Set the parameters for the Identity Management Server installation.
Follow these steps:
Leave as the default, VMWare.
Hostname of Oracle and PostgreSQL database server. For an Oracle RAC setup, use the RAC host name.
Database user with DBA privileges for Oracle and PostgreSQL. The default is caadmin. For an upgrade on Oracle, _oracle_schema_user is used if db_schema_user is not set.
Password for user defined by db_schema_user. If this property is blank on an upgrade from Oracle, _oracle_schema_password is used.
An Oracle database user with DBA and Connect privileges. This property remains for backwards compatibility with CA CloudMinder 1.5. If it is set and db_schema_user is not set, db_schema_user uses this value.
For upgrade, you can leave this unchanged or set it to the value used for _db_schema_user.
The password for the oracle_schema_user. This property remains for backwards compatibility with CA CloudMinder 1.5. If it is set and db_schema_password is not set, db_schema_password uses this value.
For upgrade, you can leave this unchanged or set it to the value used for _db_schema_password.
For Oracle, the SID or Service name (use the Service name for an Oracle RAC setup); for PostgreSQL, the default database name.
A user name for the Identity Management database. Create any user name.
A password you for the Identity Management Oracle or PostgreSQL database user. Create any password.
Table space name for the Identity Management Oracle or PostgreSQL database. Create any table space name.
Enter a name for the Oracle tablespace file for the Identity Management server, in one of the following formats.
<name_of_IM_tablespace_file>
<path_to_IM_tablespace_file>/<name_of_IM_tablespace_file.dbf>
The size of the table space for the Identity Management database. We recommend an initial size of 1000MB. This property is not used for PostgreSQL.
Enter the same user name you entered for _ps_db_user in the properties file for the first SiteMinder Policy Server instance. This property is used for Oracle and PostgreSQL.
Enter the same password you entered for _ps_db_password in the properties file for the first SiteMinder Policy Server instance. This property is used for Oracle and PostgreSQL.
Enter the same name you entered for _ps_tablespace_name in the properties file for the first SiteMinder Policy Server instance. This property is not used for PostgreSQL.
The default SiteMinder Policy Server user name.
Enter the same password you entered for _ps_admin_password in the properties file for the first SiteMinder Policy Server installation. This is the password for the default SiteMinder Policy Server user.
The name of the agent which the Identity Management Server uses to communicate with the SiteMinder Policy Server. For internal use. Leave as the default, camadmin.
A password you create for the agent used by the Identity Management Server to communicate with the SiteMinder Policy Server.
Enter the host address of the SiteMinder Policy Server load balancer VIP.
Set to the value "True" so that the Identity Management Server is installed with SiteMinder integration enabled.
Set to the value "True" to enable high availability installation of the Identity Management servers.
Set to the value "False" to disable high availability installation, for example, in a test environment.
Enter the name of the mail server that you want the Identity Management server to use for email notifications.
This is used for the sendmail configuration of the relay host. Leave blank or specify the local host.
Enter the return address that you want the Identity Management server to use for email.
A password used by JBoss cluster. Leave as the default setting or create any password.
Enter the host name of the server on which you are currently installing Identity Management.
Enter a JBoss ID for the Identity Management Server you are installing. Create any unique ID. We recommend a value of "1" for your first Identity Management instance, "2" for your second instance, etc.
Internal use only. Do not change.
Internal use only. Do not change.
Internal use only. Do not change.
Enter a unique name you create for this Identity Management cluster. Choose a different multicast groupname for each cluster you run.
All the Identity Management Servers in the cluster share the same value for this parameter. This can be any text string, but we recommend a short name, because it is included in every message sent around the cluster.
Enter a unique multicast address you create for this Identity Management cluster. Choose a different multicast address for each cluster you run.
All the Identity Management servers in the cluster share the same value for this parameter. By default, JBoss AS uses UDP multicast for most intra-cluster communication. Consider a multicast address of the form 239.255.x.y. See JBoss documentation for additional guidelines.
Set to the value "False" to install without FIPS mode. CA CloudMinder 1.5 does not currently support FIPS mode.
"/tmp"
Location of the FIPS key.
Leave as the default. CA CloudMinder 1.5 does not currently support FIPS mode.
Enter the same name you entered for _aa_db_user in the properties file for the first SiteMinder Policy Server instance. This is the advanced authentication database user name. If webfort is not used, set this property to the same value as _im_db_user. This property applies for both Oracle and PostgreSQL.
Enter the same name you entered for _aa_db_password in the properties file for the first SiteMinder Policy Server instance. This is the advanced authentication database user password. If webfort is not used, set this property to the same value as _im_db_password. This property applies for both Oracle and PostgreSQL.
Enter the same value you entered for impd_shared_secret in the properties file for the first Directory Server instance.
Enter the same value you entered for _provisioning_server_pwd in the properties file for the first Provisioning Server instance.
Enter the same value you entered for impd_shared_secret in the properties file for the first Directory Server instance.
Enter the same value you entered for _connector_server_pwd in the properties file for the first Provisioning Server instance.
Enter the host name where you installed the first (primary) SiteMinder Policy Server.
Enter 8080, or enter the CSP console Port if it is installed on a non-default port.
Internal use. Do not change.
Internal use. Do not change.
Set to the value "True" to enable SSL on the CSP console (use HTTPS).
Set to the value "False" to disable SSL on the CSP console (use HTTP).
Internal use. Do not change.
Internal use. Do not change.
Enter the base URL for your CA CloudMinder environment, in the following format:
<SPS>.<YOURDOMAIN>/iam/im
Where SPS is your Secure Proxy Server, and YOURDOMAIN is the domain address for your environment.
For example:
cloudminderspsvip1.forwardinc.com/iam/im
Enter all CA Directory host names in your environment, separated by commas.
Set this Hosting Container to specify Internal Base URL when you do not want the notifications from Provisioning Server to go to the Environment Base URL.
You can specify an internal Identity Management Server load balancer here. This load balancer is used as the Provisioning Server notification URL for any tenants deployed. Tenants deployed when no Internal Base URL has been specified have a Provisioning Server notification URL that is derived from the Environment Base URL.
Enter the same value as you entered for _dir_webservices_username in the properties file for the first CA Directory instance. Be sure to uncomment this parameter (remove # from the parameter name).
Enter the same value as you entered for _dir_webservices_password in the properties file for the first CA Directory instance. Be sure to uncomment this parameter (remove # from the parameter name).
Enter the same value as you entered for _dir_webservices_port in the properties file for the first CA Directory instance. Be sure to uncomment this parameter (remove # from the parameter name).
Enter the host names for all hosts with a DSA router in your installation, separated by commas.
For Example:
Identity Management Server1, Identity Management Server2, SiteMinder Policy Server1, SiteMinder Policy Server2, Provisioning Server1, Provisioning Server2
Leave as default, blank.
Leave as default, blank.
Leave as default, blank.
Enter the host names for all Provisioning Servers, separated by commas.
For Example:
Provisioning Server1, Provisioning Server2
Leave as default, blank.
Leave as default, blank.
Leave as default, blank.
Enter the host name of the first (primary) Provisioning Server.
Note: If the CA IAM Connector Server is on a separate server, enter the host name of the CA IAM Connector Server instead.
Enter the same password as you entered for _connector_server_pwd in the properties file for the first instance of the Provisioning Server. This is the password used to access the CA IAM Connector Server.
Enter the host name of the first (primary) Provisioning Server.
Enter the host name of the second (failover) Provisioning Server.
Internal use. Do not change.
Internal use. Do not change.
Internal use. Do not change.
Enter the same password you entered for _csp_dir_password in the properties file for the first SiteMinder Policy Server instance.
Enter the same host name you entered for _csp_dir_host in the properties file for the first SiteMinder Policy Server instance.
Enter the same password you entered for _csp_dir_port in the properties file for the first SiteMinder Policy Server instance.
Enter the host name for the first (primary) SiteMinder Policy Server.
Location of an existing 64-bit JRE if preinstalled. Set this parameter if you choose to install your JRE separately. In this case, symbolically link /opt/java64 to your JRE.
However, instead of installing a JRE separately, the system installer can do this automatically. We recommend that you download a JRE and allow the system to install it.
See the JAVA64_KIT parameter.
Location of a 64-bit JRE that you download to the local system or to a file share. If this parameter is set, the server kit will install this JRE automatically.
Enter the file path, on the local system or a file share, of the JBoss to install. The JBoss kit should be in zip file format. JBOSS can be either the community version or the Enterprise Application Platform (EAP).
IP address or host name of the NTP server to use to synchronize the server time.
Enter the full file path to the JCE policy zip file. You downloaded the jce_policy-6.zip file from the Oracle web site during the Identity Management pre-installation steps.
The server kit configures JBoss to use session cookies with secure and httpOnly attributes if two conditions are met:
1. property _secure_session_cookie is set to true in properties.sh:
_secure_session_cookie=true; export _secure_session_cookie
2. property _envBaseURL starts with https in properties.sh:
_envBaseURL=https://webserver.ca.com; export _envBaseURL
If both conditions are not met, the session cookie will be left as is. The server kit contains a script that can be used to reconfigure the session cookie based on these conditions at any time:
configSessionCookie.sh
This script reads the properties and either enables the attributes in the JBoss session cookie or disables them depending on the values of the two properties. A JBoss restart is then required for the settings to take effect.
The User Console does not work properly without HTTPS if configured with secure session cookies.
Note: This file is critical for upgrades. We recommend that you back up this file. This file contains passwords, so be sure to save it in a secure location.
Important! The original properties.sh file resides in a temp folder. If the server is shut down, the properties.sh file is discarded. Therefore, rename and back up this file before proceeding with any further installation or use of the system.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|