Tuesday, April 6, 2010

Installing CA Identity Manager 12.5 on Solaris 10

This is a supplement to the "Quick Guide to getting CA SiteMinder 12 integrated with Identity Manager 12.5" post. This document contains the steps to install Identity Manager on JBoss on Solaris as well as  integrate with a SiteMinder Policy Server.

For searching purposes, here is the text of the document:

Quick Guide to Integrating CA SiteMinder 12sp2 with Identity Manager 12.5 on Solaris
Draft - supplement to “Quick Guide to getting CA SiteMinder 12sp2 integrated with Identity Manager 12.5” available here.
Setup requirements
A working SiteMinder R12sp2 environment
A MS SQL instance
Solaris 10 Server for Identity Manager install
On the Solaris 10 box, install apache2.2 and jboss 4.2.3.GA
Pre-configuring the environment for IdM install and integration with SiteMinder. 
Check support matrix first
SiteMinder: filePath=0/5262/5262_docindex.html#PSM
Identity Manager: filePath=0/5655/5655_docindex.html#PSM
Need help on installing SiteMinder r12sp2? Refer to coreblox’s excellent how to guide:
Pre-requisites before installing Identity Manager
Preparing the SiteMinder Policy Server
On SiteMinder Policy Server, install Identity Manager components and extend schema. 
Launch the Identity Manager software. Start ca-im-r12.5-win32.exe
In the “Choose Components” window, select “Identity Manager Administrative Tools” and “Extensions for SiteMinder”.
By installing the “Identity Manager Administrative Tools” you will have access to all the extras you will need. These tools can be used regardless of the platform they are installed on. 
While the policy server is still down, extend the schema of the Policy Store. The schema file is located within the tools you just installed. In my environment I am using Sun LDAP, so the schema file is located at: “C:\CA\Identity Manager\IAM Suite\Identity Manager\tools\policystore-schemas\SunJavaSystemDirectoryServer\sundirectory_im8.ldif”
Startup the policy server and check the smps.log for any errors.
Configuring the Apache2.2 web server
Install and register the apache2.2 instance on the solaris server. Enable the webagent and restart apache to make sure it is working. 
Seting up apache2.2 proxy plugin for jboss
download the tomcat connector for apache on sparc.
rename to mod_jk and copy to ../apache2.2/modules
copy the example file from the Administrative Tools you installed on the Policy Server to ../apache2.2/conf/
 C:\CA\Identity Manager\IAM Suite\Identity Manager\tools\samples\ConnectorConfiguration\solaris\Apache_JBoss\
Ignore the included readme.txt. It has a few errors. 
The file should work as is assuming you are running jboss on default ports. If you are running jboss on something different, modify the file accordingly. 
      worker.jboss.port=8009 (Default AJP jboss port)
Next update the httpd.conf file to include the following lines:
LoadModule jk_module modules/
JkWorkersFile /wam/apache2.2/conf/
JKLogFile /wam/apache2.2/logs/jk2_mod.log
JkLogLevel DEBUG
JkShmFile /wam/apache2.2/logs/jk-runtime-status
and also
        JkMount /idm/* jboss
        JkMount /idmmanage/* jboss
        JkMount /castylesr5.1.1/* jboss
        JkMount /jkstatus/* jboss
After these changes, restart the web server. Check the logs for any startup errors. 
Installing Identity Manager on Solaris
# ./ca-im-r12.5-sol.bin -i console
Preparing to install...
Extracting the JRE from the installer archive...
Unpacking the JRE...
Extracting the installation resources from the installer archive...
Configuring the installer for this system's environment...
Launching installer...
Hit enter 197 times.
Choose Components
  ->1- Identity Manager Server
    2- Connect to Existing SiteMinder Policy Server
  ->3- Identity Manager Administrative Tools
  ->4- Identity Manager Provisioning Server
  ->5- Identity Manager Provisioning Directory
  ->6- Extensions for SiteMinder (if SiteMinder is installed locally)
Please select the components you would like to install.  Enter a 
   comma-separated list of numbers for your selection.
   The Identity Manager Administrative Tools option includes Workflow Designer,
   Provisioning Manager, and code samples.: 1,2,3
Next, set your install Path and make your FIPS selection. 
Application Server Information
Choose the type of application server that will host CA Identity Manager
For the latest supported application server versions, see the CA Identity Manager support site (
  ->1- JBoss 4.2.3
    2- WebLogic 9.2.1
    3- WebLogic 10.3
    4- WebSphere 6.1.x
   : 1
JBoss Application Server Information
Please enter information for the application server.
Note: In the Application Server URL field, enter the fully-qualified URL including port number.
JBoss Folder (no spaces) (DEFAULT: /jboss-4.2.3): /wam/jboss-4.2.3.GA
App Server URL and port (DEFAULT: http://:8080)
Select your Java install
Select Database Type
Select the type of database that CA Identity Manager will use to store task persistence and archive, workflow, auditing, and reporting information, and required objects. Select an existing database type.
    1- Oracle 10/11g
    2- SQL 2005/2008
Database Connection Information
Please enter the connection information for the database [Object store,Task Persistence and archive store, Audit store, Report store and Workflow store]
Host Name (DEFAULT: ): w2k3db
Port Number (DEFAULT: 1433): 
Database Name (DEFAULT: ): IDMGRDB
Username (DEFAULT: ): sa
Login Information
Please provide a username and password for all CA components that are embedded within CA Identity Manager.
This user will be created to connect to the embedded CA components. 
Username (DEFAULT: ): IdMMgr
This will be the common Id/password used for all components. Will also be the name of the auto agent created on the policy server.
Setup Policy Server Connection info
SiteMinder Policy Server Information
Please enter information for the SiteMinder administrator account that CA Identity Manager will use to communicate with the SiteMinder Policy Server.
Policy Server Host Name (DEFAULT: localhost): w2k3smps
Review Pre-Install Summary. Before you start install, make sure the Policy Server is running. Install.
Install Complete
Congratulations. CA_Identity_Manager has been successfully installed.
Start jboss and check for any errors
2010-04-06 17:15:30,500 WARN  [ims.default] * Startup Step 26 : Attempting to recover events and runtime status details
2010-04-06 17:15:30,502 WARN  [ims.default] ---- CA IAM FW Startup Sequence Complete. ----
Go to the jboss URL directly to verify the application is running.

Next verify you can also reach the Identity Manager application via the apache web-server proxy. 


  1. Hi Carlos,

    This is very helpful. I see you finally have some time to do some fun stuff..Shahbaz

  2. Thanks. Finally going through my lab work and posting my notes. :-) Expect a quick guide on Access Control very soon.