Installation Guide › Configuration › Initial Configuration

Initial Configuration

Follow these steps after you have installed all components and have confirmed that all servers are running.

Follow these steps:

1. Perform the following steps on all Oracle and PostgreSQL servers:
   1. Edit the /etc/ntp.conf file

      Add "server <_ntp_server>" to the list of servers

      Where <_ntp_server> is the IP address of your NTP server.

   2. Restart the ntpd service as follows:

      service ntpd restart
      

   3. Enable the ntpd service as follows:

      chkconfig ntpd on

2. Increase the processes and sessions for the Oracle database servers as follows:
   1. Launch SQL Plus and connect as the Oracle system database administrator.
   2. Under SQL Plus, run the following commands:

      alter system set processes=500 scope=spfile;
      alter system set sessions=824 SCOPE=spfile;
      ALTER SYSTEM SET EVENT='44951 TRACE NAME CONTEXT FOREVER, LEVEL 1024' scope=spfile;
      shutdown immediate
      startup
      

3. To enable on the Oracle database transactions for Workpoint 3.5, execute the following commands, substituting an appropriate value for Identity Management user:

   ALTER SYSTEM SET JAVA_POOL_SIZE=120M scope=spfile;
   ALTER SYSTEM SET SHARED_POOL_SIZE=240M scope=spfile;
   create pfile from spfile;
   shutdown immediate;
   startup;
   @$ORACLE_HOME\javavm\install\initjvm.sql;
   @$ORACLE_HOME\javavm\install\initxa.sql;
   grant select,insert,update,delete on DBA_PENDING_TRANSACTIONS to Identity Management user;
   grant select,insert,update,delete on DBA_PENDING_TRANSACTIONS to system;
   shutdown immediate;
   startup;
   

   Note:You can ignore errors such as "ORA-29539: Java system classes already installed." However, you may receive a disconnect message from the database, This error is mostly observed while executing the following command:

   @$ORACLE_HOME\javavm\install\initjvm.sql;
   

   If you receive this error, continue with the next SQL command:

   @$ORACLE_HOME\javavm\install\initjvm.sql;
   

4. To enable on the PostgreSQL database transactions for Workpoint 3.5, perform the following steps:
   1. Execute the following commands:

      export POSTGRES_HOME=PostgreSQL Installation directory
      cd $POSTGRES_HOME/data
      

   2. Set max_connections to a value based on the number of users to be updated with the bulk loader task. The value should be greater than the number of connections you enable in your connection pool.
   3. Update postgresql.conf to set max_prepared_transactions to the max_connections value or higher.

      If you set max_prepared_transactions to 0, you disable transactions.

   4. Restart the database as follows:

      cd $POSTGRES_HOME/bin
      ./pg_ctl restart -D $POSTGRES_HOME/data -m fast
      

5. For high-availability deployments, on the second SiteMinder Policy Server system only, perform these steps:
   1. Edit the following file:

      /opt/CA/AdvancedAuth/conf/arcotcommon.ini

   2. Search for InstanceId=1
   3. Change the line to InstanceId=2
6. On all SiteMinder Policy Servers, restart Tomcat as follows:
   1. Navigate to /opt/CA/AdvancedAuth/Tomcat/bin
   2. (If Tomcat is already started) ./shutdown.sh
   3. ./startup.sh
7. Bootstrap the AuthMinder/RiskMinder/Advanced Authentication UDS service
   1. Connect to http://<SiteMinder Policy Server>:9090/arcotadmin/mabamlogin.htm using the default password: master1234!
   2. Change the default password to avoid any security loopholes.
   3. Create a global administrator for use later for configurations that are currently unavailable from the CSP console.

      Choose defaultorg as the organization and an appropriate username/password.

      Select the global administrator role, and the manages all organizations setting.

   4. Log out.
   5. Start webfort and riskfort, if they are not currently running, using the following commands. In a high-availability deployment, start these servers on both SiteMinder Policy Server systems.

      cd /opt/CA/AdvancedAuth/bin
      ./riskfortserver start
      ./webfortserver start
      

8. If you restarted the database in Step 1, restart webfort and riskfort on both SIteMinder Policy Servers.

   cd /opt/CA/AdvancedAuth/bin
   ./riskfortserver stop
   ./webfortserver stop
   ./riskfortserver start
   ./webfortserver start
   

9. For each Identity Managementserver running JBoss EAP, perform these steps:
   1. Edit the jmx-console-users.properties in this location:

      /opt/boss-eap-5.1.2/jboss-as/server/all/conf/props/
      

   2. Uncomment the "#admin=admin" line.
   3. Restart each Identity Managementserver in this manner:

      service im stop
      service im start  
      

10. If you installed a second policy server, set fix the CHS\TWS configuration as follows:
    1. Edit the following file:

       /opt/CA/AdvancedAuth/Tomcat/webapps/tenant-services/WEB-INF/classes/resources/config.properties
       

       Change IM_WEBSERVICE_HOST to the host of the second Identity Management server.

    2. Restart Tomcat on the second policy server as follows:

       /opt/CA/AdvancedAuth/Tomcat/bin/shutdown.sh
       /opt/CA/AdvancedAuth/Tomcat/bin/startup.sh
       

11. On each Identity Managementserver rnnning JBoss EAP, perform these steps:
    1. Restart each Identity Managementserver in this manner:

       service im stop
       service im start  
       

    2. Restart Tomcat on each policy server:

       /opt/CA/AdvancedAuth/Tomcat/bin/shutdown.sh
       /opt/CA/AdvancedAuth/Tomcat/bin/startup.sh