To enable FWS in a federated environment for a CA SiteMinder®/WebSphere Application Server (WAS) configuration, deploy the FWS application.
On Systems 2 and 5, deploy FWS. These systems must also have WAS and the associated WAS Fix Pack, if applicable. On Systems 1 and 4, install the Web Agent and the WAS Proxy Plug-in. Enable SSL between the proxy and the WAS.
The following illustration shows a CA SiteMinder® and WebSphere sample configuration.
Prerequisites:
After installing the software components on the systems in the illustration, deploy FWS on System 2 and System 5 by following these steps:
After you install the Web Agent Option Pack on a UNIX system, the installation program creates an environment script (ca-wa-opack-env.sh).
Source the environment script so the library path of the application server points to the location of the Web Agent Option Pack /bin directory.
Source the script by entering the following command at the command line:
. ./ca-wa-opack-env.sh
Setting the correct library path lets the option pack and the web or application server to work together.
After you source the script, the library path is set. The variable name for the library path differs depending on the operating system. Example of several library paths:
LD_LIBRARY_PATH=/webagent_option_pack_home/bin
SHLIB_PATH=/webagent_option_pack_home/bin
LIBPATH=/webagent_option_pack_home/bin
Important! The application server startup script can reset the library path. Ensure that the path to the Web Agent Option Pack is the first entry in the path.
The path to the Web Agent Option Pack environment script points to one of the following locations:
If you install the option pack on the same system as the web agent, the script resides in the web agent directory. For any UNIX installation, the default location is /web_agent_home/bin.
The FWS application requires the SmHost.conf file. However, the Web Agent Option Pack does not install this file, so you must create it.
To create an SmHost.conf file
/webagent_option_pack_home/bin
/webagent_option_pack_home/config
The FWS application requires the WebAgent.conf file; however, the Web Agent Option Pack does not install this file so you must create it.
To create a WebAgent.conf file
/webagent_option_pack_home/config
where,
Defines the installed location of the Web Agent Option Pack on System 2 and System 5.
The following sample shows a WebAgent.conf file for the FWS application:
# WebAgent.conf - configuration file for the Federation Web Services Application #agentname="<agent_name>, <IP_address>" HostConfigFile="/<webagent_option_pack>/config/SmHost.conf" AgentConfigObject="<agent_config_object_name>" EnableWebAgent="YES"
The AffWebServices.properties file contains all the initialization parameters for Federation Web Services. For deploying FWS, set only the parameter that specifies the location of the WebAgent.conf file.
Follow these steps:
web_agent_optionpack_home/affwebservices/WEB-INF/classes
C:\\Program Files\\CA\\webagent_optionpack\\config\\WebAgent.conf
Note: Federation Web Services is a Java component, so the Windows paths must contain double backslashes.
web_agent_optionpack_home/config/WebAgent.conf
sps_home\\proxy-engine\\conf\\defaultagent\\WebAgent.conf
sps_home/proxy-engine/conf/defaultagent/WebAgent.conf
Copy the Web Agent Option Pack library files on System 2 and System 5.
Follow these steps:
\WebSphere_home\AppServer\bin
To deploy the FWS WAR file
\webagent_option_pack\affwebservices\
For more information about creating a WAR file, see WebSphere documentation.
For more information, see WebSphere documentation.
Important! If you make subsequent changes to any of the properties files in the affwebservices directory, recreate a WAR file and redeploy this file in the application server.
There are two possible modes for class loading:
The mode you select is implementation-dependent. In releases before 7.0, these modes were named PARENT_FIRST and PARENT_LAST. See the WebSphere documentation for further information.
http://fqhn:port_number/affwebservices/assertionretriever
where,
Defines the fully qualified host name.
Defines the port number of the server where the Federation Web Services application is installed.
For example:
http://myhost.ca.com:81/affwebservices/assertionretriever
If Federation Web Services is operating correctly, the following message appears:
Assertion Retrieval Service has been successfully initialized. The requested servlet accepts only HTTP POST requests.
This message indicates that Federation Web Services is listening for data activity.
When the Federation Web Services is not operating correctly, a message states that the Assertion Retrieval Service has failed. If the Assertion Retrieval Service fails, verify the Federation Web Services log.
Note: For more information about enabling trace logging for the FWS application, see Trace Logging.
Copyright © 2013 CA.
All rights reserved.
|
|