This section contains the following topics:
Set the JRE in the Path Variable
Apply the Unlimited Cryptography Patch to the JRE for SiteMinder WSS Agents
Configure the JVM to Use the JSafeJCE Security Provider
Run the Installer to Install a SiteMinder WSS Agent
Install a SiteMinder WSS Agent Using the Unattended Installer
Copy cryptojFIPS.jar to the WebSphere JRE
Installation and Configuration Log Files
How to Configure Agents and Register a System as a Trusted Host
Uninstall the SiteMinder WSS Agent
Set the Java Runtime Environment (JRE) in the Windows path variable.
Follow these steps:
Patch the Java Runtime Environment (JRE) used by the SiteMinder WSS Agent to support unlimited key strength in the Java Cryptography Extension (JCE) package.
The WebSphere JRE is based on Sun's JRE on the Solaris platform; this patch is available at Sun's website. The patch for other platforms is available at IBM's website. See the IBM documentation for more details.
The files that need to be patched are:
The local_policy.jar and US_export_policy.jar files can found be in the following locations:
WAS_HOME\java\jre\lib\security
WAS_HOME/java/jre/lib/security
The SiteMinder WSS Agent XML encryption function requires that the JVM is configured to use the JSafeJCE security provider.
Follow these steps:
Is the installed location of the JVM used by the application server.
In the following example, the JSafeJCE security provider entry has been added as the second security provider:
security.provider.1=sun.security.provider.Sun security.provider.2=com.rsa.jsafe.provider.JsafeJCE security.provider.3=sun.security.rsa.SunRsaSign security.provider.4=com.sun.net.ssl.internal.ssl.Provider security.provider.5=com.sun.crypto.provider.SunJCE security.provider.6=sun.security.jgss.SunProvider security.provider.7=com.sun.security.sasl.Provider
Note: If using the IBM JRE, always configure the JSafeJCE security provider immediately after (that is with a security provider number one higher than) the IBMJCE security provider (com.ibm.crypto.provider.IBMJCE)
com.rsa.cryptoj.fips140initialmode=NON_FIPS140_MODE
Note: The initial FIPS mode does not affect the final FIPS mode you select for the SiteMinder WSS Agent.
Install the SiteMinder WSS Agent using the CA SiteMinder® Web Services Security installation media on the Technical Support site.
Follow these steps:
Specifies the cumulative release number. The base 12.52 release does not include a cumulative release number.
The CA SiteMinder® Web Services Security installation wizard starts.
Important! If you are running this wizard on Windows Server 2008, run the executable file with Administrator permissions, even if you are logged into the system as an Administrator. For more information, see the CA SiteMinder® Web Services Security Release Notes.
Note: If the installation program detects that newer versions of certain system DLLs are installed on your system it asks if you want to overwrite these newer files with older files. Select No To All if you see this message.
The SiteMinder WSS Agent files are copied to the specified location.
If the installation program detects that there are locked Agent files, it prompts you to restart your system instead of reconfiguring it. Select whether to restart the system automatically or later on your own.
If you selected the option to configure SiteMinder WSS Agents now, the installation program prepares the CA SiteMinder® Web Services Security Configuration Wizard and begins the trusted host registration and configuration process.
If you installed a SiteMinder WSS Agent or Agents and did not select the option to configure SiteMinder WSS Agents now or if you are required to reboot the system after installation you must start the configuration wizard manually later.
Installation Notes:
Specifies the path to where CA SiteMinder® Web Services Security is installed.
Default: C:\Program Files\CA\Web Services Security
Specifies the date and time that the SiteMinder WSS Agent was installed.
The Agent cannot communicate properly with the Policy Server until the trusted host is registered.
After you have installed one or more SiteMinder WSS Agents on one machine, you can reinstall those agents on the same machine or install them with the same options on another machine using an unattended installation mode. An unattended installation lets you install or uninstall SiteMinder WSS Agents without any user interaction
The unattended installation uses the ca-wss-installer.properties file generated during the initial install from the information you specified to define the necessary installation parameters, passwords, paths, and so on.
The ca-wss-installer.properties file is located in: WSS_Home\install_config_info
Specifies the path to where CA SiteMinder® Web Services Security is installed.
Default: C:\Program Files\CA\Web Services Security
To run the installer in the unattended installation mode
Specifies the cumulative release number. The base 12.52 release does not include a cumulative release number.
ca-sm-wss-<SVMVER>-cr-win32.exe -f ca-wss-installer.properties -i silent
Important! If you are running this wizard on Windows Server 2008, run the executable file with Administrator permissions, even if you are logged into the system as an Administrator. For more information, see the CA SiteMinder® Web Services Security Release Notes.
The -i silent setting instructs the installer to run in the unattended installation mode.
Note: If the ca-wss-installer.properties file is not in the same directory as the installation program, use double quotes if the argument contains spaces.
Example:
ca-sm-wss-<SVMVER>-cr-win32.exe -f "C:\Program Files\CA\Web Services Security\install_config_info\ca-wss-installer.properties" -i silent
An InstallAnywhere status bar appears, which shows that the unattended CA SiteMinder® Web Services Security installer has begun. The installer uses the parameters specified in the ca-wss-installer.properties file.
Installation Notes:
Specifies the path to where CA SiteMinder® Web Services Security is installed.
Default: C:\Program Files\CA\Web Services Security
Specifies the date and time that the SiteMinder WSS Agent was installed.
The Agent cannot communicate properly with the Policy Server until the trusted host is registered.
If the installer displays a warning message stating that the cryptojFIPS.jar file is not present in the WebSphere JRE, you must manually copy the file into that location before you register the SiteMinder WSS Agent.
Copy cryptojFIPS.jar from the following location in the SiteMinder WSS Agent installation:
To the following location in the WebSphere installation:
To check the results of the installation or review any specific problems during the installation or configuration of a SiteMinder WSS Agent, check the CA_SiteMinder_Web_Services_Security_Install_date-time_InstallLog.log file located in WSS_Home\install_config_info.
Specifies the date and time of the CA SiteMinder® Web Services Security installation.
Copyright © 2013 CA.
All rights reserved.
|
|