This section contains the following topics:
Only Apache-based Web Server Procedures in this Guide
Hardware Requirements for CA SiteMinder® Agents
Preparation Roadmap for Apache-based web servers
How to Prepare for a Web Agent Installation on Apache-based Servers
This guide only contains procedures for installing or configuring CA SiteMinder® agents on Apache-based web servers.
To install or configure a CA SiteMinder® agent on any other type of web server or operating environment, see one of the following guides:
Computers hosting CA SiteMinder® agents require the following hardware:
CA SiteMinder® agents operating on Windows operating environments require the following hardware:
CA SiteMinder® agents operating on UNIX operating environments require the following hardware:
Note: Daily operation of the agent requires 10 MB of free disk space in /tmp. The agent creates files and named pipes under /tmp. The path to which these files and pipes are created cannot be changed.
The following illustration describes how to prepare your web server before you install a CA SiteMinder® agent:
To prepare for a CA SiteMinder® agent installation on an Apache-based server, use the following process:
Use the Platform Support Matrix to verify that the operating environment and other required third-party components are supported.
Follow these steps:
The CA SiteMinder® product page appears.
Note: You can download the latest JDK and JRE versions at the Oracle Developer Network.
Apache-based servers running on Windows operating environments require the following preparations before installing a CA SiteMinder® agent:
When an Apache-based web server is installed using a single user account, the Agent configuration cannot detect the Apache-based web server installation.
To correct this problem, select the following option when you install an Apache-based web server on a Windows operating environment:
"install as a service, available for all users".
For CA SiteMinder® Agents for Apache-based web servers (including IBM HTTP Server), a logs subdirectory must exist under the root directory of the Apache-based web server. This subdirectory needs Read and Write permissions for the user identity under which the Apache child process runs.
If the logs subdirectory does not exist, create it with the required permissions.
Note: This configuration requirement applies to any Apache-based web server that writes log files outside the Apache root directory.
Apache-based servers running on UNIX operating environments require the following preparations before installing a CA SiteMinder® agent:
If you are installing the CA SiteMinder® Agent on a UNIX system from a remote terminal, such as a Telnet or Exceed terminal, be sure the DISPLAY variable is set for the local system. For example, if your machine is 111.11.1.12, set the variable as follows:
DISPLAY=111.11.1.12:0.0
export DISPLAY
Note: You can also install the agent using the console mode installation, which does not require the X window display mode.
For CA SiteMinder® Agents for Apache-based web servers (including IBM HTTP Server), a logs subdirectory must exist under the root directory of the Apache-based web server. This subdirectory needs Read and Write permissions for the user identity under which the Apache child process runs.
If the logs subdirectory does not exist, create it with the required permissions.
Note: This configuration requirement applies to any Apache-based web server that writes log files outside the Apache root directory.
Before installing a CA SiteMinder® Agent on a Solaris computer, install the following patches:
Requires patch 111711-16.
Requires patch 119963-08.
You can verify installed patch versions by logging in as the root user and executing the following command:
showrev -p | grep patch_id
To locate Solaris patches, go to the Oracle Solution Center.
CA SiteMinder® agents running on AIX systems require the following components:
Apache-based servers running on Linux operating environments require the following preparations before installing a CA SiteMinder® agent:
The following Linux patches are required:
Certain library files are required for components operating on Linux operating environments. Failure to install the correct libraries can cause the following error:
java.lang.UnsatisfiedLinkError
If you are installing, configuring, or upgrading a Linux version of this component, the following libraries are required on the host system:
compat–gcc-34-c++-3.4.6-patch_version.I386
libstdc++-4.x.x-x.el5.i686.rpm
libstdc++-4.x.x-x.el6.i686.rpm
Note: All the RPM packages that are required for 64-bit Red Hat 6.x are 32-bit packages.
libXau-1.0.5-1.el6.i686.rpm
libxcb-1.5-1.el6.i686.rpm
compat-db42-4.2.52-15.el6.i686.rpm
compat-db43-4.3.29-15.el6.i686.rpm
libX11-1.3-2.el6.i686.rpm
libXrender-0.9.5-1.el6.i686.rpm
libexpat.so.1 (provided by expat-2.0.1-11.el6_2.i686.rpm)
libfreetype.so.6 (provided by freetype-2.3.11-6.el6_2.9.i686.rpm)
libfontconfig.so.1 (provided by fontconfig-2.8.0-3.el6.i686.rpm)
libICE-1.0.6-1.el6.i686.rpm
libuuid-2.17.2-12.7.el6.i686.rpm
libSM-1.1.0-7.1.el6.i686.rpm
libXext-1.1-3.el6.i686.rpm
compat-libstdc++-33-3.2.3-69.el6.i686.rpm
compat-db-4.6.21-15.el6.i686.rpm
libXi-1.3-3.el6.i686.rpm
libXtst-1.0.99.2-3.el6.i686.rpm
libXft-2.1.13-4.1.el6.i686.rpm
libXt-1.0.7-1.el6.i686.rpm
libXp-1.0.0-15.1.el6.i686.rpm
Before installing a CA SiteMinder® Agent on a Red Hat Apache 2.2 web server running on the Red Hat Enterprise Linux operating environment, install all the items included in the Red Hat Legacy Software Development tools package.
For the CA SiteMinder® Agent to operate with an Apache web server running Linux, you have to compile the server. Compiling is required because the Agent code uses pthreads (a library of POSIX-compliant thread routines), but the Apache server on the Linux platform does not, by default.
If you do not compile with the lpthread option, the Apache server starts up, but then hangs and does not handle any requests. The Apache server on Linux cannot initialize a module which uses pthreads due to issues with Linux's dynamic loader.
Follow these steps:
LIBS=-lpthread export LIBS
configure --enable-module=so --prefix=your_install_target_directory make make install
For CA SiteMinder® Agents for Apache-based web servers (including IBM HTTP Server), a logs subdirectory must exist under the root directory of the Apache-based web server. This subdirectory needs Read and Write permissions for the user identity under which the Apache child process runs.
If the logs subdirectory does not exist, create it with the required permissions.
Note: This configuration requirement applies to any Apache-based web server that writes log files outside the Apache root directory.
Before you install and configure a CA SiteMinder® agent on the z/OS operating environment, perform the preparation steps described in this process.
Use the Platform Support Matrix to verify that the operating environment and other required third-party components are supported.
Follow these steps:
The CA SiteMinder® product page appears.
Note: You can download the latest JDK and JRE versions at the Oracle Developer Network.
You can find the installation media on the Technical Support site.
Follow these steps:
The Download Center screen appears.
The Product Downloads screen appears. All CA SiteMinder® installation executables are listed.
If you are installing the CA SiteMinder® agent on a z/OS system from a remote terminal, verify that the DISPLAY variable is set for the local system. For example, if your server IP address is 111.11.1.12, set the variable as follows:
export DISPLAY=111.11.1.12:0.0
Note: You can also install the CA SiteMinder® agent using the console mode installation, which does not require the X window display mode.
For CA SiteMinder® Agents for Apache-based web servers (including IBM HTTP Server), a logs subdirectory must exist under the root directory of the Apache-based web server. This subdirectory needs Read and Write permissions for the user identity under which the Apache child process runs.
If the logs subdirectory does not exist, create it with the required permissions.
Note: This configuration requirement applies to any Apache-based web server that writes log files outside the Apache root directory.
On z/OS systems, before installing the CA SiteMinder® agent, verify that a supported JRE is present on the system and defined in the PATH and JAVA_HOME system variables.
Follow these steps:
Enter the following commands at a command prompt:
export PATH=JRE/bin:$PATH export JAVA_HOME=JRE
Specifies the location of the JRE.
For example, /sys/java64bt/v6r0m1/usr/lpp/java/Jversion_number
Apache-based IBM HTTP servers require the following preparations before installing a CA SiteMinder® agent:
If you install the CA SiteMinder® Agent on an IBM HTTP Server, this web server gets installed as root and its subdirectories do not give all users in all groups Write permissions.
For the Low Level Agent Worker Process (LLAWP) to write agent initialization messages to the web server logs, the user running the web server needs permission to write to the web server’s log directory. Ensure that you allow write permissions for this user.
Verify the following criteria:
Note: For more information, see the Policy Server documentation.
To install and configure a CA SiteMinder® agent, a Policy Server requires at least the following items:
A trusted host is a client computer where one or more CA SiteMinder® Agents are installed and registered with the Policy Server. The CA SiteMinder® administrator must have permissions to register trusted hosts with the Policy Server. Registering a trusted host creates a unique trusted host name object on the Policy Server.
An Agent identity establishes a mapping between the Policy Server and the name or IP address of the web server instance hosting an Agent. You define an Agent identity from the Agents object in the Administrative UI. You assign it a name and specify the Agent type as a Web Agent.
The host configuration object on the Policy Server defines the communication between the agent and the Policy Server that occurs after an initial connection. The Initial connections use the parameters in the SmHost.conf file.
This object includes the parameters that define the agent configuration. All CA SiteMinder® agents require at least one of the following configuration parameters that are defined in the ACO:
Defines the identity of the web agent. This identity links the name and the IP address or FQDN of each web server instance hosting an Agent.
The value of the DefaultAgentName is used instead of the AgentName parameter if any of the following events occur:
Note: This parameter can have more than one value. Use the multivalue option when setting this parameter in an Agent Configuration Object. For local configuration files, add each value to a separate line in the file.
Default: No default
Limit: Multiple values are allowed, but each AgentName parameter has a 4,000 character limit. Create additional AgentName parameters as needed by adding a character to the parameter name. For example, AgentName, AgentName1, AgentName2.
Limits: Must contain 7-bit ASCII characters in the range of 32-127, and include one or more printable characters. Cannot contain the ampersand (&) and asterisk (*) characters. The value is not case-sensitive. For example, the names MyAgent and myagent are treated the same.
Example: myagent1,192.168.0.0 (IPV4)
Example: myagent2, 2001:DB8::/32 (IPV6)
Example: myagent,www.example.com
Example (multiple AgentName parameters): AgentName1, AgentName2, AgentName3. The value of each AgentNamenumber parameter is limited to 4,000 characters.
Defines a name that the agent uses to process requests. The value for DefaultAgentName is used for requests on an IP address or interface when no agent name value exists in the AgentName parameter.
If you are using virtual servers, you can set up your CA SiteMinder® environment quickly by using a DefaultAgentName. Using DefaultAgentName means that you do not need to define a separate agent for each virtual server.
Important! If you do not specify a value for the DefaultAgentName parameter, then the value of the AgentName parameter requires every agent identity in its list. Otherwise, the Policy Server cannot tie policies to the agent.
Default: No default.
Limit: Multiple values are allowed.
Limits: Must contain 7-bit ASCII characters in the range of 32-127, and include one or more printable characters. Cannot contain the ampersand (&) and asterisk (*) characters. The value is not case-sensitive. For example, the names MyAgent and myagent are treated the same.
Copyright © 2013 CA.
All rights reserved.
|
|