You can install the Administrative UI on an existing application server. The Administrative UI installer prompts you for application server-specific information and the location of the required JDK. Verify that the Administrative UI host system meets all system and third–party component requirements before starting the installation.
The following sections detail the minimum system and application server requirements for installing the Administrative UI to an existing application server infrastructure.
The Administrative UI host must meet the following minimum system requirements.
Note: For a list of supported CA and third-party components, refer to the CA SiteMinder® 12.52 SP1 Platform Support Matrix on the Technical Support site.
If you are installing the Administrative UI to an existing application server, verify that the Windows system meets the following minimum system requirements:
Note: If you are running WebSphere, 2 GB of system RAM is required.
Note: If you are running WebSphere, 2 GB of available disk space is required.
If you are installing the Administrative UI to an existing application server, the UNIX system must meet the following minimum system requirements:
Note:The Red Hat 6 operating system relies on entropy for performance. Increase entropy before installing the component. Without sufficient entropy, the installation can take an exceedingly long time to complete. Use the following command to set a symbolic link:
mv /dev/random /dev/random.org ln -s /dev/urandom /dev/random
Note: If you are running WebSphere, 2 GB of system RAM is required.
Note: If you are running WebSphere, 2 GB of available disk space is required.
Note: If your application server runs on a Red Hat Linux operating system, install unlimited cryptography jar files for an IBM JDK when installing the Administrative UI.
The Administrative UI is a J2EE application and requires a supported application server. Be sure of the following:
Note: For a list of supported CA and third-party components, refer to the CA SiteMinder® 12.52 SP1 Platform Support Matrix on the Technical Support site.
To prepare JBoss for Administrative UI installation, disable the HDScanner service.
Follow these steps:
Specifies the JBoss installation path.
Specifies the name of the server profile deployed in the application server.
Example: default
hdscanner-jboss-beans.xml
The following sections provide basic instructions for using WebLogic as a CA SiteMinder® application server.
Install WebLogic
Install a version of a WebLogic server that is supported by CA SiteMinder®.
Note: More information on installing a WebLogic server exists in BEA's WebLogic server documentation.
Create a WebLogic Application Server Instance
Before installing the Administrative UI, create a WebLogic domain using the Configuration Wizard that is part of the WebLogic installation and do the following:
Specifies the WebLogic server installation path.
Specifies the name of the WebLogic domain you created.
Verify the WebLogic Domain
Confirm the following:
Example: http://myserver.mycompany.com:7001/console
Note: Once you have completed the verification, shut down the application server to prepare for the Administrative UI installation.
The following sections provide basic instructions for using WebSphere as a CA SiteMinder® application server.
Install WebSphere
Use the IBM documentation to install WebSphere.
Consider the following items when installing WebSphere:
Note: For more information, see the IBM documentation.
Verify WebSphere is Working
Use the snoop utility provided by IBM to verify that WebSphere is installed correctly before installing the Administrative UI.
To verify WebSphere is working
Example: http:MyServer.MyCompany.com:9080/snoop.
If WebSphere is installed correctly, Snoop Servlet—Request Client Information page is displayed in the browser.
Example: http://MyServer.MyCompany.com/snoop
If WebSphere is installed correctly, the same Snoop Servlet—Request Client Information page is displayed in the browser.
You have verified that WebSphere is working properly.
Note: Contact IBM Technical Support for additional assistance with WebSphere.
The first time you log in to the Administrative UI using the default super user account (siteminder) and password, you establish a trusted relationship between the Administrative UI and a Policy Server. This relationship is required to manage your environment.
The super user account credentials are stored in the policy store. If you configure one of the default policy stores during the Policy Server installation, the installer submits these credentials automatically. If you configure the policy store independent of the Policy Server installation, use the XPSRegClient utility to submit the credentials to the Policy Server. The Policy Server uses these credentials to verify that the registration request is valid and that the relationship can be created.
Important! A 24-hour limit exists between the time the super user account credentials are submitted to the policy store and when the administrator logs in to the Administrative UI. If the credentials were set more than 24 hours before the initial log in to the Administrative UI, reset the credentials using the XPSRegClient utility.
Complete the following before you install the Administrative UI:
If the policy store was configured more than 24 hours ago, use the XPSRegClient utility to submit the default CA SiteMinder® super user account credentials to the Policy Server before installing the Administrative UI. The Policy Server requires these credentials to create a trusted relationship with the Administrative UI.
Note: For a list of supported CA and third-party components, refer to the CA SiteMinder® 12.52 SP1 Platform Support Matrix on the Technical Support site.
Complete the following procedures to install the Administrative UI:
Certain library files are required for components operating on Linux operating environments. Failure to install the correct libraries can cause the following error:
java.lang.UnsatisfiedLinkError
If you are installing, configuring, or upgrading a Linux version of this component, the following libraries are required on the host system:
compat–gcc-34-c++-3.4.6-patch_version.I386
libstdc++-4.4.6-3.el6.i686.rpm
To have the appropriate 32-bit C run–time library for your operating environment, install the previous rpm.
libXau-1.0.5-1.el6.i686.rpm
libxcb-1.5-1.el6.i686.rpm
libstdc++-4.4.6-4.el6.i686.rpm
compat-db42-4.2.52-15.el6.i686.rpm
compat-db43-4.3.29-15.el6.i686.rpm
libX11-1.3-2.el6.i686.rpm
libXrender-0.9.5-1.el6.i686.rpm
libexpat.so.1 (provided by expat-2.0.1-11.el6_2.i686.rpm)
libfreetype.so.6 (provided by freetype-2.3.11-6.el6_2.9.i686.rpm)
libfontconfig.so.1 (provided by fontconfig-2.8.0-3.el6.i686.rpm)
libICE-1.0.6-1.el6.i686.rpm
libuuid-2.17.2-12.7.el6.i686.rpm
libSM-1.1.0-7.1.el6.i686.rpm
libXext-1.1-3.el6.i686.rpm
compat-libstdc++-33-3.2.3-69.el6.i686.rpm
compat-db-4.6.21-15.el6.i686.rpm
libXi-1.3-3.el6.i686.rpm
libXtst-1.0.99.2-3.el6.i686.rpm
libXft-2.1.13-4.1.el6.i686.rpm
libXt-1.0.7-1.el6.i686.rpm
libXp-1.0.0-15.1.el6.i686.rpm
The Administrative UI installer requires specific information about the application server that is installed on the Administrative UI host system.
The following sections detail the required information depending on the type of application server.
Note: Worksheets are provided to help you gather and record required information before installing the Administrative UI.
Gather the following information about JBoss before installing and registering the Administrative UI:
The path to the folder where JBoss is installed.
The fully qualified URL of the JBoss host system.
The installation location of the required JDK.
Gather the following information before installing and registering the Administrative UI:
The path to the WebLogic installation directory.
The path to the WebLogic domain you created for the Administrative UI.
The name of the WebLogic server on which the WebLogic domain is configured.
The fully qualified URL of the WebLogic host system.
The installation location of the required JDK.
Gather the following information about WebSphere before installing and registering the Administrative UI:
The full path to the folder in which WebSphere is installed.
The fully qualified URL of the WebSphere host system.
The name of the application server.
The name of the profile being used for the Administrative UI.
The name of the cell where the server is located.
The name of the node where the server is located.
The installation location of the required JDK.
The following sections detail how to install the Administrative UI to an existing application server infrastructure.
Consider the following items before you install the Administrative UI:
Note: For a list of installation media names, see the Policy Server Release Notes.
mv /dev/random /dev/random.org ln -s /dev/urandom /dev/random
chmod -R+x directory
Specifies the directory that contains the installation media.
Install the Administrative UI to your existing application server to provide a management console for all tasks that are related to access control, reporting, and policies.
Follow these steps:
Specifies the Administrative UI installation executable.
The installer starts.
Note: For a list of installation media names, see the Policy Server Release Notes.
The Administrative UI is installed.
Note: You cannot use the Administrative UI to manage your environment until you have registered it with a Policy Server.
Install the Administrative UI to your existing application server to provide a management console for all tasks that are related to access control, reporting, and policy analysis.
Follow these steps:
./installation_media gui
Specifies the Administrative UI installation executable.
The installer starts.
Note: For a list of installation media names, see the Policy Server Release Notes.
The Administrative UI is installed.
The Administrative UI is installed.
Note: You cannot use the Administrative UI to manage your environment until you have registered it with a Policy Server.
Install the Administrative UI to your existing application server to provide a management console for all tasks that are related to access control, reporting, and policy analysis.
Follow these steps:
./installation_media -i console
Specifies the Administrative UI installation executable.
The installer starts.
Note: For a list of installation media names, see the Policy Server Release Notes.
The Administrative UI is installed.
The installer closes.
The Administrative UI is installed.
Note: You cannot use the Administrative UI to manage your environment until you have registered it with a Policy Server.
Register the Administrative UI before you use it to manage your environment. Registering the Administrative UI creates a trusted connection between the Administrative UI and a Policy Server.
This process explains how to register an Administrative UI that you installed to an existing application server infrastructure. To register an Administrative UI you installed using the stand-alone option, see Installing the Administrative UI.
Follow these steps:
If either of the following actions occurred more than 24 hours ago, this step is required:
Note: (UNIX) Be sure that the CA SiteMinder® environment variables are set before you use XPSRegClient. If the environment variables are not set, set them manually.
Follow these steps:
XPSRegClient siteminder_administrator[:passphrase] -adminui-setup -t timeout -r retries -c comment -cp -l log_path -e error_path -vT -vI -vW -vE -vF
Specifies a CA SiteMinder® administrator. If you are installing the Administrative UI as part of:
siteminder
Specifies the password for the CA SiteMinder® administrator account.
Specifies that the Administrative UI is being registered with a Policy Server for the first–time.
(Optional) Specifies how long you have after you install the Administrative UI to log in for the time to complete the registration. The Policy Server denies the registration request when the timeout value is exceeded.
Unit of measurement: minutes
Default: 1440 (24 hours)
Minimum limit: 1
Maximum limit: 1440 (24 hours)
(Optional) Specifies how many failed attempts are allowed when you are registering the Administrative UI. A failed attempt can result from submitting incorrect CA SiteMinder® administrator credentials when logging in to the Administrative UI for the first–time.
Default: 1
Maximum limit: 5
(Optional) Inserts the specified comments into the registration log file for informational purposes.
Note: Surround comments with quotes.
(Optional) Specifies that registration log file can contain multiple lines of comments. The utility prompts for multiple lines of comments and inserts the specified comments into the registration log file for informational purposes.
Note: Surround comments with quotes.
(Optional) Specifies where the registration log file must be exported.
Default: siteminder_home\log
siteminder_home
Specifies the Policy Server installation path.
(Optional) Sends exceptions to the specified path.
Default: stderr
(Optional) Sets the verbosity level to TRACE.
(Optional) Sets the verbosity level to INFO.
(Optional) Sets the verbosity level to WARNING.
(Optional) Sets the verbosity level to ERROR.
(Optional) Sets the verbosity level to FATAL.
The utility supplies the Policy Server with the administrator credentials. The Policy Server uses these credentials to verify the registration request when you log in to the Administrative UI for the first–time.
If your environment meets both of the following criteria, creating the FIPs environment variable is required to register the Administrative UI for the first–time:
Follow these steps:
CA_SM_PS_FIPS140=ONLY
Note: For more information about setting environment variables, see your OS–specific documentation.
If you installed the Administrative UI to an existing application server infrastructure, the following procedure applies. If you installed the Administrative UI using the stand-alone option, see Installing the Administrative UI.
Follow these steps:
jboss_home
Specifies the JBoss installation path.
domains
Specifies the path of the WebLogic domain you created for the Administrative UI.
Example: C:\bea\user_projects\domains\mydomain
profile
Specifies the path of the WebSphere profile name you created for the Administrative UI.
Example: C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSvr01\bin
Important! Before running a CA SiteMinder® utility or executable on Windows Server 2008, open the command-line window with administrator permissions. Open the command-line window this way, even if your account has administrator privileges.
run.bat
run.sh
startWebLogic.cmd
startWebLogic.sh
startServer.bat identifier
startServer.sh identifier
identifier
Specifies the identifier for the WebSphere installation.
Example: startServer.bat Server1
The application server is started.
You register the Administrative UI with a Policy Server to begin managing your environment.
Follow these steps:
host:port/iam/siteminder/adminui
Note: If the host system does not have a web browser, you can remotely access the login screen.
Specifies the fully qualified Administrative UI host system name.
Specifies the port on which JBoss listens for HTTP requests.
The CA SiteMinder® Administrative UI login screen appears.
siteminder
Note: If your superuser account password contains dollar‑sign ($) characters, replace each instance of the dollar-sign character with $DOLLAR$. For example, if the CA SiteMinder® superuser account password is $password, enter $DOLLAR$password in the Password field.
Consider the following items:
The Administrative UI opens and is registered with the Policy Server.
If you installed the Administrative UI to an existing application server infrastructure, the following procedure applies. If you installed the Administrative UI using the stand-alone option, see Installing the Administrative UI.
To stop the application server
profile
Specifies the path of the WebSphere profile name you created for the Administrative UI
Example: C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSvr01\bin
Ctrl+c.
Ctrl+c.
Important! Before running a CA SiteMinder® utility or executable on Windows Server 2008, open the command-line window with administrator permissions. Open the command-line window this way, even if your account has administrator privileges.
identifier
Specifies the identifier for the WebSphere installation.
Example: stopServer.bat Server1
The application server is stopped.
By default, the Administrative UI uses the policy store as its source for CA SiteMinder® administrator credentials. You can configure the Administrative UI to use an external store, for example, a corporate directory.
Note: For more information about configuring an external administrator user store, see the Policy Server Configuration Guide.
Copyright © 2014 CA.
All rights reserved.
|
|