Set the parameters for the Identity Management Server installation.
Follow these steps:
Leave as the default, VMWare.
Set to CamAdmin. This is an Oracle database user ID you previously created with DBA and Connect privileges.
The password for the oracle_schema_user, CamAdmin. Enter the same password you entered when you created the CamAdmin user in the Oracle database.
Host name of the Oracle database server. For an Oracle RAC setup, use the RAC host name.
Oracle database SID or Service name. For an Oracle RAC setup, use the service name.
A user name for the Identity Management database. Create any user name.
A password you for the Identity Management database user. Create any password.
Table space name for the Identity Management database. Create any table space name.
Enter a name for the Oracle tablespace file for the Identity Management server, in one of the following formats.
<name_of_IM_tablespace_file>
<path_to_IM_tablespace_file>/<name_of_IM_tablespace_file.dbf>
The size of the table space for the Identity Management database. We recommend an initial size of 1000MB.
Enter the same user name you entered for _ps_db_user in the properties file for the first SiteMinder Policy Server instance.
Enter the same password you entered for _ps_db_password in the properties file for the first SiteMinder Policy Server instance.
Enter the same name you entered for _ps_tablespace_name in the properties file for the first SiteMinder Policy Server instance.
The default SiteMinder Policy Server user name.
Enter the same password you entered for _ps_admin_password in the properties file for the first SiteMinder Policy Server installation. This is the password for the default SiteMinder Policy Server user.
The name of the agent which the Identity Management Server uses to communicate with the SiteMinder Policy Server. For internal use. Leave as the default, camadmin.
A password you create for the agent used by the Identity Management Server to communicate with the SiteMinder Policy Server.
Enter the host address of the SiteMinder Policy Server load balancer VIP.
Set to the value "True" so that the Identity Management Server is installed with SiteMinder integration enabled.
Set to the value "True" to enable high availability installation of the Identity Management servers.
Set to the value "False" to disable high availability installation, for example, in a test environment.
Enter the name of the mail server that you want the Identity Management server to use for email notifications.
This is used for the sendmail configuration of the relay host. Leave blank or specify the local host.
Enter the return address that you want the Identity Management server to use for email.
A password used by JBoss cluster. Leave as the default setting or create any password.
Enter the host name of the server on which you are currently installing Identity Management.
Enter a JBoss ID for the Identity Management Server you are installing. Create any unique ID. We recommend a value of "1" for your first Identity Management instance, "2" for your second instance, etc.
Internal use only. Do not change.
Internal use only. Do not change.
Internal use only. Do not change.
Enter a unique name you create for this Identity Management cluster. Choose a different multicast groupname for each cluster you run.
All the Identity Management Servers in the cluster share the same value for this parameter. This can be any text string, but we recommend a short name, because it is included in every message sent around the cluster.
Enter a unique multicast address you create for this Identity Management cluster. Choose a different multicast address for each cluster you run.
All the Identity Management servers in the cluster share the same value for this parameter. By default, JBoss AS uses UDP multicast for most intra-cluster communication. Consider a multicast address of the form 239.255.x.y. See http://www.29west.com/docs/THPM/multicast-address-assignment.html for additional guidelines.
Set to the value "False" to install without FIPS mode. CA CloudMinder 1.5 does not currently support FIPS mode.
"/tmp"
Location of the FIPS key.
Leave as the default. CA CloudMinder 1.5 does not currently support FIPS mode.
Enter the same name you entered for _aa_db_user in the properties file for the first SiteMinder Policy Server instance. This is the advanced authentication database user name.
Enter the same name you entered for _aa_db_password in the properties file for the first SiteMinder Policy Server instance. This is the advanced authentication database user password.
Enter the same value you entered for impd_shared_secret in the properties file for the first Directory Server instance.
Enter the same value you entered for _provisioning_server_pwd in the properties file for the first Provisioning Server instance.
Enter the same value you entered for impd_shared_secret in the properties file for the first Directory Server instance.
Enter the same value you entered for _connector_server_pwd in the properties file for the first Provisioning Server instance.
Enter the host name where you installed the first (primary) SiteMinder Policy Server.
Enter 8080, or enter the CSP console Port if it is installed on a non-default port.
Internal use. Do not change.
Internal use. Do not change.
Set to the value "True" to enable SSL on the CSP console (use HTTPS).
Set to the value "False" to disable SSL on the CSP console (use HTTP).
Internal use. Do not change.
Internal use. Do not change.
Enter your the base URL for your CA CloudMinder environment, in the following format:
<SPS-VIP>.<YOURDOMAIN>/iam/im
Where SPS-VIP is your Secure Proxy Server load balancer VIP, and YOURDOMAIN is the domain address for your environment.
For example:
cloudminderspsvip1.forwardinc.com/iam/im
Enter all CA Directory host names in your environment, separated by commas.
Set this Hosting Container to specify Internal Base URL when you do not want the notifications from Provisioning Server to go to the Environment Base URL.
An internal Identity Management Server load balancer can be specified here. This load balancer will be used as the Provisioning Server notification URL for any tenants deployed. Tenants deployed when no Internal Base URL has been specified will have a Provisioning Server notification URL that is derived from the Environment Base URL.
Enter the same value as you entered for _dir_webservices_username in the properties file for the first CA Directory instance. Be sure to uncomment this parameter (remove # from the parameter name).
Enter the same value as you entered for _dir_webservices_password in the properties file for the first CA Directory instance. Be sure to uncomment this parameter (remove # from the parameter name).
Enter the same value as you entered for _dir_webservices_port in the properties file for the first CA Directory instance. Be sure to uncomment this parameter (remove # from the parameter name).
Enter the host names for all hosts with a DSA router in your installation, separated by commas.
For Example:
Identity Management Server1, Identity Management Server2, SiteMinder Policy Server1, SiteMinder Policy Server2, Provisioning Server1, Provisioning Server2
Leave as default, blank.
Leave as default, blank.
Leave as default, blank.
Enter the host names for all Provisioning Servers, separated by commas.
For Example:
Provisioning Server1, Provisioning Server2
Leave as default, blank.
Leave as default, blank.
Leave as default, blank.
Enter the host name of the first (primary) Provisioning Server.
Note: If the CA IAM Connector Server is on a separate server, enter the host name of the CA IAM Connector Server instead.
Enter the same password as you entered for _connector_server_pwd in the properties file for the first instance of the Provisioning Server. This is the password used to access the CA IAM Connector Server.
Enter the host name of the first (primary) Provisioning Server.
Enter the host name of the second (failover) Provisioning Server.
Internal use. Do not change.
Internal use. Do not change.
Internal use. Do not change.
Enter the same password you entered for _csp_dir_password in the properties file for the first SiteMinder Policy Server instance.
Enter the same host name you entered for _csp_dir_host in the properties file for the first SiteMinder Policy Server instance.
Enter the same password you entered for _csp_dir_port in the properties file for the first SiteMinder Policy Server instance.
Enter the host name for the first (primary) SiteMinder Policy Server.
The default value of "False" installs only the Identity Management Server. We do not recommend changing this value.
You can set this value to "True" to install a Provisioning Server as well.
Location of an existing 64-bit JRE if preinstalled. Set this parameter if you choose to install your JRE separately. In this case, symbolically link /opt/java64 to your JRE.
However, instead of installing a JRE separately, the system installer can do this automatically. We recommend that you download a JRE and allow the system to install it.
See the JAVA64_KIT parameter.
Location of a 64-bit JRE that you download to the local system or to a file share. If this parameter is set, the server kit will install this JRE automatically.
Enter the file path, on the local system or a file share, of the JBoss to install. The JBoss kit should be in zip file format. JBOSS can be either the community version the or Enterprise Application Platform (EAP).
IP address or host name of the NTP server to use to synchronize the server time.
Enter the full file path to the JCE policy zip file. You downloaded the jce_policy-6.zip file from the Oracle web site during the Identity Management pre-installation steps.
The server kit configures JBoss to use session cookies with secure and httpOnly attributes if two conditions are met:
1. property _secure_session_cookie is set to true in properties.sh:
_secure_session_cookie=true; export _secure_session_cookie
2. property _envBaseURL starts with https in properties.sh:
_envBaseURL=https://webserver.ca.com; export _envBaseURL
If both conditions are not met, the session cookie will be left as is. The server kit contains a script that can be used to reconfigure the session cookie based on these conditions at any time:
configSessionCookie.sh
This script reads the properties and either enables the attributes in the JBoss session cookie or disables them depending on the values of the two properties. A JBoss restart is then required for the settings to take effect.
The User Console does not work properly without HTTPS if configured with secure session cookies.
Note: This file is critical for upgrades. We recommend that you back up this file. This file contains passwords, so be sure to save it in a secure location.
Important! The original properties.sh file resides in a temp folder. If the server is shut down, the properties.sh file is discarded. Therefore, rename and back up this file before proceeding with any further installation or use of the system.
|
Copyright © 2013 CA.
All rights reserved.
|
|