Pages

Saturday, October 13, 2012

Manual Deployment of CA IdentityMinder 12.6 on WebSphere 7 on Unix - Part 2 Creating the IDM.ear for deployment

Before you deploy the idm ear file, you need to make some modifications in order to make it work within your environmnet. You can extract and package the ear file from your windows desktop easily. You only need to have a java jdk installed and have the jdk jre within your path.

-->
Extracting the Ear

It doesn't matter on which platform you install the IdentityMinder installer to obtain the IDM EAR file. For example, I will install IdentityMinder 12.6 on my Windows7 workstation and select the option to only create the ear files.

Extract WAS_IMr12.ear to working directory /
jar -xvf WAS_IMr12.ear

Create folders:
policyserver
Move policyserver.rar into /policyserver folder
user_console
Move user_console.war into /user_console folder
workflow
Move workflow.rar into /workflow folder


Update Workpoint ports
Under /config folder

!!Update the following file and  value to match the WebSphere application server BOOTSTRAP ADDRESS!!

workpoint-client.properties
java.naming.provider.url=iiop://localhost:9810   (Change localhost to server name)

Update the following file and value to match the web server port

workpoint-server.properties
# This URL tells the WorkPoint Server where the WorkPoint Gateway is located.
workpoint.gateway.url=http://localhost:8080/wpGateway/   (Change localhost to server name and use the correct port to WebSphere or IHS if you are using it as well.)

Update Provisioning Server shared secret

Under custom/identitymanager
systemWideProperties.properties
# Shared secret for the Provisioning server callback
IMeTASharedSecret={PBES}:xfx89…….

Get encypted password values for this and other properties
Navigate to password tool section on IdM server:
.../CA/IdentityManager/IAM_Suite/Identity_Manager/tools/PasswordTool
./pwdtools.sh -JSAFE -p P@ssword


Update SiteMinder Policy Server Configurations if enabling SiteMinder integration. This can also be done via the WebSphere console post deployment.
CD into the policyserver/ folder
Explode the policyserver.rar
jar -xvf policyserver.rar

CD into /policyserver/META-INF folder

Update the ra.xml file with correct SiteMinder environment information.
Will need all policy servers listed, admin ID, agent name, and password hash.

ValidateSMHeadersWithPS:true  
enabled:false
FIPSMode:false
ConnectionURL: policyserver1,44443,44443,44443
UserName: siteminder
AdminSecret: password encrypted*
AgentName: 4.x agent created for use by IdM
AgentSecret: 4.x agent password encrypted*
ConnectionMin:8
ConnectionMax:128
ConnectionStep:8
ConnectionTimeout:1000
FailoverServers: policyserver1,44443,44443,44443;policyserver2,44443,44443,44443
Failover: true
**

Repackage policyserver.rar

Move up one level to /policyserver

Delete existing policyserver.rar

jar -cvf policyserver.rar *

Move new policyserver.rar up one level to /

Delete the folder /policyserver/

Update User Console Config (only required if enabling SiteMinder integration)
CD into /user_console
Explode the user_console.war
jar -xvf user_console.war
CD into /user_console/WEB-INF
Update web.xml with following change:
    FrameworkAuthFilter
    com.netegrity.webapp.authentication.FrameworkLoginFilter
       
    Enable
    false
       

Repackage user_console.war
Move up one level to /user_console
Delete existing user_console.war
jar -cvf user_console.war *
Move new user_console.war up one level to /
Delete the folder /user_console/


Update Workflow Config
CD into /workflow
Explode the workflow.rar
jar -xvf workflow.rar
CD into /workflow/META-INF
Edit ra.xml
       
            UserName
            java.lang.String
            IDM
       
       
            Password
            java.lang.String
            sn0wba11
       
This IDM user must exist and be referenced by WebSphere at runtime. Also, Do NOT encrypt the password. It is encrypted by WebSphere at deployment time. The location of this ID will depend on your WebSphere Global Security configuration. For example, if WebSphere Global security is leveraging LDAP, this ID would need to be in LDAP.

Repackage workflow.rar
Move up one level to /workflow
Delete existing workflow.rar
jar -cvf workflow.rar *
Move new workflow.rar up one level to /
Delete the folder /workflow/

Repackage Ear
After all modifications are made, repackage the ear for the particular environment being deployed to.
From the location, delete the existing WAS_IMr12.ear.
Package the new ear with the following format:
WAS_IMr12(major version)sp(Service pack version)_environment.ear
jar -cvf  WAS_IMr126_Dev.ear *

Now you are ready to deploy your ear file.