preceding tasks are completed successfully, the Installation Complete message appears.
Press Enter to exit the installer.
You may have to wait for a few minutes (for the installer to clean up temporary files) until the prompt reappears.
Verify that UTF-8 support is enabled:
1. Navigate to the <install_location>/arcot/odbc32v70wf/odbc.ini file.
2. Locate the [ODBC] section.
3. Ensure that the IANAAppCodePage=106 entry is present in the section.
4. If you do not find this entry, then add it.
5. Save and close the file.