Sun Java Enterprise System 2003Q4 Installation Guide |
Chapter 3
Gathering Installation and Configuration InformationThis chapter describes the information you must provide the Java Enterprise System installer to configure component products. Use this chapter in conjunction with the worksheets in Appendix A to prepare for installation of Java Enterprise System.
This chapter contains the following sections:
You can use this chapter for all installer modes: graphical, text, and silent.
If you are using the Minimal Configuration option, the Java Enterprise System installer does not configure the components you install, except that Identity Server requires the information described in the following sections:
Note
Many components require that you assign port numbers. Before you start to configure the components, you can view the list of port numbers that component products use. For a list of component product port numbers, refer to Appendix C, "Component Port Numbers"
When the installer requests that you enter a port number, it performs a runtime check on the ports in use and displays an appropriate default value. If the default port number is taken by another component product or by another instance of the same component product, the installer provides a different value.
For example, both Sun ONE Web Server and Sun ONE use default port 80. When you install both components on the same machine, the first to be configured has the default port 80. The second component to be configured has a different default port, such as 81 or 82.
How to Use This ChapterThis chapter describes each piece of configuration information for which the installer prompts. The configuration information is grouped in the same way that the graphical installer groups the information: first by component product, and then by type of information. Tables in this chapter correspond directly to the pages that the installer displays.
The configuration information tables have two columns: “Label and State File Parameter,” and “Description.” The “Label and State File Parameter” column contains the following information:
- Label. The text that identifies the information, usually by labeling an input field, in the installer’s graphical mode. For example, the installer includes a field label called Password Encryption Key.
- State File Parameter. The key that identifies the information in a silent installation state file. State file parameters are uppercase and appear in monospace font. For example, the state file parameter associated with a Password Encryption Key field is AM_ENC_PWD.
Default Values
Default values apply to all installer modes, unless the description provides a separate value for a state file.
State files are case sensitive for all values, except for those noted.
Suggested Look-up Strategies
If you are using this chapter to get information about configuration questions posed by the installer’s graphical mode, do the following:
If you are using this chapter to get information about parameters in a state file, do the following:
Installation DirectoriesThe Java Enterprise System installer automatically installs component products in default directories unless you specify otherwise. Table 3-1 indicates the default directories for Java Enterprise System components.
When you run the Java Enterprise System installer, it suggests the default location for each component. In most cases you can specify a custom location to override a default location.
Installation directories for the following components have restrictions:
- Directory Server. You cannot specify the installation location for Directory Server although you can specify the location for Directory Server runtime configuration data.
- Portal Server, Secure Remote Access. Portal Server, Secure Remote Access Support must be installed into the same location as Portal Server.
- Sun Cluster software, Sun Cluster Agents. You cannot change the location of the installation directories.
- Sun ONE Message Queue. You cannot change the location of the installation directories.
Common Server SettingsBefore proceeding, you must provide values for common server settings, as the following table indicates.
When you install components using the Custom Configuration option, the installer displays these common server settings as default values for each component that uses the settings. You can edit the values on a per-component basis as you configure the components.
Administration Server ConfigurationThe installer needs the following information for Administration Server.
Table 3-3 Information for Administration Server
Label and State File Parameter
Description
Server Root
ADMINSERV_ROOTBase pathname under which the component products managed by Administration Server are installed.
The default value is /var/opt/mps/serverroot.
Administration Port
ADMINSERV_PORTPort to use when connecting to this Administration Server through Administration Console over HTTP.
The default value is 390. Any available port number is permitted.
Administration Domain
ADMINSERV_DOMAINA name for a collection of servers that will share a directory service.
The suggested default value is the host domain name that you set under Common Server Settings. Refer to Table 3-2. However, administrative domain does not have to match or be associated with a network domain.
Configuration Server Administration ID
ADMINSERV_CONFIG_ADMIN_USERUser ID of the configuration directory administrator. Administration Server uses this identity when managing configuration directory data.
The default value is the Administrator User ID you provided under Common Server Settings. Refer to Table 3-2.
If you are installing Directory Server in this session, the default value is the Directory Server Administrator User ID. Refer to Table 3-5.
Password
ADMINSERV_CONFIG_ADMIN_PASSWORDPassword for the configuration directory administrator.
The default value is the Administrator User Password you provided under Common Server Settings. Refer to Table 3-2.
If you are installing Directory Server in this session, the default value is the Directory Server Administrator User Password. Refer to Table 3-5.
System User
ADMINSERV_SYSTEM_USERUser ID under which Administration Server processes run. Any valid system user is permitted.
The default value is the system user you provided under Common Server Settings. Refer to Table 3-2.
System Group
ADMINSERV_SYSTEM_GROUPAny valid system group is permitted.
The default value is the system group you provided under Common Server Settings. Refer to Table 3-2.
Directory Server Host
ADMINSERV_CONFIG_DIR_HOSTSpecifies a host name or value that resolves to the host on which the configuration directory resides. The configuration directory stores configuration data for all servers belonging to the Administration Domain.
If you are installing Directory Server in this session, the default value is the Host Name (CMN_HOST_NAME) that you provided under Common Server Settings. Refer to Table 3-2
If you are not installing Directory Server in this session, there is no default value.
Directory Server Port
ADMINSERV_CONFIG_DIR_PORTPort to use when binding to the configuration directory for LDAP operations.
Any valid port number that is not in use is permitted.
If you are installing Directory Server in this session, the default value is the value of the Directory Server Port. Refer to Table 3-6.
If you are not installing Directory Server in this session, there is no default value.
Application Server ConfigurationThe installer needs the following information for Application Server.
Table 3-4 Information for Application Server
Label and State File Parameter
Description
Administrator User ID
AS_ADMIN_USERUser ID of the Application Server administrator.
The default value is the Administrator User ID you provided under Common Server Settings. Refer to Table 3-2.
Administrator Password
AS_ADMIN_PASSWORDPassword for the Application Server administrator.
The default value is the Administrator Password you provided under Common Server Settings. Refer to Table 3-2.
Administration Server Port
AS_ADMIN_PORTPort on which Application Server’s administrative server listens for connections.
The default value is 4848.
HTTP Server Port
AS_HTTP_PORTPort on which Application Server listens for HTTP connections.
The default value is 80. If the installer detects that the default port is used, it suggests an alternative value.
Calendar Server ConfigurationCalendar Server cannot be configured by the Java Enterprise System installer. Instead, you must configure Calendar Server after installation. For information on configuring Calendar Server, refer to Chapter 8, "Postinstallation Configuration and Startup."
Directory Server ConfigurationThe installer needs the following information for Directory Server:
Directory Server: Administration Information
Table 3-5 Administration Information for Directory Server
Label and State File Parameter
Description
Administrator User ID
DS_ADMIN_USERUser with administrator privileges for the configuration directory.
This user can modify Directory Server configuration, including creating and removing suffixes, but access control restrictions apply.
The default value is the Administrator User ID you provided under Common Server Settings. Refer to Table 3-2.
Administrator Password
DS_ADMIN_PASSWORDPassword for the Administrator.
The default value is the Administrator Password you provided under Common Server Settings. Refer to Table 3-2.
Directory Manager DN
DS_DIR_MGR_USERDN of the user who has unrestricted access to Directory Server.
The default value is cn=Directory Manager.
Directory Manager Password
DS_DIR_MGR_PASSWORDPassword for the directory manager.
There is no default value.
Directory Server: Server Settings Information
Table 3-6 Server Settings Information for Directory Server
Label and State File Parameter
Description
Server Identifier
DS_SERVER_IDENTIFIERName that identifies a Directory Server instance in the Administration Console.
The name must conform to Solaris file naming conventions. Periods and spaces are not allowed.
The default value is the Host Name (CMN_HOST_NAME) that you provided under Common Server Settings. Refer to Table 3-2.
Server Port
DS_SERVER_PORTPort on which Directory Server listens for client connections.
The default value is 389.
Suffix
DS_SUFFIXInitial directory suffix managed by this instance.
The default value is formed by the segments of the fully qualified domain name for the current host. For example, if you install on siroe.sub1.example.com, the default value is dc=sub1,dc=example,dc=com.
Administration Domain
DS_ADM_DOMAINThe name of the administration domain for this instance of Directory Server.
The default value is the value that you specified for DNS Domain Name (CMN_DOMAIN_NAME) under Common Server Settings. Refer to Table 3-2.
System User
DS_SYSTEM_USERUser ID under which Directory Server processes run.
The default value is the System User you provided under Common Server Settings. Refer to Table 3-2.
System Group
DS_SYSTEM_GROUPGroup in which the Directory Server runs as a user.
The default value is the System Group you provided under Common Server Settings. Refer to Table 3-2.
Directory Server: Configuration Directory Server Information
Configuration data for this Directory Server instance can be stored in this Directory Server instance, or in an existing Directory Server instance on another machine. If you store configuration data in this instance, you respond only to the first question in this table. If you store configuration data in another instance, you provide all information listed in this table.
Directory Server: Data Storage Location Information
User data and group data can be stored in this instance of Directory Server or in an existing instance. The configuration information listed in the following table is needed only if you are storing user data and group data from this instance of Directory Server in the user directory of another instance.
Directory Server: Data Population Information
You can populate the user directory of Directory Server during the installation and configuration process, rather than as a separate subsequent step.
Directory Proxy Server ConfigurationThe installer needs the following information for Directory Proxy Server:
If you are installing Directory Proxy Server onto a machine that has a previously installed version of Administration Server, the installer also needs the following information:
Directory Proxy Server: Port Selection Information
Directory Proxy Server: Configuration Directory Server Administrator Information
Table 3-11 Configuration Directory Server Administrator Information for Directory Proxy Server
Label and State File Parameter
Description
Administrator User ID
DPS_CDS_ADMINUser ID of the user with full administrator privileges.
The default value is the value you provided for the Administration Server’s Configuration Server Administration ID (ADMINSERV_CONFIG_ADMIN_USER). Refer to Table 3-3.
Administrator Password
DPS_CDS_PWDPassword that verifies the user with full administrator privileges.
The default value is the password you provided for the Administration Server Server’s Configuration Server’s Configuration Server Password (ADMINSERV_CONFIG_ADMIN_USER). Refer to Table 3-3.
Directory Proxy Server: Server Root Information
The installer needs the values in the following table only if a previous installation of Administration Server is present.
Table 3-12 Server Root Information for Directory Proxy Server
Label and State File Parameter
Description
Administration Server Root Directory
DPS_SERVERROOTThe file system directory where Administration Server configuration data for this instance of DPS is stored.
This directory is associated with the Server Root (ADMINSERV_ROOT) in the Administration Server configuration. See Table 3-3.
The format for this value is a fully qualified path name on the local file system.
There is no default value.
Identity Server ConfigurationThe Java Enterprise System installer supports the installation of these subcomponents of Identity Server:
- Identity Management and Policy Services Core
- Common Domain Services for Federation Management
- Identity Server Administration Console
Note
Identity Server SDK is automatically installed as part of Identity Management and Policy Services Core but it can also be installed separately on a remote machine. For information about separate installation of Identity Server SDK, refer to "Identity Server SDK Configuration".
The installer needs different information depending on which subcomponents you are installing, as the following table indicates. The table also provides cross-references to the tables where the relevant information is described.
Table 3-13 Information Needed to Install Subcomponents of Identity Server
When You Are Installing...
The Installer Needs...
Refer to...
Identity Management and Policy Services Core
Web container information
Directory Server information
Provisioned directory information
Table 3-26
and Table 3-27Common Domain Services for Federation Management
Services information
Identity Server Administration Console
Administration information
Services information
Identity Server: Administration Information
The installer needs the following information if you are installing Identity Server Administration Console.
Table 3-14 Administration Information for Identity Server
Label and State File Parameter
Description
Administrator User ID
IS_ADMIN_USER_IDIdentity Server top-level administrator. This user has unlimited access to all entries managed by Identity Server.
The default name, amadmin, cannot be changed. This ensures that the Identity Server administrator role and its privileges are created and mapped properly in Directory Server, allowing you to log onto Identity Server immediately after installation.
Administrator Password
IS_ADMINPASSWDPassword of the amadmin user. The value must have at least eight characters.
The default value is the Administrator Password (CMN_ADMIN_PASSWORD) you provided under Common Server Settings. Refer to Table 3-2.
LDAP User ID
IS_LDAP_USERBind DN user for LDAP, Membership, and Policy services. This user has read and search access to all Directory Server entries.
The default user name, amldapuser, cannot be changed.
LDAP Password
IS_LDAPUSERPASSWDPassword of the amldapuser user. This password must be different from the password of the amadmin user. It can be any valid Directory Service password.
Password Encryption Key
AM_ENC_PWDA string that Identity Server uses to encrypt user passwords.
The interactive installer generates a default password encryption key. You can accept the default value or specify any key produced by a J2EE random number generator. During Identity Server installation, its property file is updated and the property am.encryption.pwd is set to this value. The property file is /is_svr_base/SUNWam/lib/AMConfig.properties, where the default value for IS_svr_base is /opt.
All Identity Server subcomponents must use the same encryption key that the Identity Management and Policy Services Core uses. If you are distributing Identity Server subcomponents across systems and installing Administration Console or Common Domain Services for Federation Management copy the value for am.encryption.pwd as generated by the installation of the core, and paste it into this field.
In a state file, the default is LOCK. Any character combination is permitted.
Identity Server: Web Container Information
The Identity Management and Policy Services Core subcomponent of Identity Server runs in one of four web containers. The information that the installer needs is different for each web container.
The following table lists the four web containers and the restrictions on use of each, if applicable. The table also provides cross-references to tables that describe the information that Identity Server requires for each web container.
Table 3-15 Web Container Scenarios for Identity Server
Web Container
Availability
See...
Sun ONE Web Server
No restrictions
"Web Container Information: Identity Server with Sun ONE Web Server"
Sun ONE Application Server
No restrictions
"Web Container Information: Identity Server with Sun ONE Application Server"
BEA WebLogic
Only with Portal Server
"Web Container Information: Identity Server with BEA WebLogic"
IBM Websphere
Only with Portal Server and with the Solaris 8 operating system
"Web Container Information: Identity Server with IBM WebSphere"
Web Container Information: Identity Server with Sun ONE Web Server
Table 3-16 describes the information that the installer needs when Sun ONE Web Server is the web container for the Identity Management and Policy Services Core subcomponent of Identity Server.
Table 3-16 Web Container Information for Identity Server with Web Server
Label and State File Parameter
Description
Host Name
IS_WS_HOST_NAMEThe fully qualified domain name for the host.
For example, if this host is siroe.example.com, this value is siroe.example.com.
The default value is the fully qualified domain name for the current host.
Web Server Port
IS_WS_INSTANCE_PORTPort on which Web Server listens for HTTP connections.
The default value is 80.
If you are installing Web Server in this installer session, the default value is the Web Server HTTP Port (WS_INSTANCE_PORT) value. Refer to Table 3-58.
Web Server Instance Directory
IS_WS_INSTANCE_DIRPath to the directory where an instance of Web Server is installed. The path must have the following syntax:
web_svr_base/https-web-server-instance-name
Example: /opt/SUNWwbsvr/https-myinstance
If you are installing Web Server in this installer session, the default value for web_svr_base is the Web Server installation directory, /opt/SUNWwbsvr by default.
Document Root Directory
IS_WS_DOC_DIRDirectory where Web Server stores content documents.
If you are installing Web Server in this installer session, the default value is the Web Server value Document Root Directory (WS_INSTANCE_CONTENT_ROOT). Refer to Table 3-58.
If you are not installing Web Server, the default location is web_svr_base/docs. The default value for web_svr_base is /opt/SUNWwbsvr.
Is server instance port secure?
IS_PROTOCOLSpecify whether the port for the Web Server instance is a secure port. A secure port uses the HTTPS protocol. A non-secure port uses HTTP.
In a state file, specify https for a secure port or http for a non-secure port. The default value is http.
Web Container Information: Identity Server with Sun ONE Application Server
Table 3-17 describes the information that the installer needs when Sun ONE Application Server is the web container for the Identity Management and Policy Services Core subcomponent of Identity Server.
Table 3-17 Web Container Information for Identity Server with Application Server
Label and State File Parameter
Description
Installation Directory
IS_APPSERVERBASEDIRPath to the directory where Application Server is installed.
If you are installing Application Server, this value defaults to the value you specified for the Application Server installation directory.
The default value is /opt/SUNWappserver7.
Configuration Directory
IS_AS_CONFIG_DIRPath to the directory that contains the configuration files for the instance of Application Server.
The default value is /etc/opt/SUNWappserver7.
Identity Server Runtime Instance
IS_IAS7INSTANCEName of the Application Server instance that will run Identity Server.
The default value is server1.
Instance Directory
IS_IAS7INSTANCEDIRPath to the directory where Application Server stores files for the instance.
The default value is /var/opt/SUNWappserver7/domains/
domain1/server1.Identity Server Instance Port
IS_IAS7INSTANCE_PORTPort on which Application Server listens for connections to the instance.
The default value is 80.
Administrator User ID
IS_IAS7_ADMINUser ID of the Application Server administrator.
The default value is the Administrator User ID you provided under Common Server Settings. Refer to Table 3-2.
Administrator Password
IS_IAS7_ADMINPASSWDPassword of the Application Server administrator.
The default value is the Administrator User password you provided under Common Server Settings. Refer to Table 3-2.
Administrator Port
IS_IAS7_ADMINPORTPort on which the Administration Server for Application Server listens for connections.
The default value is 4848.
Document Root
IS_SUNAPPSERVER_DOCS_DIRDirectory where Application Server stores content documents.
This field appears only if you are installing Portal Server in the same installer session.
The default document root is the Application Server instance directory specified by PS_DEPLOY INSTANCE, with /docroot appended at the end. For example, if you specified server1 for Server Instance, the default is .../server1/docroot.
Is server instance port secure?
IS_PROTOCOLSpecify whether the value for Instance Port (IS_IAS7INSTANCE_PORT) refers to a secure port. A secure port uses the HTTPS protocol. A non-secure port uses HTTP.
In a state file, specify https for a secure port or http for a non-secure port. The default value is http.
Is Administration Server port secure?
ASADMIN_PROTOCOLSpecify whether the value for Administrator Port (IS_IAS7_ADMINPORT) is a secure port. A secure port uses the HTTPS protocol. A non-secure port uses HTTP.
In a state file, specify https for a secure port or http for a non-secure port. The default value is http.
Web Container Information: Identity Server with BEA WebLogic
Table 3-18 describes the information that the installer needs when BEA WebLogic is the web container for the Identity Management and Policy Services Core subcomponent of Identity Server.
Web Container Information: Identity Server with IBM WebSphere
The following table describes the information that the installer needs when IBM WebSphere is the web container for the Identity Management and Policy Services Core subcomponent of Identity Server.
Table 3-19 Web Container Information for Identity Server with IBM WebSphere
Label and State File Parameter
Description
Installation Directory
IS_IBM_INSTALLDIRPath to the directory where IBM WebSphere is installed.
The default value is /opt/WebSphere/AppServer.
Virtual Host
IS_IBM_VIRTUAL_HOSTName of the virtual host alias for the IBM WebSphere instance.
The default value is default_host.
Node Name
IS_WAS40_NODEName of the IBM WebSphere instance.
The default value is the value that you provided for Host Name (CMN_HOST_NAME) in Common Server Settings. Refer to Table 3-2.
Application Server Name
IS_IBM_APPSERV_NAMEName of the IBM WebSphere instance.
The default value is Default_Server.
Application Server Port
IS_IBM_APPSERV_PORTPort on which the IBM WebSphere application instance listens for HTTP connections. Typically, these are configured to come from a front-end web server.
The default value is 9080.
Document Root Directory
IS_IBM_DOC_DIR_HOSTDirectory where IBM WebSphere stores content documents.
The default value is /opt/IBMHTTPS/htdocs/en_US.
If you are using a language other than English, change the final part of the pathname.
Web Server Port
IS_IBM_WEB_SERV_PORTPort on which a front-end web server for IBM WebSphere, such as IBM HTTP Server, listens for HTTP connections.
The default value is 80.
Java Home Directory
(for IBM WebSphere)
IS_IBM_WEBSPHERE_JAVA_HOMEPath to the home directory of the Java version that IBM WebSphere is using.
The default value is /opt/WebSphere/AppServer/java.
Is server instance port secure
IS_PROTOCOLSpecify whether the Web Server Port (IS_IBM_WEB_SERV_PORT) is a secure port. A secure port uses the HTTPS protocol. A non-secure port uses HTTP.
In a state file, specify https for a secure port or http for a non-secure port. The default value is http.
Identity Server: Services Information
The installer needs different information about Identity Server services for different Identity Server subcomponents. The requirements also depend on what is already installed, as Table 3-20 shows.
Table 3-20 Services Scenarios for Identity Server
You Are Installing
Already Installed
See...
Identity Management and Policy Services Core and
Identity Server Administration ConsoleNo Identity Server components
Scenario 1, Table 3-21
Identity Server Administration Console only
Identity Management and Policy Services Core
Scenario 2, Table 3-22
Identity Server Administration Console only
No Identity Server components
Scenario 3, Table 3-23
Only Common Domain Services for Federation Management
Identity Management and Policy Services Core
Scenario 4, Table 3-24
Scenario 1
Table 3-21 describes the services information that the installer needs when you are installing the Identity Management and Policy Services Core and the Identity Server Administration Console subcomponents.
In this scenario, you can deploy a new console or use a previously deployed console. If you deploy a new console, some information in Table 3-21 is not needed, as the Description column indicates.
Table 3-21 Services Information for Identity Server, Scenario 1
Label and State File Parameter
Description
Host
SERVER_HOSTFully qualified domain name of the system on which you are installing.
The default value is the fully qualified domain name of the local system.
Services Deployment URI
SERVER_DEPLOY_URIUniform Resource Identifier (URI) prefix for accessing the HTML pages, classes, and JAR files associated with the Identity Management and Policy Services Core subcomponent.
The default value is amserver. Do not enter a leading slash.
Common Domain Deployment URI
CDS_DEPLOY_URIURI prefix for accessing the common domain services on the web container.
The default value is amcommon. Do not enter a leading slash.
Cookie Domain
COOKIE_DOMAIN_LISTThe names of the trusted DNS domains that Identity Server returns to a browser when it grants a session ID to a user.
You can scope this value to a single top-level domain, such as example.com. The session ID will provide authentication for all subdomains of example.com.
Alternatively, you can scope the value to a comma-separated list of subdomains, such as .corp.example.com,.sales.example.com. The session ID will provide authentication for all subdomains in the list.
A leading dot (.) is required for each domain in the list.
The default value is the current domain, prefixed by a dot (.).
Deploy console with this service?
USE_DSAME_SERVICES_WEB
_CONTAINERSpecify yes to deploy the console into the web container of the host on which Identity Server is being installed. Specify no to use an existing console that is deployed on another host.
If you specify no, you must specify the Console Host, Console Port, Console Deployment URI, and Password Deployment URI.
In a state file, specify true for yes and false for no.
Console Host
CONSOLE_HOSTFully qualified domain name for the server hosting the existing console.
This value is not needed if you are deploying a new console. In graphical installation mode, you can edit the field only if you are using an existing console.
The default value contains the value that you provided for Host (SERVER_HOST), a dot, and then the value that you provided for DNS Name in the Common Server Settings. Refer to Table 3-2.
As an example, if the host is siroe and the domain is example.com, the default value is siroe.example.com.
Console Port
CONSOLE_PORTPort on which the existing console listens for connections. Permitted values are any valid and unused port number, in the range 0 (zero) through 65535.
This value is not needed if you are deploying a new console. In graphical installation mode, you can edit the field only if you are using an existing console.
The default value is the value you provided for one of the following web container ports:
- Web Server Port (IS_WS_INSTANCE_PORT), as defined in Table 3-16.
- Identity Server Instance Port (IS_IAS7INSTANCE_PORT), as defined in Table 3-17.
- Administration Port (IS_BEA_ADMIN_PORT), as defined in Table 3-18.
- Web Server Port (IS_IBM_WEB_SERV_PORT), as defined in Table 3-19.
Console Deployment URI
CONSOLE_DEPLOY_URIURI prefix for accessing the HTML pages, classes and jars associated with the Identity Server Administration Console subcomponent.
The default value is amconsole. Do not enter a leading slash.
Password Deployment URI
PASSWORD_SERVICE_DEPLOY_URIURI that determines the mapping that the web container running Identity Server will use between a string you specify and a corresponding deployed application.
The default value is ampassword. Do not enter a leading slash.
Scenario 2
Table 3-22 describes the services information the installer needs when the following are both true:
- You are installing only the Identity Server Administration Console subcomponent.
- The Identity Management and Policy Services Core subcomponent is already installed on the same host.
Scenario 3
Table 3-23 describes the services information the installer needs when the following are both true:
- You are installing only the Identity Server Administration Console subcomponent.
- The Identity Management and Policy Services Core subcomponent is not installed on the same host.
Scenario 4
Table 3-24 describes the services information the installer needs when you are installing only the Common Domain Services for Federation Management subcomponent.
Identity Server: Directory Server Information
The installer needs the following information if you are installing Identity Management and Policy Services Core.
Identity Server: Provisioned Directory Information
The information needed to configure a provisioned directory depends on whether the installer detects an existing provisioned directory on your machine.
When the installer is generating a state file, it writes IS_EXISTING_DIT_FOUND=true to the state file if it finds an existing provisioned directory. The installer writes IS_EXISTING_DIT_FOUND=false to the state file if it does not find an existing provisioned directory.
Existing Provisioned Directory Found
If the installer finds an existing provisioned directory, you provide the following information.
No Existing Provisioned Directory Found
If the installer does not find an existing provisioned directory, you can choose whether to use an existing provisioned directory. If you answer Yes to the first question in this table, you must answer the remaining questions in the table.
Identity Server SDK ConfigurationIdentity Server SDK is automatically installed when you install Identity Management and Policy Services Core, a subcomponent of Identity Server. You can also install Identity Server SDK as a discrete component on a machine that is remote from the Identity Server core services.
If you are installing Identity Server SDK as a discrete component, you must provide the following types of information:
Before you install Identity Server SDK, the Identity Server core services must be installed and running on a remote machine. The web container information and Directory Server configuration information that you provide during this installation must match the web container and Directory Server configuration information that you provided during installation of Identity Server core services.
Identity Server SDK: Administration Information
The installer needs the following administration information if you are installing only Identity Server SDK.
Table 3-28 Administration Information for Identity Server SDK
Label and State File Parameter
Description
Administrator User ID
IS_ADMIN_USER_IDIdentity Server top-level administrator. This user has unlimited access to all entries managed by Identity Server.
The default name, amadmin, cannot be changed. This ensures that the Identity Server administrator role and its privileges are created and mapped properly in Directory Server, allowing you to log onto Identity Server immediately after installation.
Administrator Password
IS_ADMINPASSWDPassword of the amadmin user. The value must have at least eight characters.
The default value is the Administrator Password (CMN_ADMIN_PASSWORD) you provided under Common Server Settings. Refer to Table 3-2.
LDAP User ID
IS_LDAP_USERBind DN user for LDAP, Membership, and Policy services. This user has read and search access to all Directory Server entries.
The default user name, amldapuser, cannot be changed.
LDAP Password
IS_LDAPUSERPASSWDPassword of the amldapuser user. This password must be different from the password of the amadmin user. It can be any valid Directory Service password.
Password Encryption Key
AM_ENC_PWDA string that Identity Server uses to encrypt user passwords.
All Identity Server subcomponents must use the same encryption key that the Identity Management and Policy Services Core uses. To specify the encryption key for Identity Server SDK, copy the value for am.encryption.pwd as generated by the installation of the core, and paste it into this field.
In a state file, the default is LOCK. Any character combination is permitted.
Identity Server SDK: Directory Server Information
The installer needs the following Directory Server information if you are installing Identity Server SDK without other Identity Server subcomponents.
Identity Server SDK: Web Container Information
The installer needs the following web container information if you are installing only Identity Server SDK.
Instant Messaging ConfigurationThe Instant Messaging component product does not support custom configuration by the Java Enterprise System installer. To configure Instant Messaging, refer to Chapter 8, "Postinstallation Configuration and Startup."
Message Queue ConfigurationThe Message Queue component product does not support custom configuration by the Java Enterprise System installer. To configure Message Queue, refer to Chapter 8, "Postinstallation Configuration and Startup."
Messaging Server ConfigurationThe Messaging Server component product does not support custom configuration by the Java Enterprise System installer. To configure Messaging Server, refer to Chapter 8, "Postinstallation Configuration and Startup."
Portal Server ConfigurationThe following table shows the type of Portal Server information that the installer needs.
Table 3-31 Information Needed for Portal Server
When You Are Installing...
The Installer Needs...
Refer to...
Portal Server and Identity Server
Portal information
Portal Server only; Identity Server is already installed
Portal information
Identity information
Web container information
One of the following:
- Table 3-34 (Sun ONE Web Server)
- Table 3-35 (Sun ONE Application Server)
Portal Server: Identity Information
Portal Server: Portal Information
The following table describes Portal Server information that the installer needs.
Portal Server: Web Container Information
If you are installing Portal Server only, and have already installed Identity Server, you must supply information about the web container in which Identity Server runs. Refer to the following sections for detailed descriptions:
Web Container Information for Sun ONE Web Server
Table 3-34 describes the information that the installer needs when the Identity Server supporting Portal Server is running in Sun ONE Web Server. If you are installing Identity Server and Portal Server together, values that you chose when configuring Identity Server appear as default values.
Table 3-34 Web Container Information for Sun ONE Web Server
Label and State File Parameter
Description
Installation Directory
PS_DEPLOY_DIRDirectory in which the Web Server is installed.
The default value is /opt/SUNWwbsvr
Server Instance
PS_DEPLOY_INSTANCEWeb Server instance you want the Portal Server to use.
The default value is the value of Host Name (IS_WS_HOST_NAME) for the Identity Server web container. This value is described in Table 3-16.
In a state file, if IS_WS_HOST_NAME has no value, the default value is the Host Name (CMN_HOST_NAME) that you provided in the Common Server Settings. Refer to Table 3-2.
Server Document Root
PS_DEPLOY_DOCROOTDirectory where static pages are kept.
The default value is /opt/SUNWwbsvr/docs
Web Container Information for Sun ONE Application Server
Table 3-35 describes the information that the installer needs when the Identity Server supporting Portal Server is running in Sun ONE Application Server.
If you are installing Identity Server and Portal Server together, values that you chose when configuring Identity Server appear as default values.
Table 3-35 Web Container Information for Sun ONE Application Server
Label and State File Parameter
Description
Installation Directory
PS_DEPLOY_DIRDirectory in which Application Server is installed.
The default value is /opt/SUNWappserver7.
Domain Directory
PS_DEPLOY_DOMAINPath to the Application Server directory for the domain to which you want to deploy this Portal Server instance.
The default value is: /var/opt/SUNWappserver7/domains/domain1
Server Instance
PS_DEPLOY INSTANCEName of the Application Server instance to which the Portal Server will be deployed. This name is also the name of the Application Server instance directory.
The default value is the value of the Identity Server Runtime Instance (IS_IAS7INSTANCE), as described in Table 3-17.
In a state file, if IS_IAS7INSTANCE has no value, the value is server1.
Document Root Directory
PS_DEPLOY_DOCROOTName of the directory where static pages are kept.
The default document root is the Application Server instance directory specified by PS_DEPLOY INSTANCE, with /docroot appended at the end. For example, if you specified server1 for Server Instance, the default is server1/docroot.
Administration Server Port Number
PS_DEPLOY_ADMIN_PORTPort on which the Sun ONE Application Server administration instance is running, for the domain in which Portal Server is being installed.
The default value is 4848.
Administrator User ID
PS_DEPLOY_ADMINUser ID that Portal Server uses to access the Application Server as administrator.
The default value is admin.
Administrator User Password
PS_DEPLOY_ADMIN_PASSWORDPassword that the Portal Server uses to access the Application Server as administrator.
Portal Server, Secure Remote Access ConfigurationThe Java Enterprise System installer supports the installation of the following subcomponents of Portal Server, Secure Remote Access (Portal Server SRA):
This section first describes installation of Portal Server, Secure Remote Access Support, and then describes installation of Gateway, Netlet Proxy, and Rewriter Proxy.
Portal Server, Secure Remote Access Support
Table 3-36 lists the types of information that the installer needs when installing Portal Server, Secure Remote Access Support. The information that you must supply differs according to which of the following scenarios applies:
In the following table, each entry in the “The Installer Needs...” column matches a page title in the installer’s graphical mode. Entries appear in that column in the same order in which the installer displays the associated pages.
Table 3-36 Information Needed for Installation of Portal Server, Secure Remote Access Support
When Portal Server...
The Installer Needs...
Refer to...
Is being installed in this session
Gateway information
Is already installed and using Sun ONE Web Server or IBM WebSphere
Web Container information
Identity Server information
"Multiple Session Installation with Sun ONE Web Server or IBM WebSphere"
Is already installed and using Sun ONE Application Server
Web Container information
Identity Server information
Sun ONE Application Server information
"Multiple Session Installation with Sun ONE Application Server or BEA WebLogic"
Is already installed and using BEA WebLogic
Web Container information
Identity Server information
BEA WebLogic information
"Multiple Session Installation with Sun ONE Application Server or BEA WebLogic"
Single-Session Installation
When you install Portal Server, Secure Remote Access and Portal Server in a single session, you provide information about Portal Server, Secure Remote Access Gateway. The installer obtains other Portal Server, Secure Remote Access configuration information from the Portal Server configuration.
Table 3-37 describes the gateway information that the installer needs when you are installing Portal Server, Secure Remote Access Support.
Multiple Session Installation with Sun ONE Web Server or IBM WebSphere
This section lists the information you must provide when you install Portal Server, Secure Remote Access on a machine where the following is true:
In this scenario, you must provide the following types of information:
- Web container information
- Identity Server information
The following table lists the information that you specify about the web container.
The following table lists the information that you specify about Identity Server.
Multiple Session Installation with Sun ONE Application Server or BEA WebLogic
This section lists the information you must provide when you install Portal Server, Secure Remote Access on a machine where the following is true:
In this scenario, you must provide the following types of information:
- Web container information
- Identity Server information
- Sun ONE Application Server Information or BEA WebLogic Information
The following table lists the information that you specify about the web container.
The following table lists the information that you specify about Identity Server.
The following table lists the information that you specify about Sun ONE Application Server or BEA Web Server
Gateway Installation
This section lists the information you must provide when you install the Gateway subcomponent. In this scenario, you must provide the following types of information:
Web Container Information
The following table lists the information that you specify about the web container.
Identity Server Information
The following table lists the information that you must specify about Identity Server.
Gateway Information
Table 3-45 describes the gateway information that the installer needs when you are installing the Gateway subcomponent.
Certificate information
When you are installing Gateway, Netlet Proxy, or Rewriter Proxy, you can provide information to create a self-signed certificate for use with Portal Server, Secure Remote Access. The installer needs the following information to configure a certificate.
Netlet Proxy Installation
This section lists the information you must provide when you install the Gateway subcomponent. In this scenario, you must provide the following types of information:
The following sections provide details on the information you must provide.
Web Container Information
The following table lists the information that you specify about the web container.
Identity Server information
The following table lists the information that you must specify about Identity Server.
Netlet Proxy Information
Table 3-49 describes the Netlet Proxy information that the installer needs when you are installing Netlet Proxy.
Portal Information
The following table describes information that you must enter if you are installing the proxy subcomponents on a machine on which there is an existing installation of Portal Server, Secure Remote Access.
Certificate information
When you are installing Gateway, Netlet Proxy, or Rewriter Proxy, you can provide information to create a self-signed certificate for use with Portal Server, Secure Remote Access. The installer needs the following information to configure a certificate.
Rewriter Proxy Information
This section lists the information you must provide when you install the Rewriter Proxy subcomponent. In this scenario, you must provide the following types of information:
The following sections provide details on the information you must provide.
Web Container Information
The following table lists the information that you specify about the web container.
Identity Server information
The following table lists the information that you must specify about Identity Server. The installer needs this information for Gateway, Netlet Proxy, and Rewriter Proxy.
Rewriter Proxy Information
Table 3-54 describes the Rewriter Proxy information that the installer needs when you are installing Rewriter Proxy.
Portal Information
The following table describes information that you must enter if you are installing the proxy subcomponents on a machine on which there is an existing installation of Portal Server, Secure Remote Access.
Certificate information
When you are installing Gateway, Netlet Proxy, or Rewriter Proxy, you can provide information to create a self-signed certificate for use with Portal Server, Secure Remote Access. The installer needs the following information to configure a certificate.
Sun Cluster Software and Sun ONE Agents for Sun Cluster ConfigurationSun Cluster software cannot be configured by the Java Enterprise System installer. You must configure Sun Cluster software and Agents for Sun Cluster after installation.
For information on configuring Sun Cluster software and Agents for Sun Cluster, refer to Chapter 8, "Postinstallation Configuration and Startup."
Web Server ConfigurationThe installer needs the following information for Web Server:
Web Server: Administration Information
Table 3-57 Administration Information for Web Server
Label and State File Parameter
Description
Administrator User ID
WS_ADMIN_USERUser ID of the Web Server administrator.
The default value is the Administrator User ID you provided under Common Server Settings. Refer to Table 3-2.
Administrator Password
WS_ADMIN_PASSWORDPassword for the Web Server administrator.
The default value is the Administrator Password you provided under Common Server Settings. Refer to Table 3-2.
Web Server Domain Name
WS_ADMIN_HOSTA host and domain value that resolves to the local host. This value is used to create a directory under server root for the first Web Server instance.
The default value is automatically created by joining the values that you provided for Host Name and DNS Domain Name under Common Server Settings. The value has the format host-name.domain-name. Refer to Table 3-2.
Administration Port
WS_ADMIN_PORTPort on which Web Server’s administration server listens for connections.
The default value is 8888.
Administration Runtime User ID
WS_ADMIN_SYSTEM_USERUser ID under which Web Server Administration Server runs.
The default value is root.
Web Server: Default Web Server Instance Information
Parameters Used Only in State FilesThe following table contains information on state file parameters that are not associated with component product configuration. Parameter names are listed alphabetically.
Table 3-59 State File Parameters
Parameter Name
Description
CCCP_UPGRADE_EXTERNAL_
INCOMPATIBLE_JDKSpecifies whether to upgrade the JDK if it is found on the system and is incompatible with the JDK distributed by Java Enterprise System.
The value can be yes or no. The parameter is case sensitive. The default value is no.
CONFIG_TYPE
Defines the configuration type.
Permitted values are Custom and Skip (a synonym for Minimal). The default value is Custom.
Do not set this value in the state file. Specify this value only when you are running the installer to generate a state file. Configuration type affects the installer processing logic in many ways, and errors could result if you change the value after the state file is generated.
DeploymentServer
Specifies the web container type for Identity Server.
Permitted values are WebServer, AppServer, BEAWeblogic, and IBMWebSphere. The default value is AppServer (Application Server).
LANGUAGE_SUPPORT
Specifies which languages to install.
The following list shows the permitted values, with explanations of each abbreviation:
English is installed in all cases, even if the parameter value is blank. To select multiple languages, insert a comma between two language abbreviations. For example, you could specify en,es,ja,fr.
LICENSE_TYPE
The permitted values are Evaluation and Deployment, but this field is not used.
PSP_EXIT_ON_DEPENDENCY_WARNING
Instructs the installer to exit if it determines that dependencies of the selected components are not met. Warnings generally identify dependencies that could be met with remote components that can be specified during configuration.
Specify Yes to exit the installation on a dependency warning or specify No to proceed despite the warning. The default value is No.
This parameter is not case sensitive.
PSP_LOG_CURRENTLY_INSTALLED
Causes the installer to write a list of currently installed products to the log file. This option is the equivalent of the View Currently Installed button on the Product Selection page of the graphical installer.
Permitted values are Yes and No. The default value is Yes.
This parameter is not case sensitive.
PSP_SELECTED_COMPONENTS
A comma separated list of components and subcomponents you want to install.The value can be All or a list of components, whose descriptors are listed in Table 3-60.
The default value is All.
In a state file, the value for the PSP_SELECTED_COMPONENTS parameter is a comma-separated list of components that you choose from the Component Selection page.
To understand this list, see the names listed in the following table. The left column of the table provides the component product name. Do not enter this value in the state file; it is here as a key to the values in the other two columns. The next column contains a string that identifies the component. If the component has selectable subcomponents, the third column lists their names.
Table 3-60 Component Names for the State File
Component
Top-Level Name
Selectable Subcomponent
Administration Console and Server
AdminConsole,
AdminServ
Application Server
appserv 1
ASAdminClient
ASCore
ASStudioSupport
PointBase Server 4.2
ASPECalendar Server
CalendarServ
Directory Proxy Server
DirectoryProxyServ
Directory Server
DirectoryServ32
Identity Server
IdentityServ
SunONEIdentityServerManagementandPolicyServices
ISAdministrationConsole
ISCommonDomainDeployment
IdentityServerSDKAloneInstant Messaging
InstantMessagingServ
InstantMessagingConfig
InstantMessagingServer
InstantMessengerResources
IdentityServerInstantMessagingServiceMessage Queue
SunONEMessageQueue
MQPE
MQEEMessaging Server
MessagingServ
Portal Server
PortalServer
Portal Server, Secure Remote Access
PortalSRA
SRACore
SRAGateway
SRANetletProxy
SRARewriterProxySun Cluster
SunCluster
SCCore
SCAgentsWeb Server
SunONEWebServer
1By default, installs Standard Edition (SE). For Platform Edition, specify ASPE.
To install a component that has subcomponents, specify both the component top-level name and the names of all subcomponents.
To install only selected subcomponents, include the top-level name and the names of those subcomponents.