Previous Topic: SiteMinder WSS Agent for IBM WebSphere Install PreparationNext Topic: (Optional) Install a SiteMinder WSS Agent Using the Unattended Installer

Web Services Security GuidesCA SiteMinder WSS Agent for IBM WebSphere GuideInstall the SiteMinder WSS Agent for WebSphere on a Windows System

Install the SiteMinder WSS Agent for WebSphere on a Windows System

This section contains the following topics:

Set the JRE in the Path Variable

Apply the Unlimited Cryptography Patch to the JRE for SiteMinder WSS Agents

Configure the JVM to Use the JSafeJCE Security Provider

Run the Installer to Install a SiteMinder WSS Agent

(Optional) Install a SiteMinder WSS Agent Using the Unattended Installer

Copy cryptojFIPS.jar to the WebSphere JRE

Installation and Configuration Log Files

How to Configure Agents and Register a System as a Trusted Host

Uninstall a SiteMinder WSS Agent

Set the JRE in the Path Variable

Set the Java Runtime Environment (JRE) in the Windows path variable.

Follow these steps:

  1. Open the Windows Control Panel.
  2. Double-click System.
  3. Add the location of the Java Runtime Environment bin directory to the Path system variable in the Environment Variables dialog.

Apply the Unlimited Cryptography Patch to the JRE for SiteMinder WSS Agents

Patch the Java Runtime Environment (JRE) used by the SiteMinder WSS Agent to support unlimited key strength in the Java Cryptography Extension (JCE) package.

The WebSphere JRE is based on Sun's JRE on the Solaris platform; this patch is available at Sun's website. The patch for other platforms is available at IBM's website. See the IBM documentation for more details.

The files that need to be patched are:

The local_policy.jar and US_export_policy.jar files can found be in the following locations:

Configure the JVM to Use the JSafeJCE Security Provider

The SiteMinder WSS Agent XML encryption function requires that the JVM is configured to use the JSafeJCE security provider.

Follow these steps:

  1. Add a security provider entry for JSafeJCE (com.rsa.jsafe.provider.JsafeJCE) to the java.security file located in the following location:
    JRE_HOME

    Is the installed location of the JRE used by the application server.

    In the following example, the JSafeJCE security provider entry has been added as the second security provider:

    security.provider.1=sun.security.provider.Sun
security.provider.2=com.rsa.jsafe.provider.JsafeJCE
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider

    Note: If using the IBM JRE, always configure the JSafeJCE security provider immediately after (that is with a security provider number one higher than) the IBMJCE security provider (com.ibm.crypto.provider.IBMJCE)

  2. Add the following line to JRE_HOME\lib\security\java.security (Windows) or JRE_HOME/lib/security/java.security (UNIX) to set the initial FIPS mode of the JsafeJCE security provider: 
    com.rsa.cryptoj.fips140initialmode=NON_FIPS140_MODE

    Note: The initial FIPS mode does not affect the final FIPS mode you select for the SiteMinder WSS Agent.

Run the Installer to Install a SiteMinder WSS Agent

Install the SiteMinder WSS Agent using the CA SiteMinder WSS installation media on the Technical Support site.

Follow these steps:

  1. Exit all applications that are running.
  2. Navigate to the installation material.
  3. Double-click ca-sm-wss-12.51-cr-win32.exe.
    cr

    Specifies the cumulative release number. The base 12.51 release does not include a cumulative release number.

    The CA SiteMinder WSS installation wizard starts.

    Important! If you are running this wizard on Windows Server 2008, run the executable file with Administrator permissions, even if you are logged into the system as an Administrator. For more information, see the CA SiteMinder WSS Release Notes.

  4. Use gathered system and component information to install the SiteMinder WSS Agent. Consider the following when running the installer:
  5. Review the information presented on the Pre-Installation Summary page, then click Install.

    Note: If the installation program detects that newer versions of certain system DLLs are installed on your system it asks if you want to overwrite these newer files with older files. Select No To All if you see this message.

    The SiteMinder WSS Agent files are copied to the specified location.

  6. On the CA SiteMinder WSS Configuration screen, click one of the following options and click Next:

    If the installation program detects that there are locked Agent files, it prompts you to restart your system instead of reconfiguring it. Select whether to restart the system automatically or later on your own.

  7. Click Done.

    If you selected the option to configure SiteMinder WSS Agents now, the installation program prepares the CA SiteMinder WSS Configuration Wizard and begins the trusted host registration and configuration process.

    If you installed a SiteMinder WSS Agent or Agents and did not select the option to configure SiteMinder WSS Agents now or if you are required to reboot the system after installation you must start the configuration wizard manually later.

Installation Notes:

More information:

How to Configure Agents and Register a System as a Trusted Host

Copy cryptojFIPS.jar to the WebSphere JRE