The following sections describe how to install the SiteMinder Agent for JBoss on Windows and UNIX platforms. The SiteMinder Agent installation includes the following security interceptors:
Note: All components of both interceptors are installed when you run the SiteMinder Agent installation. However, you need only configure the interceptor modules that you want to use.
Before you install a SiteMinder Agent for JBoss, there are a number of pieces of information you will need and requirements that must be met.
Use the Platform Support Matrix to verify that the operating environment and other required third-party components are supported.
Follow these steps:
The CA SiteMinder® product page appears.
Note: You can download the latest JDK and JRE versions at the Oracle Developer Network.
Supported versions of the following software are always required before you install the SiteMinder Agent.
PATH=$PATH:JVM/bin export PATH
Specifies the location of your Java virtual machine (for example /opt/jre1.5.0_06/bin).
To use the SiteMinder Agent Web Interceptor to validate identities obtained from SiteMinder session cookies during perimeter authentication, the following software is also required:
For supported web servers and proxy plug-ins, see:
The following illustration shows where each of these software components is installed in an environment that uses SiteMinder SSO-based perimeter authentication.
For a complete list of supported software, operating systems, Java environments, and prerequisite A product versions, refer to the SiteMinder Agent for Application Servers Platform Support Matrix on the Technical Support site.
To install the CA SiteMinder® Agent for JBoss, complete all the steps in the following table. To help ensure proper configuration, follow the steps in order.
Complete? |
Steps |
For information, see... |
---|---|---|
|
Install and configure a Policy Server |
CA SiteMinder Policy Server installation Guide |
|
Install the JBoss Application Server |
JBoss Enterprise Application Platform documentation |
|
Configure the Policy Server |
|
|
Patch JVM for unlimited cryptography with the Java Cryptography Extension (JCE) package |
Apply the Java Cryptography Patch to the JVM |
|
Install the SiteMinder Agent on the JBoss Enterprise Application Platform |
|
|
Register system as a Trusted Host |
|
|
For SiteMinder Agent Security Interceptor perimeter authentication environments, install and configure additional requisite software |
Complete the steps outlined in the following table to use the SiteMinder Agent Security Interceptor to validate SiteMinder session cookies obtained by perimeter authentication.
Complete? |
Steps |
For information, see... |
---|---|---|
|
Install a supported web server on the proxy server system. |
The installation documentation provided with the web server. |
|
Install and configure a supported proxy module on the proxy web server. |
For detailed proxy module installation and configuration directions, see the JBoss Enterprise Application Platform documentation. |
|
Install and configure a Web Agent on the proxy server. |
CA SiteMinder Web Agent Installation Guide CA SiteMinder Web Agent Configuration Guide |
|
Restart the web server on the proxy server. |
The documentation for the web server. |
The following references to the installed location of SiteMinder Agent and JBoss software are used throughout this guide:
Refers to the installed location of the SiteMinder Agent for JBoss.
The default location is:
Refers to the installed location of the JBoss Application Server.
For example, the default location for JBoss Enterprise Application Platform 4.3 is:
This section describes how to preconfigure policy objects for the SiteMinder Agent for JBoss on the Policy Server.
Before you install the SiteMinder Agent for JBoss, the Policy Server must be installed and be able to communicate with the system where you plan to install the SiteMinder Agent. Additionally, configure the Policy Server with the following:
A trusted host is a client computer where one or more SiteMinder Agents are installed. The term trusted host refers to the physical system. There must be an administrator with permission to register trusted hosts with the Policy Server.
To configure an administrator, see the Administrators chapter of the SiteMinder Policy Server Configuration Guide.
An Agent object creates an Agent identity by assigning the Agent a name. You define an Agent identity from the Agents object in the Administrative UI. You assign the Agent identity a name and specify the Agent type as a Web Agent.
The name you assign for the Agent is the same name you specify in the DefaultAgentName parameter for the Agent Configuration Object that you must also define to centrally manage an Agent.
This object defines the communication between the trusted host and the Policy Server after the initial connection between the two is made.
A trusted host is a client computer where one or more SiteMinder Agents can be installed. The term trusted host refers to the physical system, in this case the JBoss Application Server host.
Do not confuse this object with the trusted host's configuration file, SmHost.conf, which is installed at the trusted host after a successful host registration. The settings in the SmHost.conf file enable the host to connect to a Policy Server for the first connection only. Subsequent connections are governed by the Host Configuration Object.
For more information, see the SiteMinder Policy Server Configuration Guide.
This object includes the parameters that define the SiteMinder Agent configuration. There are a few required parameters you must set for basic operation.
The Agent Configuration Object must include a value for the DefaultAgentName parameter. This entry should match an entry you defined in the Agent object.
For more information, see the SiteMinder Policy Server Configuration Guide.
The following is an overview of the configuration procedures to perform on the Policy Server before installing the Agent software:
The Trusted Host is a server that hosts one or more Agents and handles their connection to the Policy Server.
Note: If you are using SiteMinder SSO-based perimeter authentication to validate identities obtained from SiteMinder session cookies, configure separate Agents identities for the SiteMinder Agent for JBoss and the Web Agent on the proxy server.
Patch the Java Runtime Environment (JRE) used by the Agent to support unlimited key strength in the Java Cryptography Extension (JCE) package. The patches for all supported platforms are available from the Oracle website.
The files that need to be patched are:
The local_policy.jar and US_export_policy.jar files can found be in the following locations:
jre_home\lib\security
jre_home/lib/security
Defines the location of your Java Runtime Environment installation.
Copyright © 2007 CA.
All rights reserved.
|
|