Pages

Saturday, October 13, 2012

Manual Deployment of CA IdentityMinder 12.6 on WebSphere 7 on Unix - Part 3: Deploying the IDM ear files

Now that you have the clustered WebSphere environment configured and your idm ear file modified, the final step is to deploy the ear file. The deployment process includes a few manual (surprise) steps you need to make sure are followed for an error free start up.


Step 3: Deploy Identity Manager ear files.

Deploy CA_Styles
Deploy to web servers and cluster. Accept Defaults for deployment

Deploy WAS_R126sp#_.ear *
*Make sure ear files has been configured for deployment in current WebSphere Environment.
Select detailed deployment

Step 1  Most steps are left as default. I will call out those that require a change.

Step 2 Map modules to servers > Deploy to your web servers and cluster.

Step 4 Provide options to compile JSPs  > JDK Source Level 15

Step 8 Bind listeners for message-driven beans:
You only need to update the first 3 modules but also check the remaining 3. The Destination JNDI name will be missing the prefix iam/im/....
If you do not make the changes here through the deployment process or miss a step, you can still updates these values after the deployment. This is one of the most common errors we find when we deploy. WebSphere SystemOut.log will complain about this right away. 

EJB
Bindings-Activation Specification Target Resource JNDI Name
Destination JNDI name
SubscriberMessageEJB
iam/im/ACT
iam/im/jms/queue/com.netegrity.ims.msg.queue
ServerCommandsEJB
iam/im/ServerCommand
iam/im/jms/topic/topic/ServerCommandTopic
RuntimeStatusDetailEJB
iam/im/jms/RuntimeStatusDetailQueue
iam/im/jms/queue/queue/RuntimeStatusDetailQueue
ServerAutomatedActivityMDBean
iam/im/jms/wpServAutoActActSpec
iam/im/jms/queue/queue/wpServAutoActQueue
EventMDBean
iam/im/jms/wpEventActSpec
iam/im/jms/queue/queue/wpEventQueue
UtilityMDBean
iam/im/jms/wpUtilActSpec
iam/im/jms/queue/queue/wpUtilQueue

The rest are left as default.

Do not start new applications.

Post Deployment Configuration

PolicyServer J2C Connection Factory Configuration
Enterprise Applications > IdentityMinder > Manage Modules > policyserverRA > Resource Adapter >  J2C connection factories > New
Name
JNDI name
iam_im-PolicyServerConnection
iam/im/rar/nete/rar/PolicyServerConnection
Set all Container-managed authentication alias to "None"


Optional: Validate settings are appropriate for SiteMinder environment
Enterprise Applications > IdentityMinder > Manage Modules > policyserver.rar > IdentityMinder.PolicyServerRA > J2C connection factories > PolicyServerConnection > Custom properties
Validate correct SiteMinder settings (Leave turned off to troubleshoot other startup issues first. Then enable once IDM app is validated to work.)

Workflow J2C Connection Factory Configuration
Now select the following from the actions menu Enterprise Applications > IdentityMinder > Manage Modules > WorkflowRA > Resource Adapter > J2C connection factories > New
Name
JNDI name
iam_im-Workflow
iam/im/rar/Workflow
Set all Container-managed authentication alias to "None"
Do not delete existing connection factory

User Console Class Loader and WorkPoint Server Configuration
Now select the following from the actions menu Enterprise Applications > IdentityMinder > Manage Modules > IMS-UI
Change Class loader order to use:
Classes loaded with local class loader first (parent last) - Starting weight: 4000

Also
Now select the following from the actions menu Enterprise Applications > IdentityMinder > Manage Modules > wpServer.jar
Starting weight: 500

Application Server LIBPATH Configuration
Navigate to Servers-> Server Types-> WebSphere Application Servers-> server-> server Infrastructure->Java and Process Management -> process definition -> Environment Entries-> New
Name
Value*
LIBPATH
.../WebSphere/Common//installedApps//iam_im.ear/library
*Path will be unique for each application server

Update Web Server Plug-in

Environment-> Update global Web Server plug-in configuration
Click OK to update the plug-in

Starting Identity Manager
Make sure nodes are in sync and restart WebSphere Environment
System Administration > Nodes
Check for sync status

Restart WebSphere on all nodes.

Check SystemOut.log for any errors.

Check IdentityManager console for validation
http://host:port/iam/immanage/
Now you are ready to create your first environment.

For other tips on IdentityMinder deployments as well as important security parameters, check these postings on the Binary Blogger site:
http://www.binaryblogger.com/p/ca-identityminder-posts.html

For previous posts in this series:
Part 1 - Configuring WebSphere 7 
Part 2: Creating the IDM ear file for deployment