Federation Security Services Guide › Deploy Federation Using a Manual Configuration › Set Up the Service Provider › Install the SP Web Agent Option Pack

Install the SP Web Agent Option Pack

The Web Agent Option pack installs the Federation Web Services (FWS) application.

To set up the Web Agent Option Pack

1. Install a JDK.

   For the supported version of the JDK, see the SiteMinder r12 Platform Support Matrix on the Technical Support site. This matrix includes r12.0 SP3.

   Install the Web Agent Option Pack on the same web server as the Web Agent.

   In this deployment, the server is an IIS Web Server.

   For instructions on installing the Web Agent Option Pack, see the Web Agent Option Pack Guide.

2. Configure the Web Server with the Web Agent Option Pack.

Configure the Web Server with the Web Agent Option Pack

The Web Agent Option Pack installed the Federation Web Services (FWS) application. Configure the FWS application for the sample deployment.

For FWS to work, do the following

1. Install the JDK for Federation Web Services
2. Install and Configure ServletExec to Work with FWS at the SP
3. Configure the AffWebServices.properties file
4. Enable Web Agent Option Pack logging
5. Test Federation Web Services

Install the JDK for Federation Web Services

The Web Agent Option Pack requires a JDK to run the Federation Web Services application. For the specific version required, go the Technical Support site and search for SiteMinder Platform Support Matrix for the release.

Install and Configure ServletExec to Work with FWS at the SP

For FWS to operate in this deployment, ServletExec is installed on a Sun ONE 6.1 web server.

Note: SiteMinder r12.0 SP3 is shipped with a ServletExec license key file named ServletExec_AS_6_license_key.txt. If you do not have this license key, contact CA Technical Support. From this license file, copy the license key and enter it in the ServletExec License dialog of the ServletExec Administration Console. For instructions on licensing ServletExec, see ServletExec documentation, available at the New Atlanta Communication website.

Apply the most current hot fixes for the supported version of ServletExec. The hot fixes are necessary for Federation Web Services to work with ServletExec. To obtain the hot fixes, go to the website for New Atlanta Communications.

To set up ServletExec

1. Install ServletExec.

   For instructions, refer to New Atlanta Communications documentation.

2. Open the ServletExec Administration Console.
3. Under Web Applications, select manage.

   The Manage Web Applications dialog opens.

4. Click Add a Web Application.
5. Enter the following information:

   Application Name

   affwebservices

   URL Context Path

   /affwebservices/

   Location

   C:\program files\ca\webagent\affwebservices

   The location of affwebservices in your network can be different. Enter the correct location.

6. Click Submit.
7. Exit the ServletExec Console.
8. Configure the AffWebServices.properties file.

Configure the FWS Properties File

The AffWebServices.properties file contains all the initialization parameters for Federation Web Services. Specify the location of the WebAgent.conf file in this file.

Follow these steps:

1. On the SP system with the Web Agent Option Pack, go to the directory C:\Program Files\ca\webagent\affwebservices\WEB-INF\classes
2. Set the AgentConfigLocation parameter to the location of the WebAgent.conf file. Setting a value for this parameter is mandatory.

   For this deployment, the web server hosting the FWS application at the Service Provider is a Sun ONE Web Server. So, the path to the WebAgent.conf file is:

   C:\\Sun\\WebServer6.1\\https-sp.demo\\config\\WebAgent.conf
   

   Note: Federation Web Services is a Java component, so the Windows paths must contain double backslashes. Specify this entry on one line.

3. Save and close the file.
4. Test Federation Web Services.

Test Federation Web Services

After you have set up the Federation Web Services application, verify that it is operating properly.

Follow these steps:

1. Open a web browser and enter the following link:

   http://fqhn:port_number/affwebservices/assertionretriever
   

   fqhn

   Defines the fully qualified host name.

   port_number

   Defines the port number of the server where the Web Agent and Web Agent Option Pack are installed.

   For this deployment, enter:

   http://www.sp.demo:81/affwebservices/assertionretriever
   

   If Federation Web Services is operating correctly, the following message appears:

   Assertion Retrieval Service has been successfully initialized.
   The requested servlet accepts only HTTP POST requests.
   

   This message indicates that Federation Web Services is listening for data activity. If Federation Web Services is not operating correctly, you get a message that the Assertion Retrieval Service has failed. If Assertion Retrieval Service fails, examine the Federation Web Services log.

2. Enable Web Agent Option Pack logging.

Enable Web Agent Option Pack Logging at the SP

At the SP, enable logging for the system with the Web Agent Option Pack so you can view the following logs:

• affwebserv.log

  Contains error logging messages.

• FWSTrace.log

To enable error and trace logging

1. Open up the LoggerConfig.properties file. This file can be found in the directory web_agent_home/affwebservices/WEB-INF/classes.
2. Set the LoggingOn parameter to Y.
3. Accept the default name and location for the LogFileName setting, which points to the affwebserv.log file.
4. Set the TracingOn setting to Y.
5. Accept the default name and location for the TraceFileName setting, which points to the FWSTrace.log file.

Logging is now enabled.

More Information:

Set up the LoggerConfig.properties File

Federation Security Services Trace Logging