Previous Topic: SNMP SupportNext Topic: Administrative UI High Availability


Installing the Administrative UI to an Existing Application Server

Administrative UI Installation Options

The Administrative UI requires an application server to run. As such, two installation options are available:

The following sections detail how to install the Administrative UI to an existing application server. For more information about the stand-alone installation, see Installing the Administrative UI.

More information:

Installing the Administrative UI

Administrative UI Installation Requirements

The following sections detail the minimum system and application server requirements for installing the Administrative UI to an existing application server infrastructure.

Administrative UI System Requirements

The Administrative UI host must meet the following minimum system requirements.

Note: For a list of supported CA and third-party components, refer to the CA SiteMinder® 12.52 Platform Support Matrix on the Technical Support site.

More information:

Locate the Platform Support Matrix

Verify Windows System Requirements

If you are installing the Administrative UI to an existing application server, verify that the Windows system meets the following minimum system requirements:

More information:

Locate the Platform Support Matrix

Verify UNIX System Requirements

If you are installing the Administrative UI to an existing application server, the UNIX system must meet the following minimum system requirements:

Application Server Requirements

The Administrative UI is a J2EE application and requires a supported application server. Be sure of the following:

Note: For a list of supported CA and third-party components, refer to the CA SiteMinder® 12.52 Platform Support Matrix on the Technical Support site.

More information:

Locate the Platform Support Matrix

JBoss

To prepare JBoss for Administrative UI installation, disable the HDScanner service.

Follow these steps:

  1. Navigate to jboss_home/server/server_profile/deploy.
    jboss_home

    Specifies the JBoss installation path.

    server_profile

    Specifies the name of the server profile deployed in the application server.

    Example: default

  2. Remove the following file to disable the service:

    hdscanner-jboss-beans.xml

WebLogic as an Application Server

The following sections provide basic instructions for using WebLogic as a CA SiteMinder® application server.

Install WebLogic

Install a version of a WebLogic server that is supported by CA SiteMinder®.

Note: More information on installing a WebLogic server exists in BEA's WebLogic server documentation.

Create a WebLogic Application Server Instance

Before installing the Administrative UI, create a WebLogic domain using the Configuration Wizard that is part of the WebLogic installation and do the following:

Verify the WebLogic Domain

Confirm the following:

Note: Once you have completed the verification, shut down the application server to prepare for the Administrative UI installation.

WebSphere as an Application Server

The following sections provide basic instructions for using WebSphere as a CA SiteMinder® application server.

Install WebSphere

Use the IBM documentation to install WebSphere.

Consider the following items when installing WebSphere:

Verify WebSphere is Working

Use the snoop utility provided by IBM to verify that WebSphere is installed correctly before installing the Administrative UI.

To verify WebSphere is working

  1. Enter http://<fqdn:port>/snoop to verify that WebSphere is installed correctly.

    Example: http:MyServer.MyCompany.com:9080/snoop.

    If WebSphere is installed correctly, Snoop Servlet—Request Client Information page is displayed in the browser.

  2. Enter http://<fqdn>/snoop to verify that the WebSphere application server plug-in is installed correctly.

    Example: http://MyServer.MyCompany.com/snoop

    If WebSphere is installed correctly, the same Snoop Servlet—Request Client Information page is displayed in the browser.

    You have verified that WebSphere is working properly.

Note: Contact IBM Technical Support for additional assistance with WebSphere.

Trusted Relationship with a Policy Server

A trusted relationship between the Administrative UI and a Policy Server is required to begin managing your environment. You establish this relationship the first–time you log in using the default CA SiteMinder® super user account (siteminder) and password. These credentials are stored in the policy store.

When you configure the policy store, you use the XPSRegClient utility to submit the super user credentials to the Policy Server. The Policy Server uses these credentials to verify that the registration request is valid and that the relationship can be created.

Note: If you used the Policy Server installer to configure the policy store automatically, the installer used the XPSRegClient utility to submit the credentials.

The time from which the credentials are supplied to when the initial Administrative UI login can occur is limited to 24 hours. Therefore, the process for installing the Administrative UI is determined by when the policy store is configured and the Administrative UI is installed.

Administrative UI Installation Checklist

Complete the following before you install the Administrative UI:

Note: For a list of supported CA and third-party components, refer to the CA SiteMinder® 12.52 Platform Support Matrix on the Technical Support site.

More information:

Locate the Platform Support Matrix

Application Server Requirements

Administrative UI System Requirements

How to Install the Administrative UI

Complete the following procedures to install the Administrative UI:

  1. Be sure that you have reviewed the installation checklist.
  2. (Linux) Review the required Linux libraries requirement.
  3. Gather application server information for the Administrative UI installer.
  4. Install the Administrative UI.
  5. Start the application server.
Required Linux Libraries

Certain library files are required for components operating on Linux operating environments. Failure to install the correct libraries can cause the following error:

java.lang.UnsatisfiedLinkError 

If you are installing, configuring, or upgrading a Linux version of this component, the following libraries are required on the host system:

Red Hat 5.x

compat–gcc-34-c++-3.4.6-patch_version.I386

Red Hat 6.x (32-bit)

libstdc++-4.4.6-3.el6.i686.rpm

To have the appropriate 32-bit C run–time library for your operating environment, install the previous rpm.

Red Hat 6.x (64-bit)

libXau-1.0.5-1.el6.i686.rpm

libxcb-1.5-1.el6.i686.rpm

libstdc++-4.4.6-4.el6.i686.rpm

compat-db42-4.2.52-15.el6.i686.rpm

compat-db43-4.3.29-15.el6.i686.rpm

libX11-1.3-2.el6.i686.rpm

libXrender-0.9.5-1.el6.i686.rpm

libexpat.so.1 (provided by expat-2.0.1-11.el6_2.i686.rpm)

libfreetype.so.6 (provided by freetype-2.3.11-6.el6_2.9.i686.rpm)

libfontconfig.so.1 (provided by fontconfig-2.8.0-3.el6.i686.rpm)

libICE-1.0.6-1.el6.i686.rpm

libuuid-2.17.2-12.7.el6.i686.rpm

libSM-1.1.0-7.1.el6.i686.rpm

libXext-1.1-3.el6.i686.rpm

compat-libstdc++-33-3.2.3-69.el6.i686.rpm

compat-db-4.6.21-15.el6.i686.rpm

libXi-1.3-3.el6.i686.rpm

libXtst-1.0.99.2-3.el6.i686.rpm

libXft-2.1.13-4.1.el6.i686.rpm

libXt-1.0.7-1.el6.i686.rpm

libXp-1.0.0-15.1.el6.i686.rpm

Gather Application Server Information

The Administrative UI installer requires specific information about the application server that is installed on the Administrative UI host system.

The following sections detail the required information depending on the type of application server.

Note: Worksheets are provided to help you gather and record required information before installing the Administrative UI.

JBoss Information

Gather the following information about JBoss before installing and registering the Administrative UI:

JBoss installation folder

The path to the folder where JBoss is installed.

JBoss URL

The fully qualified URL of the JBoss host system.

JDK

The installation location of the required JDK.

WebLogic Information

Gather the following information before installing and registering the Administrative UI:

WebLogic binary folder

The path to the WebLogic installation directory.

WebLogic domain folder

The path to the WebLogic domain you created for the Administrative UI.

WebLogic server name

The name of the WebLogic server on which the WebLogic domain is configured.

Application server URL and port

The fully qualified URL of the WebLogic host system.

JDK

The installation location of the required JDK.

WebSphere Information

Gather the following information about WebSphere before installing and registering the Administrative UI:

WebSphere installation folder

The full path to the folder in which WebSphere is installed.

WebSphere URL

The fully qualified URL of the WebSphere host system.

Server name

The name of the application server.

Profile name

The name of the profile being used for the Administrative UI.

Cell name

The name of the cell where the server is located.

Node name

The name of the node where the server is located.

JDK

The installation location of the required JDK.

Install the Administrative UI

The following sections detail how to install the Administrative UI to an existing application server infrastructure.

Before You Install

Consider the following items before you install the Administrative UI:

More information:

Installing the Administrative UI

Locate the Installation Media

How to Install the Administrative UI

Install the Administrative UI

Install the Administrative UI to your existing application server to provide a management console for all tasks that are related to access control, reporting, and policy analysis.

Follow these steps:

  1. Exit all applications that are running.
  2. Navigate to the installation media.
  3. Double-click installation_media.
    installation_media

    Specifies the Administrative UI installation executable.

    The installer starts.

    Note: For a list of installation media names, see the Policy Server Release Notes.

  4. Use your completed installation worksheet to enter the required values.
  5. Review the installation settings and click Install.

    The Administrative UI is installed.

    Note: You cannot use the Administrative UI to manage your environment until you have registered it with a Policy Server.

More information:

How to Register the Administrative UI

Installation Media Names

Install the Administrative UI Using a GUI

Install the Administrative UI to your existing application server to provide a management console for all tasks that are related to access control, reporting, and policy analysis.

Follow these steps:

  1. Exit all applications that are running in the foreground.
  2. Open a shell and navigate to the installation media.
  3. Enter the following command:
    ./installation_media gui
    
    installation_media

    Specifies the Administrative UI installation executable.

    The installer starts.

    Note: For a list of installation media names, see the Policy Server Release Notes.

  4. Use your completed installation worksheet to enter the required values.
  5. Review the installation settings and click Install.

    The Administrative UI is installed.

  6. Click Done and reboot the system.

    The Administrative UI is installed.

    Note: You cannot use the Administrative UI to manage your environment until you have registered it with a Policy Server.

Install the Administrative UI Using a UNIX Console

Install the Administrative UI to your existing application server to provide a management console for all tasks that are related to access control, reporting, and policy analysis.

Follow these steps:

  1. Exit all applications that are running in the foreground.
  2. Open a shell and navigate to the installation media.
  3. Enter the following command:
    ./installation_media -i console
    
    installation_media

    Specifies the Administrative UI installation executable.

    The installer starts.

    Note: For a list of installation media names, see the Policy Server Release Notes.

  4. Use your completed installation worksheet to enter the required values.
  5. Review the installation settings and press Enter.

    The Administrative UI is installed.

  6. Press Enter.

    The installer closes.

  7. Reboot the system.

    The Administrative UI is installed.

    Note: You cannot use the Administrative UI to manage your environment until you have registered it with a Policy Server.

How to Register the Administrative UI

Register the Administrative UI before you use it to manage your environment. Registering the Administrative UI creates a trusted connection between the Administrative UI and a Policy Server.

This process explains how to register an Administrative UI that you installed to an existing application server infrastructure. To register an Administrative UI you installed using the stand-alone option, see Installing the Administrative UI.

To register the Administrative UI, complete the following procedures:

  1. Reset the registration window.
  2. If necessary, create the FIPs environment variable.
  3. Start the application server.
  4. Register the Administrative UI.

More information:

Installing the Administrative UI

How to Register the Administrative UI

Reset the Administrative UI Registration Window

If either of the following actions occurred more than 24 hours ago, this step is required:

Note: (UNIX) Be sure that the CA SiteMinder® environment variables are set before you use XPSRegClient. If the environment variables are not set, set them manually.

Follow these steps:

  1. Log in to the Policy Server host system.
  2. Run the following command:
    XPSRegClient siteminder_administrator[:passphrase] -adminui-setup -t timeout -r retries -c comment -cp -l log_path -e error_path -vT -vI -vW -vE -vF
    
    siteminder_administrator

    Specifies a CA SiteMinder® administrator. If you are installing the Administrative UI as part of:

    • A new 12.52 environment, specify the following default account:
      siteminder
      
    • An upgrade, specify any CA SiteMinder® administrator account with super user permissions in the policy store. If you do not have a super user account in the policy store, use the smreg utility to create the default account.
    passphrase

    Specifies the password for the CA SiteMinder® administrator account.

    -adminui-setup

    Specifies that the Administrative UI is being registered with a Policy Server for the first–time.

    -t timeout

    (Optional) Specifies how long you have after you install the Administrative UI to log in for the time to complete the registration. The Policy Server denies the registration request when the timeout value is exceeded.

    Unit of measurement: minutes

    Default: 1440 (24 hours)

    Minimum limit: 1

    Maximum limit: 1440 (24 hours)

    -r retries

    (Optional) Specifies how many failed attempts are allowed when you are registering the Administrative UI. A failed attempt can result from submitting incorrect CA SiteMinder® administrator credentials when logging in to the Administrative UI for the first–time.

    Default: 1

    Maximum limit: 5

    -c comment

    (Optional) Inserts the specified comments into the registration log file for informational purposes.

    Note: Surround comments with quotes.

    -cp

    (Optional) Specifies that registration log file can contain multiple lines of comments. The utility prompts for multiple lines of comments and inserts the specified comments into the registration log file for informational purposes.

    Note: Surround comments with quotes.

    -l log path

    (Optional) Specifies where the registration log file must be exported.

    Default: siteminder_home\log

    siteminder_home

    Specifies the Policy Server installation path.

    -e error path

    (Optional) Sends exceptions to the specified path.

    Default: stderr

    -vT

    (Optional) Sets the verbosity level to TRACE.

    -vI

    (Optional) Sets the verbosity level to INFO.

    -vW

    (Optional) Sets the verbosity level to WARNING.

    -vE

    (Optional) Sets the verbosity level to ERROR.

    -vF

    (Optional) Sets the verbosity level to FATAL.

  3. Press Enter.

    The utility supplies the Policy Server with the administrator credentials. The Policy Server uses these credentials to verify the registration request when you log in to the Administrative UI for the first–time.

Create the FIPS Environment Variable

If your environment meets both of the following criteria, creating the FIPs environment variable is required to register the Administrative UI for the first–time:

Follow these steps:

  1. Complete one of the following steps:
  2. Set the following environment variable:

    CA_SM_PS_FIPS140=ONLY

    Note: For more information about setting environment variables, see your OS–specific documentation.

  3. Verify that Windows or the UNIX shells that runs the Administrative UI correctly recognizes the CA_SM_PS_FIPS140 variable.
Start the Application Server

If you installed the Administrative UI to an existing application server infrastructure, the following procedure applies. If you installed the Administrative UI using the stand-alone option, see Installing the Administrative UI.

Follow these steps:

  1. Complete one of the following steps:
  2. Complete one of the following steps:

    Important! Before running a CA SiteMinder® utility or executable on Windows Server 2008, open the command line window with administrator permissions. Open the command line window this way, even if your account has administrator privileges.

    The application server is started.

More information:

Installing the Administrative UI

Start the Application Server

Register the Administrative UI

You register the Administrative UI with a Policy Server to begin managing your environment.

Follow these steps:

  1. Complete one of the following steps:
  2. Enter the following value in the User Name field:
    siteminder
    
  3. Type the CA SiteMinder® superuser account password in the Password field.

    Note: If your superuser account password contains dollar‑sign ($) characters, replace each instance of the dollar-sign character with $DOLLAR$. For example, if the CA SiteMinder® superuser account password is $password, enter $DOLLAR$password in the Password field.

  4. Type the fully qualified Policy Server host name in the Server field.

    Consider the following items:

    The Administrative UI opens and is registered with the Policy Server.

More information:

Registration Not on File Error Appears

Stop the Application Server

If you installed the Administrative UI to an existing application server infrastructure, the following procedure applies. If you installed the Administrative UI using the stand-alone option, see Installing the Administrative UI.

To stop the application server

  1. Do one of the following:
  2. Do one of the following:

    The application server is stopped.

More information:

Installing the Administrative UI

Stop the Application Server

Administrator Credentials

By default, the Administrative UI uses the policy store as its source for CA SiteMinder® administrator credentials. You can configure the Administrative UI to use an external store, for example, a corporate directory.

Note: For more information about configuring an external administrator user store, see the Policy Server Configuration Guide.

More information:

How to Configure an External Administrator Store