Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java(TM) Systems Identity Manager 7.1 Installation Guide 

Chapter 7
Installing Identity Manager for Sun Java System Application Server

Use the following information and procedures to install Identity Manager for use with the Sun Java System Application Server, version 8 or Platform Edition 9 . This chapter includes:


Before You Begin

During installation, you will need to know:


Installation Steps

Follow these installation and configuration steps, located in this chapter and following chapters:

Step 1: Install the Sun Java System Application Server Software


Note

Information in this chapter about Java System Application Server installation is for general reference only. For detailed information, refer to the Web page or reference information provided by the application server software provider.


You may need to perform one or more of these general steps when installing the software:

Step 2: Install the Identity Manager Software

  1. You may install the software using one of two methods:
    • Using the installer Graphic User Interface

      Run the install.bat (for Windows) or install (for UNIX) command to launch the installation process.

      The installer displays the Welcome panel.

    • Using the nodisplay option

      On UNIX systems, change directory to the software location. Enter the following command to activate the installer in nodisplay mode:

      install -nodisplay

      The installer displays the Welcome text. The installer then presents a list of questions to gather installation information in the same order as the Graphic User Interface installer in these procedures.


      Note

      If no display is present, the installer defaults to the nodisplay option. The DISPLAY environment variable must be set to a valid X server or the installation may fail.


  2. Click Next. The installer displays the Install or Upgrade? panel.
  3. Leave the New Installation option selected, and then click Next.
  4. The installer displays the Select Installation Directory panel.

  5. Replace the displayed directory location with the location where you want to install Identity Manager. This could be a staging location or a specific folder. Enter the location (or click Browse to locate it), and then click Next.

  6. Note

    If the directory you enter does not exist, Identity Manager prompts for confirmation, and then creates the directory.


  7. Click Next to begin installation.
  8. After installing the files, Identity Manager displays the Launch Setup panel.


    Caution

    Before you continue, if you plan to use an index database, you may need to copy one or more files to the idm\WEB-INF\lib directory. For example, you may need to place into idm/WEB-INF/lib a JAR file containing a JDBC driver (for a DriverManager connection) or a JAR file containing a JNDI InitialContextFactory (for a DataSource connection). To determine the steps you may need to perform before you go on, see Index Database Reference. When finished, click Launch Setup to launch the Setup Wizard and continue with setup steps.

    If you click Launch Setup before copying your index database files, setup will not proceed correctly. If this happens, quit the installation program, and then use the lh setup command to restart the setup portion of the installation process.


  9. Click Next on the Setup Wizard panel.
  10. The installer displays the Locate the Repository panel.

  11. Select an index database:
    • Oracle (JDBC Driver)
    • Oracle (Data Source)
    • MySQL (JDBC Driver)
    • MySQL (Data Source)
    • DB2 (JDBC Driver)
    • DB2 (Data Source)
    • SQL Server (JDBC Driver)
    • SQL Server (Data Source)
    • LocalFiles
    • Depending on your selection, setup prompts for additional setup information.


      Note

      See Index Database Reference, for selections and setup instructions.


  12. Click Next.
  13. The Continue Identity Manager Demo Setup? panel appears.
  14. If this is a non-demo installation click No, I will configure Identity Manager myself. Go to Step 19.
  15. If appropriate, click Yes, I would like to continue setting up a demonstration environment.
  16. This allows you to quickly configure users and enter environment and server information.

  17. Enter the following personal information:
    • First name
    • Last name
    • Email address

    • Note

      This personal information is used to create the Approver user (with configurator privileges.)


  18. Enter the following Approver information:
    • Approver name
    • Approver password
  19. Click Next.
  20. Select the Server Type from the list.
  21. Select None if your environment has no server to manage. If there is a server you wish to manage, select the appropriate server type. You will be prompted for further server information as appropriate.

  22. If you have an email SMTP server, click SMTP Host and enter the server address. If desired, click Test Server to verify communication to the SMTP server.
  23. If you would like email notifications to be written to a file, click Notification File. Click Browse to select another notification file.
  24. Click Next.
  25. The installer displays the Import Save Configuration panel.
  26. Click Execute to perform all the listed functions. If desired, click Hide Details.
  27. When all functions complete, click Done in the setup panel.

Getting More Information

When installation completes, the installer displays the Installation Summary panel. For detailed information about the installation, click Details.

Not all messages may not be displayed here. View the log file (identified in details) for more information.

When finished, click Close to exit the installer.

After completing installation, continue by optionally installing the Sun Identity Manager Gateway.

Step 3. Deploy Identity Manager into Sun Java System Application Server

Follow these steps to deploy the Identity Manager application into Sun Java System Application Server:

  1. Open a command prompt, then change to the staging directory where you installed the Identity Manager files. (This is the directory you specified in Step 4 in the procedure Step 2: Install the Identity Manager Software.)
  2. Create a .war file with the Identity Manager files by using the jar.exe (on Windows) or jar (on UNIX) command:
  3. c:\java1.4\bin\jar.exe cvf ..\idm.war *
    /usr/bin/jar cvf ../idm.war *

  4. Launch your application server and log in to the Java System Application Server Admin Console.
  5. Navigate to and expand the Applications folder in the left panel.
  6. Click the Web Applications folder.
  7. Click Deploy... in the right panel.
  8. Enter the file path for the idm.war file, and then click Next.
  9. When prompted, set the Application Name to idm. Set the Context Root to /idm, and then click Finish.
  10. If you are deploying on Platform Edition 9, perform the following steps to ensure that you can create resources in Identity Manager.
    1. Click on the Application Server link in the left pane of the Admin Console
    2. Select the JVM Settings tab, then select the JVM Options tab.
    3. Click Add JVM Option.
    4. Add the the following to the blank box in the Value column:
    5. -Dcom.sun.enterprise.server.ss.ASQuickStartup=false

    6. Click Save.
  11. Restart your Application Server Instance.
  12. To verify setup, log in to Identity Manager. You can do this within the Admin Console by clicking the Launch button on the "idm" line of the Web Applications folder.

Step 4. Install the Sun Identity Manager Gateway

If you plan to set up Windows Active Directory, Novell NetWare, Novell GroupWise, Exchange 5.5, Remedy, or RSA ACE/Server resources, you should install the Sun Identity Manager Gateway. Follow the procedures in Install the Sun Identity Manager Gateway.

Step 5: Edit the server.policy File on Application Server 8

When running Identity Manager on a Sun Java System Application Server 8 with Java 1.4 or 1.5, Identity Manager must be given permissions to perform certain actions.


Note

This step is not applicable to Platform Edition 9.


Add the following lines to the server.policy file for the domain in which Identity Manager is installed (located in ApplicationServerHome/domains/domainName/config):

grant {
permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission com.waveset.repository.test.testConcurrentLocking "read";
permission java.net.SocketPermission "*", "connect,resolve";
permission java.io.FilePermission "*", "read";
permission java.util.PropertyPermission "*", "read,write";
};
grant codeBase "file:${waveset.home}/-" {
permission java.util.PropertyPermission "waveset.home", "read,write";
permission java.util.PropertyPermission "security.provider", "read,write";
permission java.io.FilePermission "${waveset.home}${/} *", "read,write,execute";
permission java.io.FilePermission "${waveset.home}/help/index/-",
"read,write,execute,delete";
permission java.io.FilePermission "$(java.io.tmpdir)$(/)*", "read,write,delete";
permission java.util.PropertyPermission "*", "read,write";
permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
permission java.net.SocketPermission "*", "connect,resolve";
};

If you want to deploy Identity Manager Service Provider Edition, add the following permissions to the above server.policy file entries.

grant {
permission java.lang.RuntimePermission "shutdownHooks";
permission java.io.FilePermission "${waveset.home}/WEB-INF/spe/config/spe.tld", "read";
};


Note

If you fail to update the old server.policy file with the above, and try to use the search engine, lock files may be created in the index directory that cannot be removed by the container. This always causes queries to hang, even if the server.policy file is subsequently updated.

For example, the contents of the help/index/docs directory should contain these five files:

AL
MF
p1.dict
p1.fields
p1.post

In addition to the above, there may be two lock files:

AL.lock
MF.lock

These must be deleted manually. Once these are removed (and the server.policy file updated correctly), search queries will work as expected.


If you want to run with trace set to write to a file, you will need to add the following additional permissions to the server.policy file.

grant {
  permission java.io.FilePermission "/var/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/
idm/config/trace1.log", "read,write";
  permission java.io.FilePermission "$(java.io.tmpdir)$(/)*", "read,write,delete";
  permission java.util.PropertyPermission "trace.file", "read";
  permission java.util.PropertyPermission "trace.destination", "read";
  permission java.util.PropertyPermission "trace.enabled", "read";

};

where FilePermission is the actual path of the trace file. Adjust the path to the output file as needed.


Note

After modifying the file, you must restart the application server.




Previous      Contents      Index      Next     


Part No: 820-0817-10.   Copyright 2007 Sun Microsystems, Inc. All rights reserved.