Previous Topic: SiteMinder WSS Agent for WebLogic Install PreparationNext Topic: Run the Installer to Install a SiteMinder WSS Agent


Install the SiteMinder WSS Agent for WebLogic on a Windows System

This section contains the following topics:

Set the JRE in the Path Variable

Apply the Unlimited Cryptography Patch to the JRE

Configure the JVM to Use the JSafeJCE Security Provider

Run the Installer to Install a SiteMinder WSS Agent

(Optional) Install a SiteMinder WSS Agent Using the Unattended Installer

Installation and Configuration Log Files

How to Configure Agents and Register a System as a Trusted Host

Uninstall a SiteMinder WSS Agent

Set the JRE in the Path Variable

Set the Java Runtime Environment (JRE) in the Windows path variable.

Follow these steps:

  1. Open the Windows Control Panel.
  2. Double-click System.
  3. Add the location of the Java Runtime Environment bin directory to the Path system variable in the Environment Variables dialog.

Apply the Unlimited Cryptography Patch to the JRE

Patch the Java Runtime Environment (JRE) used by the Agent to support unlimited key strength in the Java Cryptography Extension (JCE) package. The patches for all supported platforms are available from the Oracle website.

The files that need to be patched are:

The local_policy.jar and US_export_policy.jar files can found be in the following locations:

jre_home

Defines the location of your Java Runtime Environment installation.

Note: If WebLogic has been configured to use its own JRE then you must also patch the JRE used by WebLogic to support unlimited key strength in the Java Cryptography Extension (JCE) package.

Configure the JVM to Use the JSafeJCE Security Provider

The SiteMinder WSS Agent XML encryption function requires that the JVM is configured to use the JSafeJCE security provider.

Follow these steps:

  1. Add a security provider entry for JSafeJCE (com.rsa.jsafe.provider.JsafeJCE) to the java.security file located in the following location:
    JRE_HOME

    Is the installed location of the JRE used by the application server.

    In the following example, the JSafeJCE security provider entry has been added as the second security provider:

    security.provider.1=sun.security.provider.Sun
    security.provider.2=com.rsa.jsafe.provider.JsafeJCE
    security.provider.3=sun.security.rsa.SunRsaSign
    security.provider.4=com.sun.net.ssl.internal.ssl.Provider
    security.provider.5=com.sun.crypto.provider.SunJCE
    security.provider.6=sun.security.jgss.SunProvider
    security.provider.7=com.sun.security.sasl.Provider
    

    Note: If using the IBM JRE, always configure the JSafeJCE security provider immediately after (that is with a security provider number one higher than) the IBMJCE security provider (com.ibm.crypto.provider.IBMJCE)

  2. Add the following line to JRE_HOME\lib\security\java.security (Windows) or JRE_HOME/lib/security/java.security (UNIX) to set the initial FIPS mode of the JsafeJCE security provider:
    com.rsa.cryptoj.fips140initialmode=NON_FIPS140_MODE
    

    Note: The initial FIPS mode does not affect the final FIPS mode you select for the SiteMinder WSS Agent.