Previous Topic: SiteMinder WSS Agent for IBM WebSphere Install PreparationNext Topic: How to Configure Agents and Register a System as a Trusted Host

Web Services Security GuidesCA SiteMinder® Web Services Security Agent for IBM WebSphere GuideInstall the SiteMinder WSS Agent for WebSphere on a Windows System

Install the SiteMinder WSS Agent for WebSphere on a Windows System

This section contains the following topics:

Set the JRE in the Path Variable

Apply the Unlimited Cryptography Patch to the JRE for SiteMinder WSS Agents

Configure the JVM to Use the JSafeJCE Security Provider

Run the Installer to Install a SiteMinder WSS Agent

Install a SiteMinder WSS Agent Using the Unattended Installer

Copy cryptojFIPS.jar to the WebSphere JRE

Installation and Configuration Log Files

How to Configure Agents and Register a System as a Trusted Host

Uninstall the SiteMinder WSS Agent

Set the JRE in the Path Variable

Set the Java Runtime Environment (JRE) in the Windows path variable.

Follow these steps:

  1. Open the Windows Control Panel.
  2. Double-click System.
  3. Add the location of the JRE to the Path system variable in the Environment Variables dialog.

Apply the Unlimited Cryptography Patch to the JRE for SiteMinder WSS Agents

Patch the Java Runtime Environment (JRE) used by the SiteMinder WSS Agent to support unlimited key strength in the Java Cryptography Extension (JCE) package.

The WebSphere JRE is based on Sun's JRE on the Solaris platform; this patch is available at Sun's website. The patch for other platforms is available at IBM's website. See the IBM documentation for more details.

The files that need to be patched are:

The local_policy.jar and US_export_policy.jar files can found be in the following locations:

Configure the JVM to Use the JSafeJCE Security Provider

The SiteMinder WSS Agent XML encryption function requires that the JVM is configured to use the JSafeJCE security provider.

Follow these steps:

  1. Add a security provider entry for JSafeJCE (com.rsa.jsafe.provider.JsafeJCE) to the java.security file located in the following location:
    JVM_HOME

    Is the installed location of the JVM used by the application server.

    In the following example, the JSafeJCE security provider entry has been added as the second security provider:

    security.provider.1=sun.security.provider.Sun
security.provider.2=com.rsa.jsafe.provider.JsafeJCE
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider

    Note: If using the IBM JRE, always configure the JSafeJCE security provider immediately after (that is with a security provider number one higher than) the IBMJCE security provider (com.ibm.crypto.provider.IBMJCE)

  2. Add the following line to JVM_HOME\jre\lib\security\java.security (Windows) or JVM_HOME/jre/lib/security/java.security (UNIX) to set the initial FIPS mode of the JsafeJCE security provider: 
    com.rsa.cryptoj.fips140initialmode=NON_FIPS140_MODE

    Note: The initial FIPS mode does not affect the final FIPS mode you select for the SiteMinder WSS Agent.

Run the Installer to Install a SiteMinder WSS Agent

Install the SiteMinder WSS Agent using the CA SiteMinder® Web Services Security installation media on the Technical Support site.

Follow these steps:

  1. Exit all applications that are running.
  2. Navigate to the installation material.
  3. Double-click ca-sm-wss-12.52-cr-win32.exe.
    cr

    Specifies the cumulative release number. The base 12.52 release does not include a cumulative release number.

    The CA SiteMinder® Web Services Security installation wizard starts.

    Important! If you are running this wizard on Windows Server 2008, run the executable file with Administrator permissions, even if you are logged into the system as an Administrator. For more information, see the CA SiteMinder® Web Services Security Release Notes.

  4. Use gathered system and component information to install the SiteMinder WSS Agent. Consider the following when running the installer:
  5. Review the information presented on the Pre-Installation Summary page, then click Install.

    Note: If the installation program detects that newer versions of certain system DLLs are installed on your system it asks if you want to overwrite these newer files with older files. Select No To All if you see this message.

    The SiteMinder WSS Agent files are copied to the specified location.

  6. On the CA SiteMinder® Web Services Security Configuration screen, click one of the following options and click Next:

    If the installation program detects that there are locked Agent files, it prompts you to restart your system instead of reconfiguring it. Select whether to restart the system automatically or later on your own.

  7. Click Done.

    If you selected the option to configure SiteMinder WSS Agents now, the installation program prepares the CA SiteMinder® Web Services Security Configuration Wizard and begins the trusted host registration and configuration process.

    If you installed a SiteMinder WSS Agent or Agents and did not select the option to configure SiteMinder WSS Agents now or if you are required to reboot the system after installation you must start the configuration wizard manually later.

Installation Notes:

More information:

How to Configure Agents and Register a System as a Trusted Host

Copy cryptojFIPS.jar to the WebSphere JRE

Install a SiteMinder WSS Agent Using the Unattended Installer

After you have installed one or more SiteMinder WSS Agents on one machine, you can reinstall those agents on the same machine or install them with the same options on another machine using an unattended installation mode. An unattended installation lets you install or uninstall SiteMinder WSS Agents without any user interaction

The unattended installation uses the ca-wss-installer.properties file generated during the initial install from the information you specified to define the necessary installation parameters, passwords, paths, and so on.

The ca-wss-installer.properties file is located in: WSS_Home\install_config_info

WSS_Home

Specifies the path to where CA SiteMinder® Web Services Security is installed.

Default: C:\Program Files\CA\Web Services Security

To run the installer in the unattended installation mode

  1. From a system where CA SiteMinder® Web Services Security is already installed, copy the ca-wss-installer.properties file to a local directory on your system.
  2. Copy the SiteMinder WSS Agent installer file (ca-sm-wss-<SVMVER>-cr-win32.exe) into the same local directory as the ca-wss-installer.properties file.
    cr

    Specifies the cumulative release number. The base 12.52 release does not include a cumulative release number.

  3. Open a console window and navigate to the location where you copied the files.
  4. Run the following command: 
    ca-sm-wss-<SVMVER>-cr-win32.exe -f ca-wss-installer.properties -i silent

    Important! If you are running this wizard on Windows Server 2008, run the executable file with Administrator permissions, even if you are logged into the system as an Administrator. For more information, see the CA SiteMinder® Web Services Security Release Notes.

    The -i silent setting instructs the installer to run in the unattended installation mode.

    Note: If the ca-wss-installer.properties file is not in the same directory as the installation program, use double quotes if the argument contains spaces.

    Example:

    ca-sm-wss-<SVMVER>-cr-win32.exe -f "C:\Program Files\CA\Web Services Security\install_config_info\ca-wss-installer.properties" -i silent

    An InstallAnywhere status bar appears, which shows that the unattended CA SiteMinder® Web Services Security installer has begun. The installer uses the parameters specified in the ca-wss-installer.properties file.

Installation Notes:

Copy cryptojFIPS.jar to the WebSphere JRE

If the installer displays a warning message stating that the cryptojFIPS.jar file is not present in the WebSphere JRE, you must manually copy the file into that location before you register the SiteMinder WSS Agent.

Copy cryptojFIPS.jar from the following location in the SiteMinder WSS Agent installation:

To the following location in the WebSphere installation:

Installation and Configuration Log Files

To check the results of the installation or review any specific problems during the installation or configuration of a SiteMinder WSS Agent, check the CA_SiteMinder_Web_Services_Security_Install_date-time_InstallLog.log file located in WSS_Home\install_config_info.

date-time

Specifies the date and time of the CA SiteMinder® Web Services Security installation.