To use a JBoss or Tomcat Application Server in a CA SiteMinder® federated environment, deploy the FWS application on the application server.
The following illustration shows the deployment with JBOSS or Tomcat. On Systems 1 and 4, the Web Agent is installed with the JBOSS or Tomcat Connector for proxy support. SSL is enabled between the proxy and the application server. On Systems 2 and 5, FWS is deployed with the application server by way of the Web Agent Option Pack.
The process for deploying FWS is as follows:
The following sections detail each step in the process.
After you install the Web Agent Option Pack on a UNIX system, the installation program creates an environment script (ca-wa-opack-env.sh).
Source the environment script so the library path of the application server points to the location of the Web Agent Option Pack /bin directory.
Source the script by entering the following command at the command line:
. ./ca-wa-opack-env.sh
Setting the correct library path lets the option pack and the web or application server to work together.
After you source the script, the library path is set. The variable name for the library path differs depending on the operating system. Example of several library paths:
LD_LIBRARY_PATH=/webagent_option_pack_home/bin
SHLIB_PATH=/webagent_option_pack_home/bin
LIBPATH=/webagent_option_pack_home/bin
Important! The application server startup script can reset the library path. Ensure that the path to the Web Agent Option Pack is the first entry in the path.
The path to the Web Agent Option Pack environment script points to one of the following locations:
If you install the option pack on the same system as the web agent, the script resides in the web agent directory. For any UNIX installation, the default location is /web_agent_home/bin.
The FWS application requires the SmHost.conf file. However, the Web Agent Option Pack does not install this file, so you must create it.
/webagent_option_pack/bin
/webagent_option_pack/config
The FWS application requires the WebAgent.conf file. However, the Web Agent Option Pack does not install this file, so you must create it.
/webagent_option_pack/config
where,
Defines the installed location of the Web Agent Option Pack on System 2 and System 5.
The following sample shows a WebAgent.conf file for the FWS application:
# WebAgent.conf - configuration file for the Federation Web Services Application #agentname="agent_name, IP_address" HostConfigFile="/webagent_option_pack_home/config/SmHost.conf" AgentConfigObject="agent_config_object_name" EnableWebAgent="YES"
The AffWebServices.properties file contains all the initialization parameters for Federation Web Services. For deploying FWS, set only the parameter that specifies the location of the WebAgent.conf file.
Follow these steps:
web_agent_optionpack_home/affwebservices/WEB-INF/classes
C:\\Program Files\\CA\\webagent_optionpack\\config\\WebAgent.conf
Note: Federation Web Services is a Java component, so the Windows paths must contain double backslashes.
web_agent_optionpack_home/config/WebAgent.conf
sps_home\\proxy-engine\\conf\\defaultagent\\WebAgent.conf
sps_home/proxy-engine/conf/defaultagent/WebAgent.conf
For JBoss 6.1, there are two prerequisites before you can deploy FWS. The steps are required because the affwebservices war file fails to deploy by default.
To deploy the affwebservices war file:
If you are not using JBoss 6.1, go to Deploy an FWS WAR File (JBoss or Tomcat).
Update the Affwebservices Deployment Descriptor File
Edit the affwebservices deployment descriptor to add a few <context-param> entries.
Follow these steps:
<context-param> <param-name>resteasy.scan</param-name> <param-value>false</param-value> </context-param> <context-param> <param-name>resteasy.scan.resources</param-name> <param-value>false</param-value> </context-param> <context-param> <param-name>resteasy.scan.providers</param-name> <param-value>false</param-value> </context-param>
Create a module.xml File
To deploy the war file, create a directory in the JBoss container, associate the jars files, and create a module.xml file that describes the jar files.
Follow these steps:
com\rsa\cryptoj\main
<NETE_WA_ROOT>\affwebservices\WEB-INF\lib\
to
<JBOSS-HOME>\modules\com\rsa\cryptoj\main\
<JBOSS-HOME>\modules\com\rsa\cryptoj\main
<?xml version="1.0" encoding="UTF-8"?> <module xmlns="urn:jboss:module:1.0" name="com.rsa.cryptoj"> <resources> <resource-root path="cryptoj.jar"/> <resource-root path="certj.jar"/> <resource-root path="sslj.jar"/> </resources> <dependencies> <module name="sun.jdk"/> <module name="javax.api"/> </dependencies> </module>
You can deploy the affwebservices war file in the JBoss server.
Follow these steps:
/webagent_option_pack/affwebservices/.
jar cvf affwebservices.war *
For more information about deploying a Web application, see the documentation for your application server.
JBOSS_home/server/default/deploy/
JBOSS_home is the installed location of the JBOSS application server.
Note: For JBoss EAP 6.1, use the admin console to deploy the affwebservices.war file.
Important! For JBOSS, deploy affwebservices in an exploded state. Refer to
https://access.redhat.com/knowledge/solutions/34813.
Tomcat_home/webapps
Tomcat_home is the installed location of the Tomcat application server.
http://fqhn:port_number/affwebservices/assertionretriever
Represents the fully qualified host name and
Specifies the port number of the server where the Federation Web Services application is installed.
For example:
http://myhost.ca.com:81/affwebservices/assertionretriever
If FWS is operating correctly, the following message is displayed:
Assertion Retrieval Service has been successfully initialized. The requested servlet accepts only HTTP POST requests.
This message indicates that FWS is listening for data activity. The FWS application is now deployed for the application server.
When FWS is not operating correctly, a message states that the Assertion Retrieval Service has failed. If there is a failure, review the FWS log.
Note: For more information about enabling trace logging for the FWS application, see Trace Logging.
Copyright © 2014 CA.
All rights reserved.
|
|