Previous Topic: Initial ConfigurationNext Topic: High Availability: Load Balancing

Installation GuideInitial ConfigurationServer Configuration

Server Configuration

Follow these steps after you have installed all components and you have confirmed that all servers are running.

Follow these steps:

  1. For high-availability deployments, perform these steps on the second SiteMinder Policy Server system only:
    1. Edit the following file:

      /opt/CA/AdvancedAuth/conf/arcotcommon.ini

    2. Search for InstanceId=1
    3. Change the line to InstanceId=2
  2. On all SiteMinder Policy Servers, restart Tomcat as follows:
    1. Navigate to /opt/CA/AdvancedAuth/Tomcat/bin
    2. (If Tomcat is already started) ./shutdown.sh
    3. ./startup.sh
  3. Bootstrap the AuthMinder/RiskMinder/Advanced Authentication UDS service:
    1. Connect to http://<SiteMinder Policy Server>:9090/arcotadmin/mabamlogin.htm using the default password: master1234!
    2. Change the default password to avoid any security loopholes.
    3. Create a global administrator for use later for configurations that are currently unavailable from the CSP console.

      Choose defaultorg as the organization and an appropriate username/password.

      Select the global administrator role, and the following setting: manages all organizations.

    4. Log out.
    5. Start webfort and riskfort, if they are not currently running, using the following commands. In a high-availability deployment, start these servers on both SiteMinder Policy Server systems. 
      cd /opt/CA/AdvancedAuth/bin
./riskfortserver start
./webfortserver start
  4. If you restarted the database in Step 1, restart webfort and riskfort on both SiteMinder Policy Servers: 
    cd /opt/CA/AdvancedAuth/bin
./riskfortserver stop
./webfortserver stop
./riskfortserver start
./webfortserver start
  5. For each Identity Managementserver running JBoss EAP, perform these steps:
    1. Edit the jmx-console-users.properties in this location: 
      /opt/boss-eap-5.1.2/jboss-as/server/all/conf/props/
    2. Uncomment the "#admin=admin" line.
    3. Restart each Identity Management server in this manner: 
      service im stop
service im start
  6. If you installed a second policy server, set fix the CHS\TWS configuration as follows:
    1. Edit the following file: 
      /opt/CA/AdvancedAuth/Tomcat/webapps/tenant-services/WEB-INF/classes/resources/config.properties

      Change IM_WEBSERVICE_HOST to the host of the second Identity Management server.

    2. Restart Tomcat on the second policy server as follows: 
      /opt/CA/AdvancedAuth/Tomcat/bin/shutdown.sh
/opt/CA/AdvancedAuth/Tomcat/bin/startup.sh
  7. On each Identity Management server rnnning JBoss EAP, perform these steps:
    1. Restart each Identity Management server in this manner: 
      service im stop
service im start
    2. Restart Tomcat on each policy server: 
      /opt/CA/AdvancedAuth/Tomcat/bin/shutdown.sh
/opt/CA/AdvancedAuth/Tomcat/bin/startup.sh