Web Services Security Guides › CA SiteMinder® Web Services Security Agent Guide for iPlanet Web Servers › Upgrade a SOA Agent to a 12.52 WSS Agent

Upgrade a SOA Agent to a 12.52 WSS Agent

This section contains the following topics:

How to Upgrade a SOA Agent

How to Upgrade a SOA Agent

Upgrading a SOA Agent to a 12.52 WSS Agent involves several separate procedures. To upgrade your agent, Follow these steps::

1. Verify that you are in the proper step of the upgrade process for an agent upgrade. You upgrade agents to 12.52 from r12.1 SP3 at stage two of the CA SiteMinder® Web Services Security upgrade process, as shown in the following illustration:

   

2. Create backup copies of any customized agent-related files on your web server. Examples of files you could have customized after installing or configuring your agent include the following files:
   • LocalConfig.conf
   • WebAgent.conf
3. If you are upgrading an agent on a UNIX/Linux operating environment, clear the LD_PRELOAD variable.
4. Gather information for the following CA SiteMinder® programs.
   • Agent installation wizard.
   • Agent configuration wizard.
5. Run the installation wizard to upgrade your agent on Windows or UNIX.
6. If you are upgrading an agent on a UNIX/Linux operating environment, source the agent environment script on the upgraded agent).
7. Run the configuration wizard to configure the upgraded agent on Windows or UNIX.
8. If you plan to use the Oracle iPlanet Administration console, apply the changes to your upgraded CA SiteMinder® configuration files.
9. Manually configure any nondefault Oracle iPlanet server instances.

Verify That the LD_PRELOAD Variable Does Not Conflict with Existing Agent

If you are upgrading or reinstalling a SiteMinder WSS Agent on a Linux system, from the shell, set the LD_PRELOAD variable so that it points to a different location from any existing agent installation directory. For example, if an existing LD_PRELOAD entry is set to:

LD_PRELOAD=agent_home/bin/libbtunicode.so

Before you reinstall or upgrade, set the variable to:

export LD_PRELOAD=

This entry sets the variable to a blank value.

Run the Installation Wizard to Upgrade Your Agent on Windows

The installation program for the SiteMinder WSS Agent installs the agent on one computer at a time using the Windows operating environment. This installation program can be run in wizard or console modes. The wizard and console-based installation programs also create a .properties file for subsequent installations and configurations using the unattended or silent method with the same settings.

For example, suppose the Agents in your environment use the same web server version, installation directory, Agent Configuration Object and Policy Servers. Use the installation wizard or console-based installation program for your first installation. Afterwards, you could create your own script to run the installation program with the .properties file the wizard or console-based installation program created.

Follow these steps:

1. Copy the SiteMinder WSS Agent installation executable file to a temporary directory on your web server.
2. Do one of the following steps:
   • For wizard-based installations, right-click ca-sm-wss-<SVMVER>-cr-win32.exe, and then select Run as Administrator.

     cr

     Specifies the cumulative release number. The base 12.52 release does not include a cumulative release number.

   • For console-based installations, open a command line window and run the executable as shown in the following example:

     ca-sm-wss-<SVMVER>-cr-win32.exe -i console
     

   Important! If you are running this wizard on Windows Server 2008, run the executable file with Administrator permissions, even if you are logged into the system as an Administrator. For more information, see the CA SiteMinder® Web Services Security Release Notes.

3. Use the information that you gathered previously to complete the installation.

Note: The software upgrade occurs in the installed location of the existing SOA Agent.

Run the Installation Wizard to Upgrade your Agent on UNIX/Linux

The installation program for the SiteMinder WSS Agent installs the agent on one computer at a time using the UNIX or Linux operating environments. This installation program can be run in wizard or console modes. The wizard and console-based installation program also creates a .properties file for subsequent installations and configurations using the unattended or silent method with the same settings.

For example, suppose the Agents in your environment use the same web server version, installation directory, Agent Configuration Object and Policy Servers. Use the installation wizard or console-based installation program for your first installation. Afterwards, you could create your own script to run the installation program with the .properties file the wizard or console-based installation program created.

Follow these steps:

1. Copy the SiteMinder WSS Agent installation executable file to a temporary directory on your web server.
2. Log in as a root user.
3. Do one of the following steps:
   • For wizard-based installations, run ca-sm-wss-<SVMVER>-cr-unix_version.bin

     cr

     Specifies the cumulative release number. The base 12.52 release does not include a cumulative release number.

     unix_version

     Specifies the UNIX version: sol or linux...

   • For console-based installations, open a command-line window and run the executable as shown in the following example:

     ca-sm-wss-<SVMVER>-cr-unix_version.bin -i console
     

4. Use the information from your agent Installation worksheet to complete the installation program.

Note: The software upgrade occurs in the installed location of the existing SOA Agent.

Set Environment Variables for a SiteMinder WSS Agent on UNIX

After installing the SiteMinder WSS Agent on UNIX, you must set required environment variables using the ca_wa_env.sh script. Running the script for SiteMinder WSS Agents on most UNIX platforms ensures that the SiteMinder WSS Agent and web server can work together.

The ca_wa_env.sh script sets the following environment variables:

• NETE_WA_ROOT
• PATH
• NETE_WA_PATH
• LD_LIBRARY_PATH

  Note: The SiteMinder WSS Agent requires that LD_LIBRARY_PATH include /usr/lib before any other directory containing older versions of libm.so.

• SHLIB_PATH
• LIBPATH

To set the SiteMinder WSS Agent environment variables after installation, source the following script after you install and configure the SiteMinder WSS Agent:

1. Open a command window.
2. Navigate to WSS_Home/webagent/.

   WSS_Home

   Specifies the path to where CA SiteMinder® Web Services Security is installed.

3. Enter the following command:

   . ./ca_wa_env.sh

Note: You do not have to run this script for Sun Java System web servers because this file as been added to the start script.

Run the Configuration Wizard on Your Upgraded SiteMinder WSS Agent on Windows

After gathering the information for your agent configuration, run the agent configuration program. This program creates an agent runtime instance for the web servers running on your computer.

This configuration program is wizard or console based, depending on the option you select. Running the configuration program in the wizard or console mode once creates a properties file. Use the properties file to run unattended configurations on other computers with same operating environment in the future.

Follow these steps:

1. Open the following directory on your web server:

   WSS_Home\install_config_info
   

   WSS_Home

   Specifies the path to where CA SiteMinder® Web Services Security is installed.

   Default: C:\Program Files\CA\Web Services Security

2. Use one of the following configuration methods:
   • For a GUI-based configuration, right-click ca-pep-config.exe, and then select Run as Administrator:
   • For a console-based configuration, enter the following command from a Command Prompt window with Administrator privileges open to WSS_Home\install_config_info:

     ca-pep-config.exe -i console
     

     Important! If you are running this wizard on Windows Server 2008, run the executable file with administrator permissions. Use these permissions even if you are logged in to the system as an administrator. For more information, see the release notes for your CA SiteMinder® component.

3. Use the information you gathered earlier to complete the wizard.
4. The agent runtime instance is created for your web servers.

Run the Configuration Wizard on Your Upgraded SiteMinder WSS Agent on UNIX/Linux

After gathering the information for your agent configuration, run the agent configuration program. This program creates an agent runtime instance for the web servers running on your computer.

This configuration program is wizard or console based, depending on the option you select. Running the configuration program in the wizard or console mode once creates a properties file. Use the properties file to run unattended configurations on other computers with same operating environment in the future.

Follow these steps:

1. Open a Console Window with root privileges on your web server:
2. Navigate to the following location:

   WSS_Home/install_config_info
   

   WSS_Home

   Specifies the path to where CA SiteMinder® Web Services Security is installed.

3. Enter one of the following commands:

   GUI Mode: ./ca-pep-config.bin

   Console Mode: ./ca-pep-config.bin -i console

   The Configuration Wizard starts.

4. Use one of the following configuration methods:
   • For a GUI-based configuration, run ca-pep-config.bin.
   • For a console-based configuration, open a Command prompt window with root privileges and enter the following command:

     ca-pep-config.exe -i console
     

5. Use the information you gathered earlier to complete the wizard.

   The agent runtime instance is created for your web servers.

Apply Changes to your Upgraded CA SiteMinder® Files with the iPlanet Administration Console

The Agent Configuration Wizard modifies the default obj.conf, and mime.types files that the Oracle iPlanet web server uses.

If you are using version 6.1 of a SunOne web server, and you plan to use the Oracle iPlanet Administration console, apply the changes to these files before using the console. If you do not apply the changes using the console first, the changes that are made for your CA SiteMinder® configuration could be corrupted. If you lose your configuration, run the configuration program again.

Note: The agent adds settings to the obj.conf file of the Oracle iPlanet web server when the Agent is configured to support an advanced authentication scheme. CA SiteMinder® does not remove these settings later. Edit the obj.conf file manually to remove any obsolete settings.

Follow these steps:

1. Log in to the Oracle iPlanet Administration Server console.
2. From the Servers tab, select the web server with the CA SiteMinder® agent installed and click Manage.
3. In the right corner of the dialog, click Apply.

   A warning message about loading the modified configuration files appears.

4. Click Load Configuration Files.
5. Exit the console.
6. Restart the web server.
7. Optimize the Agent for Oracle iPlanet by tuning the shared memory segments.
8. The CA SiteMinder® changes are applied.

Manually Configure Non-Default Server Instances, Virtual Servers, or Reverse Proxies for Oracle iPlanet Web Servers

The SiteMinder WSS Agent Configuration wizard only configures the default instance of your Oracle iPlanet web server. To configure a different instance of the Oracle iPlanet web server for CA SiteMinder®, manually edit the obj.conf file that is associated with that server instance. Examples of server instances that need manual configuration include:

• Servers installed in a nondefault directory
• Servers that you want to configure as a reverse proxy. We recommend configuring the reverse proxy using your Oracle iPlanet interface before adding the CA SiteMinder® settings to the obj.conf file.

  Note: The CA SiteMinder® Agent Configuration wizard only modifies the default obj.conf file on the Oracle iPlanet (formerly Sun Java System) web server. To protect other instances or reverse proxy deployments with CA SiteMinder®, copy the CA SiteMinder® settings from the default obj.conf file to any respective instance_name-obj.conf files. For example, your web server created an obj.conf file when you installed it, but you later added a server instance named my_server.example.com. To protect resources on my_server.example.com with CA SiteMinder®, copy the CA SiteMinder® settings the wizard added from the obj.conf file to the my_server.example.com-obj.conf file.

• Virtual servers on the same computer

Note: SunOne/Sun Java 7.0 web servers do not require these manual configuration steps.

Follow these steps:

1. Locate the directory of the server instance you want to configure.
2. Open the obj.conf file with a text editor.
3. Locate the following line:

   <Object name="default">
   

4. Insert a new line below the previous one, and then add the following text:

   AuthTrans fn="SiteMinderAgent"
   

5. Locate the following line:

   AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
   

6. Insert a new line below the previous one, and then add the following text:

   NameTrans fn="pfx2dir" from="/siteminderagent/pwcgi" dir="agent_home/pw" name="cgi"
   NameTrans fn="pfx2dir" from="/siteminderagent/pw" dir="agent_home/pw"
   NameTrans fn="pfx2dir" from="/siteminderagent/jpw" dir="agent_home/jpw"
   NameTrans fn="pfx2dir" from="/siteminderagent/redirectjsp" dir="agent_home/affwebservices/redirectjsp"
   NameTrans fn="pfx2dir" from="/siteminderagent/certoptional" dir="agent_home/samples"
   NameTrans fn="pfx2dir" from="/siteminderagent" dir="agent_home/samples"
   NameTrans fn="pfx2dir" from="/siteminderagent/pwservlet" dir=agent_home/jpw"
   

   agent_home

   Indicates the directory where the SiteMinder WSS Agent is installed on your web server.

   Default (Windows 32-bit SiteMinder WSS Agent installations: C:\Program Files\CA\Web Services Security\webagent

   Default (Windows 64-bit SiteMinder WSS Agent installations: C:\Program Files\CA\Web Services Security\webagent\win64

   Default (Windows 32-bit SiteMinder WSS Agent installations operating on 64-bit systems: C:\Program Files (x86)\CA\Web Services Security\webagent\win32

7. Locate the following line:

   NameTrans fn="ntrans-j2ee" name="j2ee"
   

8. Insert a new line below the previous one, and then add the following text:

   PathCheck fn="SmRequireAuth"
   

9. Remove the following line:

   NameTrans fn="pfx2dir" from="/mc-icons" dir="C:/Program Files/Sun/WebServer7.0/lib/icons" name="es-internal"
   

10. Locate the following line:

    ObjectType fn="force-type" type="text/plain"
    

11. Insert a new line below the previous one, and then add the following text:

    Service method="(GET|POST)" fn="SmAdvancedAuth"
    

12. Locate the following line:

    Error fn="error-j2ee
    

13. Insert a new line above the previous one, and then add the following text:

    Error fn="SmSoapFault" code="500" reason="SmSoapFault"
    

14. Save the obj.conf file.
15. Open the magnus.conf file with a text editor.
16. Add the following line:

    Init fn="load-modules" shlib="agent_home/bin/SunOneWebAgent.dll" funcs="SmInitAgent,SmInitChild,SiteMinderAgent,SmRequireAuth,SmAdvancedAuth,SmSoapFault
    

17. Save the magnus.conf file.

    The Oracle iPlanet web server is manually configured.