Previous Topic: Install the SiteMinder AgentNext Topic: Install the SiteMinder Agent


Installation Overview

The following sections describe how to install the SiteMinder Agent for JBoss on Windows and UNIX platforms. The SiteMinder Agent installation includes the following security interceptors:

Note: All components of both interceptors are installed when you run the SiteMinder Agent installation. However, you need only configure the interceptor modules that you want to use.

Install Preparation

Before you install a SiteMinder Agent for JBoss, there are a number of pieces of information you will need and requirements that must be met.

Locate the Platform Support Matrix

Use the Platform Support Matrix to verify that the operating environment and other required third-party components are supported.

Follow these steps:

  1. Log in to the CA Support site.
  2. Locate the Technical Support section.
  3. Enter CA SiteMinder® in the Product Finder field.

    The CA SiteMinder® product page appears.

  4. Click Product Status, CA SiteMinder® Family of Products Platform Support Matrices.
  5. Locate the SiteMinder Agent for Application Servers 12.52 entry and open open the associated PDF file.

Note: You can download the latest JDK and JRE versions at the Oracle Developer Network.

Software Requirements

Supported versions of the following software are always required before you install the SiteMinder Agent.

To use the SiteMinder Agent Web Interceptor to validate identities obtained from SiteMinder session cookies during perimeter authentication, the following software is also required:

The following illustration shows where each of these software components is installed in an environment that uses SiteMinder SSO-based perimeter authentication.

SiteMinder Agent for JBoss architecture

For a complete list of supported software, operating systems, Java environments, and prerequisite A product versions, refer to the SiteMinder Agent for Application Servers Platform Support Matrix on the Technical Support site.

Installation Checklist

To install the CA SiteMinder® Agent for JBoss, complete all the steps in the following table. To help ensure proper configuration, follow the steps in order.

Complete?

Steps

For information, see...

  •  

Install and configure a Policy Server

CA SiteMinder Policy Server installation Guide

  •  

Install the JBoss Application Server

JBoss Enterprise Application Platform documentation

  •  

Configure the Policy Server

Preconfigure Policy Objects for the SiteMinder Agent

  •  

Patch JVM for unlimited cryptography with the Java Cryptography Extension (JCE) package

Apply the Java Cryptography Patch to the JVM

  •  

Install the SiteMinder Agent on the JBoss Enterprise Application Platform

Install the SiteMinder Agent

  •  

Register system as a Trusted Host

How to Register Your System as a Trusted Host

  •  

For SiteMinder Agent Security Interceptor perimeter authentication environments, install and configure additional requisite software

Additional Steps for Perimeter Authentication Installations

Additional Steps for SiteMinder Agent Security Interceptor Installations

Complete the steps outlined in the following table to use the SiteMinder Agent Security Interceptor to validate SiteMinder session cookies obtained by perimeter authentication.

Complete?

Steps

For information, see...

  •  

Install a supported web server on the proxy server system.

The installation documentation provided with the web server.

  •  

Install and configure a supported proxy module on the proxy web server.

For detailed proxy module installation and configuration directions, see the JBoss Enterprise Application Platform documentation.

  •  

Install and configure a Web Agent on the proxy server.

CA SiteMinder Web Agent Installation Guide

CA SiteMinder Web Agent Configuration Guide

  •  

Restart the web server on the proxy server.

The documentation for the web server.

Installation Location References

The following references to the installed location of SiteMinder Agent and JBoss software are used throughout this guide:

SMAGENT_HOME

Refers to the installed location of the SiteMinder Agent for JBoss.

The default location is:

JBOSS_HOME

Refers to the installed location of the JBoss Application Server.

For example, the default location for JBoss Enterprise Application Platform 4.3 is:

Preconfigure Policy Objects for the SiteMinder Agent

This section describes how to preconfigure policy objects for the SiteMinder Agent for JBoss on the Policy Server.

Policy Object Preconfiguration Overview

Before you install the SiteMinder Agent for JBoss, the Policy Server must be installed and be able to communicate with the system where you plan to install the SiteMinder Agent. Additionally, configure the Policy Server with the following:

Preconfigure the Policy Objects

The following is an overview of the configuration procedures to perform on the Policy Server before installing the Agent software:

  1. Duplicate or create a new Host Configuration Object, which holds initialization parameters for a Trusted Host. (If upgrading from an earlier Agent install, you can use the existing Host Configuration object).

    The Trusted Host is a server that hosts one or more Agents and handles their connection to the Policy Server.

  2. As necessary, add or edit Trusted Host parameters in the Host Configuration Object that you just created.
  3. Create an Agent identity for the SiteMinder Agent for JBoss. Select Web Agent as the Agent type for the SiteMinder Agent for JBoss.

    Note: If you are using SiteMinder SSO-based perimeter authentication to validate identities obtained from SiteMinder session cookies, configure separate Agents identities for the SiteMinder Agent for JBoss and the Web Agent on the proxy server.

  4. Duplicate an existing or create a new Agent Configuration Object, which holds Agent configuration parameters and can be used to centrally configure a group of Agents.
  5. In the Agent Configuration Object you created, verify that the DefaultAgentName parameter is set to specify the Agent identity defined in Step 3.

Apply the Unlimited Cryptography Patch to the JRE

Patch the Java Runtime Environment (JRE) used by the Agent to support unlimited key strength in the Java Cryptography Extension (JCE) package. The patches for all supported platforms are available from the Oracle website.

The files that need to be patched are:

The local_policy.jar and US_export_policy.jar files can found be in the following locations:

jre_home

Defines the location of your Java Runtime Environment installation.