Pages

Tuesday, April 6, 2010

Installing CA Identity Manager 12.5 on Solaris 10

This is a supplement to the "Quick Guide to getting CA SiteMinder 12 integrated with Identity Manager 12.5" post. This document contains the steps to install Identity Manager on JBoss on Solaris as well as  integrate with a SiteMinder Policy Server.

For searching purposes, here is the text of the document:


Quick Guide to Integrating CA SiteMinder 12sp2 with Identity Manager 12.5 on Solaris
Draft - supplement to “Quick Guide to getting CA SiteMinder 12sp2 integrated with Identity Manager 12.5” available here.
Setup requirements
A working SiteMinder R12sp2 environment
A MS SQL instance
Solaris 10 Server for Identity Manager install
On the Solaris 10 box, install apache2.2 and jboss 4.2.3.GA
Pre-configuring the environment for IdM install and integration with SiteMinder. 
Check support matrix first
SiteMinder: https://support.ca.com/irj/portal/anonymous/phpdocs? filePath=0/5262/5262_docindex.html#PSM
Identity Manager: https://support.ca.com/irj/portal/anonymous/phpdocs? filePath=0/5655/5655_docindex.html#PSM
Need help on installing SiteMinder r12sp2? Refer to coreblox’s excellent how to guide:
Pre-requisites before installing Identity Manager
Preparing the SiteMinder Policy Server
On SiteMinder Policy Server, install Identity Manager components and extend schema. 
Launch the Identity Manager software. Start ca-im-r12.5-win32.exe
In the “Choose Components” window, select “Identity Manager Administrative Tools” and “Extensions for SiteMinder”.
By installing the “Identity Manager Administrative Tools” you will have access to all the extras you will need. These tools can be used regardless of the platform they are installed on. 
While the policy server is still down, extend the schema of the Policy Store. The schema file is located within the tools you just installed. In my environment I am using Sun LDAP, so the schema file is located at: “C:\CA\Identity Manager\IAM Suite\Identity Manager\tools\policystore-schemas\SunJavaSystemDirectoryServer\sundirectory_im8.ldif”
Startup the policy server and check the smps.log for any errors.
Configuring the Apache2.2 web server
Install and register the apache2.2 instance on the solaris server. Enable the webagent and restart apache to make sure it is working. 
Seting up apache2.2 proxy plugin for jboss
download the tomcat connector for apache on sparc.
download mod_jk-1.2.28-httpd-2.2.X.so
rename to mod_jk and copy to ../apache2.2/modules
copy the example worker.properties file from the Administrative Tools you installed on the Policy Server to ../apache2.2/conf/
 C:\CA\Identity Manager\IAM Suite\Identity Manager\tools\samples\ConnectorConfiguration\solaris\Apache_JBoss\workers.properties
Ignore the included readme.txt. It has a few errors. 
The workers.properties file should work as is assuming you are running jboss on default ports. If you are running jboss on something different, modify the workers.properties file accordingly. 
      worker.jboss.port=8009 (Default AJP jboss port)
      worker.jboss.host=127.0.0.1
      worker.jboss.type=ajp13
Next update the httpd.conf file to include the following lines:
LoadModule jk_module modules/mod_jk.so
JkWorkersFile /wam/apache2.2/conf/workers.properties
JKLogFile /wam/apache2.2/logs/jk2_mod.log
JkLogLevel DEBUG
JkShmFile /wam/apache2.2/logs/jk-runtime-status
and also
        JkMount /idm/* jboss
        JkMount /idmmanage/* jboss
        JkMount /castylesr5.1.1/* jboss
        JkMount /jkstatus/* jboss
After these changes, restart the web server. Check the logs for any startup errors. 
Installing Identity Manager on Solaris
# ./ca-im-r12.5-sol.bin -i console
Preparing to install...
Extracting the JRE from the installer archive...
Unpacking the JRE...
Extracting the installation resources from the installer archive...
Configuring the installer for this system's environment...
Launching installer...
PRESS TO CONTINUE:  
Hit enter 197 times.
===============================================================================
Choose Components
-----------------
  ->1- Identity Manager Server
    2- Connect to Existing SiteMinder Policy Server
  ->3- Identity Manager Administrative Tools
  ->4- Identity Manager Provisioning Server
  ->5- Identity Manager Provisioning Directory
  ->6- Extensions for SiteMinder (if SiteMinder is installed locally)
Please select the components you would like to install.  Enter a 
   comma-separated list of numbers for your selection.
   The Identity Manager Administrative Tools option includes Workflow Designer,
   Provisioning Manager, and code samples.: 1,2,3
Next, set your install Path and make your FIPS selection. 
===============================================================================
Application Server Information
------------------------------
Choose the type of application server that will host CA Identity Manager
For the latest supported application server versions, see the CA Identity Manager support site (http://ca.com/support).
  ->1- JBoss 4.2.3
    2- WebLogic 9.2.1
    3- WebLogic 10.3
    4- WebSphere 6.1.x
ENTER THE NUMBER FOR YOUR CHOICE, OR PRESS TO ACCEPT THE DEFAULT:
   : 1
===============================================================================
JBoss Application Server Information
------------------------------------
Please enter information for the application server.
Note: In the Application Server URL field, enter the fully-qualified URL including port number.
JBoss Folder (no spaces) (DEFAULT: /jboss-4.2.3): /wam/jboss-4.2.3.GA
App Server URL and port (DEFAULT: http://:8080)
Select your Java install
example:
/wam/jdk1.5.0_21/bin/java
===============================================================================
Select Database Type
--------------------
Select the type of database that CA Identity Manager will use to store task persistence and archive, workflow, auditing, and reporting information, and required objects. Select an existing database type.
    1- Oracle 10/11g
    2- SQL 2005/2008
ENTER THE NUMBER OF THE DESIRED CHOICE: 2
===============================================================================
Database Connection Information
-------------------------------
Please enter the connection information for the database [Object store,Task Persistence and archive store, Audit store, Report store and Workflow store]
Host Name (DEFAULT: ): w2k3db
Port Number (DEFAULT: 1433): 
Database Name (DEFAULT: ): IDMGRDB
Username (DEFAULT: ): sa
===============================================================================
Login Information
-----------------
Please provide a username and password for all CA components that are embedded within CA Identity Manager.
This user will be created to connect to the embedded CA components. 
Username (DEFAULT: ): IdMMgr
This will be the common Id/password used for all components. Will also be the name of the auto agent created on the policy server.
Setup Policy Server Connection info
===============================================================================
SiteMinder Policy Server Information
------------------------------------
Please enter information for the SiteMinder administrator account that CA Identity Manager will use to communicate with the SiteMinder Policy Server.
Policy Server Host Name (DEFAULT: localhost): w2k3smps
Review Pre-Install Summary. Before you start install, make sure the Policy Server is running. Install.
===============================================================================
Install Complete
----------------
Congratulations. CA_Identity_Manager has been successfully installed.
Start jboss and check for any errors
/wam/jboss-4.2.3.GA/bin/run_idm.sh
2010-04-06 17:15:30,500 WARN  [ims.default] * Startup Step 26 : Attempting to recover events and runtime status details
2010-04-06 17:15:30,502 WARN  [ims.default] ---- CA IAM FW Startup Sequence Complete. ----
Go to the jboss URL directly to verify the application is running.
http://hostname:8080/idmmanage

Next verify you can also reach the Identity Manager application via the apache web-server proxy. 
http://hostname/idmmange