Installation and Upgrade Guides › Web Agent Installation Guide › Configure an Oracle iPlanet Web Agent › Configure Oracle iPlanet Web Agents Using GUI or Console Mode

Configure Oracle iPlanet Web Agents Using GUI or Console Mode

These instructions are for GUI and Console Mode configuration. The steps for the two modes are the same, with these exceptions for Console Mode:

• You may be instructed to select an option by entering a corresponding number. For example, to select the Oracle iPlanet web server, enter a 3, which corresponds to this server.
• Press ENTER after each step to proceed through the process instead of "clicking Next," as stated in the following procedure.
• All passwords that you enter are displayed in clear text. To workaround this issue, run the installation in GUI or unattended mode.

The prompts for each mode will help guide you through the process.

web_agent_home

Indicates the directory where the SiteMinder Agent is installed.

Default (Windows 32-bit installations of SiteMinder Web Agents only): C:\Program Files\CA\webagent

Default (Windows 64-bit installations [SiteMinder Web Agents for IIS only]): C:\Program Files\CA\webagent\win64

Default (Windows 32-bit applications operating on 64-bit systems [Wow64 with SiteMinder Web Agents for IIS only]): C:\Program Files (x86)\webagent\win32

Default (UNIX/Linux installations): /opt/ca/webagent

To configure the Web Agent on a Oracle iPlanet Web Server

Note: The SiteMinder Agent Configuration wizard only modifies the default obj.conf file on the Oracle iPlanet (formerly Sun Java System) web server. To protect other instances or reverse proxy deployments with SiteMinder, copy the SiteMinder settings from the default obj.conf file to any respective instance_name-obj.conf files. For example, your web server created an obj.conf file when you installed it, but you later added a server instance named my_server.example.com. To protect resources on my_server.example.com with SiteMinder, copy the SiteMinder settings the wizard added from the obj.conf file to the my_server.example.com-obj.conf file.

1. If necessary, start the Configuration Wizard.
   1. Open a console window.
   2. Navigate to web_agent_home/install_config_info
   3. Enter one of the following commands:

      GUI mode: ./ca-wa-config.bin

      Console mode: ./ca-wa-config.bin -i console

2. If you have already done host registration, skip to the next step. Otherwise, select the option to skip host registration, then click Next.

   To register the trusted host, go to the installation chapter for your platform.

3. In the Select Web Server(s) dialog box, select the option for the iPlanet or Sun ONE Web Server and click Next.
4. Specify the root path where the Sun Java System web server is installed and click Next. For example, /opt/iPlanet/servers.

   You can click Choose to locate the root directory.

5. Select the web server instances that you want to configure with Web Agents.

   If you have already configured a server with a Web Agent and you are running the Configuration Wizard to configure additional web servers instances, the Wizard displays the Select One or More Instances to Overwrite dialog box. This dialog box lists the web servers that you have previously configured.

   1. Select one of the following:

      Overwrite—to overwrite the server instance configuration.

      Preserve—to preserve the web server's configuration.

      Important! If you uncheck a previously configured server, the Web Agent will be removed from this server.

   2. Click Next.
6. In the Agent Configuration Object field, enter the name of the Agent Configuration Object for this web server instance.

   This name must match an Agent Configuration Object already defined at the Policy Server. For example, to use the default enter iPlanetDefaultSettings.

7. If applicable, select one of the advanced SSL authentication schemes listed in the SSL Authentication dialog box. If the Agent is not providing advanced authentication, select No advanced authentication. Click Next following your choice.

   The selections are:

   • HTTP Basic over SSL—identifies a user based on a user name and password. The credential delivery is always done over an encrypted Secure Sockets Layer (SSL) connection.
   • X509 Client Certificate—identifies a user based on X.509 V3 client certificates. Digital certificates act as a signature for a user. Certificate authentication uses SSL communication.
   • X509 Client Cert and HTTP Basic—combines X.509 Client Certificate and Basic authentication. The user’s X.509 client certificate must be verified and he or she must provide a valid user name and password.
   • X509 Client Cert or HTTP Basic—combines X.509 Client Certificate and Basic authentication. The user’s X.509 client certificate must be verified, or he or she must provide a valid user name and password.
   • X509 Client Cert or Form—The X.509 Client Certificate or HTML Forms authentication scheme combines the use of X.509 Client Certificates and the use of customized HTML forms to collect authentication information. Using this scheme, the user’s X.509 client certificate must be verified or the user must provide the credentials requested by an HTML form.
   • X509 Client Cert and Form—The X.509 Client Certificate and HTML Forms authentication scheme combines the use of X.509 Client Certificates and the use of customized HTML forms to collect authentication information. Using this scheme, the user’s X.509 client certificate must be verified and the user must provide the credentials requested by an HTML form.

     Note: For more information, see the Policy Server documentation.

8. In the Web Server Configuration Summary dialog box. Confirm that the configuration settings are correct, then click Install.

   The Web Agent files are installed and the Configuration Complete message is displayed.

9. Click Done when the installation is complete.
10. Enable the Web Agent:
    1. Open the WebAgent.conf file, located in

       Sun_Java_System_server/servers/https-hostname/config

    2. Set the value of the EnableWebAgent parameter to Yes.
    3. Save the file.
    4. Restart the web server.
11. Apply changes to the Oracle iPlanet Web Server files. This is required for the Agent’s configuration to take effect.

More Information

Apply SiteMinder Changes to Oracle iPlanet Configuration Files with Oracle iPlanet Administration Server Console for SunOne 6.1 Servers

Manually Configure Non-Default Server Instances, Virtual Servers, or Reverse Proxies for Oracle iPlanet Web Servers

The SiteMinder Web Agent Configuration wizard only configures the default instance of your Oracle iPlanet web server. To configure a different instance of the Oracle iPlanet web server for SiteMinder, manually edit the obj.conf file that is associated with that server instance. Examples of server instances that need manual configuration include:

• Servers installed in a nondefault directory
• Servers that you want to configure as a reverse proxy. We recommend configuring the reverse proxy using your Oracle iPlanet interface before adding the SiteMinder settings to the obj.conf file.

  Note: The SiteMinder Agent Configuration wizard only modifies the default obj.conf file on the Oracle iPlanet (formerly Sun Java System) web server. To protect other instances or reverse proxy deployments with SiteMinder, copy the SiteMinder settings from the default obj.conf file to any respective instance_name-obj.conf files. For example, your web server created an obj.conf file when you installed it, but you later added a server instance named my_server.example.com. To protect resources on my_server.example.com with SiteMinder, copy the SiteMinder settings the wizard added from the obj.conf file to the my_server.example.com-obj.conf file.

• Virtual servers on the same computer

Note: SunOne/Sun Java 7.0 web servers do not require these manual configuration steps.

Follow these steps:

1. Locate the directory of the server instance you want to configure.
2. Open the obj.conf file with a text editor.
3. Locate the following line:

   <Object name="default">
   

4. Insert a new line below the previous one, and then add the following text:

   AuthTrans fn="SiteMinderAgent"
   

5. Locate the following line:

   AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
   

6. Insert a new line below the previous one, and then add the following text:

   NameTrans fn="pfx2dir" from="/siteminderagent/pwcgi" dir="web_agent_home/pw" name="cgi"
   NameTrans fn="pfx2dir" from="/siteminderagent/pw" dir="web_agent_home/pw"
   NameTrans fn="pfx2dir" from="/siteminderagent/jpw" dir="web_agent_home/jpw"
   NameTrans fn="pfx2dir" from="/siteminderagent/redirectjsp" dir="web_agent_home/affwebservices/redirectjsp"
   NameTrans fn="pfx2dir" from="/siteminderagent/certoptional" dir="web_agent_home/samples"
   NameTrans fn="pfx2dir" from="/siteminderagent" dir="web_agent_home/samples"
   NameTrans fn="pfx2dir" from="/siteminderagent/pwservlet" dir=web_agent_home/jpw"
   

   web_agent_home

   Indicates the directory where the SiteMinder agent is installed on your web server.

   Default (Windows 32-bit installations only): C:\Program Files\CA\webagent

   Default (Windows 64-bit installations only): C:\Program Files\CA\webagent\win64

   Default (Windows 32-bit applications operating on 64-bit systems [Wow64]): C:\Program Files (x86)\webagent\win32

7. Locate the following line:

   NameTrans fn="ntrans-j2ee" name="j2ee"
   

8. Insert a new line below the previous one, and then add the following text:

   PathCheck fn="SmRequireAuth"
   

9. Remove the following line:

   NameTrans fn="pfx2dir" from="/mc-icons" dir="C:/Program Files/Sun/WebServer7.0/lib/icons" name="es-internal"
   

10. Locate the following line:

    ObjectType fn="force-type" type="text/plain"
    

11. Insert a new line below the previous one, and then add the following text:

    Service method="(GET|POST)" fn="SmAdvancedAuth"
    

12. Save the obj.conf file.

    The Oracle iPlanet web server is manually configured.

Apply SiteMinder Changes to Oracle iPlanet Configuration Files with Oracle iPlanet Administration Server Console for SunOne 6.1 Servers

The Agent Configuration Wizard modifies the default obj.conf, and mime.types files that the Oracle iPlanet web server uses.

If you are using version 6.1 of a SunOne web server, and you plan to use the Oracle iPlanet Administration console, apply the changes to these files before using the console. If you do not apply the changes using the console first, the changes that are made for your SiteMinder configuration could be corrupted. If you lose your configuration, run the configuration program again.

Note: The agent adds settings to the obj.conf file of the Oracle iPlanet web server when the Agent is configured to support an advanced authentication scheme. SiteMinder does not remove these settings later. Edit the obj.conf file manually to remove any obsolete settings.

Follow these steps:

1. Log in to the Oracle iPlanet Administration Server console.
2. From the Servers tab, select the web server with the SiteMinder agent installed and click Manage.
3. In the right corner of the dialog, click Apply.

   A warning message about loading the modified configuration files appears.

4. Click Load Configuration Files.
5. Exit the console.
6. Restart the web server.
7. Optimize the Agent for Oracle iPlanet by tuning the shared memory segments.

   The SiteMinder changes are applied.

More Information

Reconfigured Web Agent Won't Operate