Sun Identity Manager 8.1 Installation

Part II Installing Identity Manager

This part of the installation guide contain instructions on how to install Identity Manager.

Complete the instructions in the chapter for your application server.

Chapter 4 Installing Identity Manager on Sun GlassFish Enterprise Server

These instructions are divided into the following steps. During installation, you will need to know the password you selected when you set up the database.

Step 1: Install the Identity Manager Software

ProcedureTo Install the Identity Manager Software

Before You Begin

If you are installing multiple instances of Identity Manager on a single application server, change the waveset.serverId system property to a unique name for each Identity Manager instance. By default, the waveset.serverId Java system property is the name of the machine the application server is installed on. To set this property to another value, add the following command to the startup script for your application server.

-Dwaveset.serverId=Name

  1. You may install the software using one of two methods:

    • Using the installer Graphic User Interface

      Run the install.bat (for Windows) or install (for UNIX) command to launch the installation process.

      If you copy the files from the installation media to your own location, note that the idm.war and install.class files must be in the same directory.

      The installer displays the Welcome panel.

    • Using the nodisplay option (UNIX only)

      On UNIX systems, open the directory where the software is located. Enter the following command to activate the installer in nodisplay mode:

      install -nodisplay

      The installer displays the Welcome text. The installer then presents a list of questions to gather installation information in the same order as the Graphic User Interface installer in these procedures.

    If no display is present, the installer defaults to the nodisplay option. The DISPLAY environment variable must be set to a valid X server or the installation may fail.

  2. Click Next.

    The installer displays the Install or Upgrade? panel.

  3. Leave the New Installation option selected, and then click Next.

    The installer displays the Select Installation Directory panel.

  4. Replace the displayed directory location with the location where you want to install Identity Manager. This could be a staging location or a specific folder. Enter the location (or click Browse to locate it), and then click Next.


    Note –

    If the directory you enter does not exist, Identity Manager prompts for confirmation, and then creates the directory.


  5. Click Next to begin installation.

    After installing the files, Identity Manager displays the Launch Setup panel.


    Note –

    Before you continue, if you plan to use a database, you may need to copy one or more files to the idm\WEB-INF\lib directory. For example, you may need to place into idm/WEB-INF/lib a JAR file containing a JDBC driver (for a DriverManager connection) or a JAR file containing a JNDI InitialContextFactory (for a DataSource connection). To determine the steps you may need to perform before you go on, see Appendix C, Database Reference. When finished, click Launch Setup to launch the Setup Wizard and continue with setup steps. If you click Launch Setup before copying your database files, setup will not proceed correctly. If this happens, quit the installation program, and then use the lh setup command to restart the setup portion of the installation process.


  6. Click Next on the Setup Wizard panel.

    The installer displays the Locate the Repository panel.

  7. Select a database from the list provided. Depending on your selection, setup prompts for additional setup information.

    See Appendix C, Database Reference, for selections and setup instructions.

  8. Click Next.

    The Continue Identity Manager Demo Setup? panel appears.

  9. If this is a non-demo installation click No, I will configure Identity Manager myself.

    Otherwise, if appropriate, click Yes, I would like to continue setting up a demonstration environment. This option allows you to quickly configure users and enter environment and server information.

  10. Enter the following personal information:

    • First name

    • Last name

    • Email address

    This personal information is used to create the Approver user (with configurator privileges.)

  11. Enter the following Approver information:

    • Approver name

    • Approver password

  12. Click Next.

  13. Select the Server Type from the list.

    Select None if your environment has no server to manage. If there is a server you wish to manage, select the appropriate server type. You will be prompted for further server information as appropriate.

  14. If you have an email SMTP server, click SMTP Host and enter the server address. If desired, click Test Server to verify communication to the SMTP server.

  15. If you would like email notifications to be written to a file, click Notification File. Click Browse to select another notification file.

  16. Click Next.

    The installer displays the Import Save Configuration panel.

  17. Click Execute to perform all the listed functions. If desired, click Hide Details.

  18. When all functions complete, click Done in the setup panel.

  19. If the application server is installed on a UNIX machine, change directories to the $WSHOME/bin directory and run the following command to allow the scripts in this directory to be executed.


    chmod -R +x *

Getting More Information

When installation completes, the installer displays the Installation Summary panel. For detailed information about the installation, click Details.

Not all messages may not be displayed here. View the log file (identified in details) for more information.

When finished, click Close to exit the installer.

After completing installation, continue by optionally installing the Identity Manager Gateway.

Step 2. Deploy Identity Manager on Sun GlassFish Enterprise Server

ProcedureTo Deploy Identity Manager on Sun GlassFish Enterprise Server

  1. Open a command prompt, then change to the staging directory where you installed the Identity Manager files. (This is the directory you specified in Step 1: Install the Identity Manager Software.)

  2. Create a .war file with the Identity Manager files by using the jar.exe (on Windows) or jar (on UNIX) command:

    c:\java1.5\bin\jar.exe cvf ..\idm.war * /usr/bin/jar cvf ../idm.war *

  3. Launch your application server and log in to the Java System Application Server Admin Console.

  4. Navigate to and expand the Applications folder in the left panel.

  5. Click the Web Applications folder.

  6. Click Deploy in the right panel.

  7. Enter the file path for the idm.war file, and then click Next.

  8. When prompted, set the Application Name to idm. Set the Context Root to /idm, and then click Finish.

  9. If you are deploying on Platform Edition 9, perform the following steps to ensure that you can create resources in Identity Manager.

    1. Click on the Application Server link in the left pane of the Admin Console

    2. Select the JVM Settings tab, then select the JVM Options tab.

    3. Click Add JVM Option.

    4. Add the the following to the blank box in the Value column:

      -Dcom.sun.enterprise.server.ss.ASQuickStartup=false

    5. Click Save.

  10. Do NOT restart the application server. Continue to Step 3: Edit the server.policy File on the Application Server.

Step 3: Edit the server.policy File on the Application Server

Identity Manager must be given permissions to perform certain actions.

ProcedureTo Set Permissions on the Application Server

  1. Add the following lines to the server.policy file for the domain in which Identity Manager is installed (located in ApplicationServerHome/domains/domainName/config). Note that the ${waveset.home} variable must be expanded in the server.policy file.


    grant {
    permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
    permission java.lang.RuntimePermission "getClassLoader";
    permission java.lang.RuntimePermission "createClassLoader";
    permission java.lang.RuntimePermission "accessDeclaredMembers";
    permission com.waveset.repository.test.testConcurrentLocking "read";
    permission java.net.SocketPermission "*", "connect,resolve";
    permission java.io.FilePermission "*", "read";
    permission java.util.PropertyPermission "*", "read,write";
    };
    grant codeBase "file:${waveset.home}/-" {
    permission java.util.PropertyPermission "waveset.home", "read,write";
    permission java.util.PropertyPermission "security.provider", "read,write";
    permission java.io.FilePermission "${waveset.home}${/} *", "read,write,execute";
    permission java.io.FilePermission "${waveset.home}/help/index/-",
    "read,write,execute,delete";
    permission java.io.FilePermission "$(java.io.tmpdir)$(/)*", "read,write,delete";
    permission java.util.PropertyPermission "*", "read,write";
    permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
    permission java.net.SocketPermission "*", "connect,resolve";
    };

    If you want to deploy Sun Identity Manager Service Provider, add the following permissions to the above server.policy file entries.


    grant {
    permission java.lang.RuntimePermission "shutdownHooks";
    permission java.io.FilePermission "${waveset.home}/WEB-INF/spe/config/spe.tld", "read";
    };

    Note –

    If you fail to update the old server.policy file with the above, and try to use the search engine, lock files may be created in the index directory that cannot be removed by the container. This always causes queries to hang, even if the server.policy file is subsequently updated.

    For example, the contents of the help/index/docs directory should contain these five files:


    AL
    MF
    p1.dict
    p1.fields
    p1.post

    In addition to the above, there may be two lock files:


    AL.lock
    MF.lock

    These must be deleted manually. Once these are removed (and the server.policy file updated correctly), search queries will work as expected.


    If you want to run with trace set to write to a file, you will need to add the following additional permissions to the server.policy file.


    grant {
      permission java.io.FilePermission "/var/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/
    idm/config/trace1.log", "read,write";
      permission java.io.FilePermission "$(java.io.tmpdir)$(/)*", "read,write,delete";
      permission java.util.PropertyPermission "trace.file", "read";
      permission java.util.PropertyPermission "trace.destination", "read";
       permission java.util.PropertyPermission "trace.enabled", "read";
    };

    where FilePermission is the actual path of the trace file. Adjust the path to the output file as needed.

  2. Restart the application server.

  3. To verify setup, log in to Identity Manager. You can do this within the Admin Console by clicking the Launch button on the “idm” line of the Web Applications folder.

Step 4. Install Optional Components

If your IT environment has Windows Active Directory, Novell NetWare, Domino, Remedy, or RSA ACE/Server resources, you should install the Identity Manager Gateway.

If your IT environment has Windows Active Directory domains, you should also install PasswordSync. The Identity Manager PasswordSync feature keeps user password changes made on Windows Active Directory domains synchronized with other resources defined in Identity Manager.

See Part III, Installing Optional Components for installation information.

Chapter 5 Installing Identity Manager on Tomcat

Follow these steps to install Identity Manager on the Apache Tomcat application server.

Step 1: Install the Identity Manager Software

ProcedureTo Install Identity Manager on Tomcat

Before You Begin

If you are installing multiple instances of Identity Manager on a single application server, change the waveset.serverId system property to a unique name for each Identity Manager instance. See Setting the waveset.serverId System Property for more information.

  1. You may install the software using one of two methods:

    • Using the installer Graphic User Interface

      Run the install.bat (for Windows) or install (for UNIX) command to launch the installation process.

      If you copy the files from the installation media to your own location, note that the idm.war and install.class files must be in the same directory.

      The installer displays the Welcome panel.

    • Using the nodisplay option (UNIX only)

      Change to the directory where the Identity Manager software is located. Enter the following command to activate the installer in nodisplay mode:

      install -nodisplay

      The installer displays the Welcome text. The installer then presents a list of questions to gather installation information in the same order as the Graphic User Interface installer in these procedures.

    If no display is present, the installer defaults to the nodisplay option. The DISPLAY environment variable must be set to a valid X server or the installation may fail.

  2. Click Next.

    The Install or Upgrade? panel opens.

  3. Leave the New Installation option selected, and then click Next.

    The installer displays the Select Installation Directory panel.

  4. Replace the displayed directory location with the location where you want to install Identity Manager. This could be a staging location or a specific folder. Enter the location (or click Browse to locate it), and then click Next.


    Note –
    • Unless you plan to create a new context (virtual directory) in Tomcat’s server.xml directory, Sun recommends installing to %TOMCAT_HOME%/webapps/idm.

    • If the directory you enter does not exist, the installer prompts for confirmation, and then creates the directory.


  5. Click Next to begin installation.

    After installing files, the installer displays the Launch Setup panel.

  6. Add the Java mail.jar, activation.jar, and jms.jar files to the $WSHOME/WEB-INF/lib directory (UNIX), or the %WSHOME%\WEB-INF\lib directory (Windows). These files can be found at:

    http://java.sun.com/products/javamail

    http://java.sun.com/products/beans/glasgow/jaf.html

    http://java.sun.com/products/jms/index.jsp

    To get the latest jms.jar file, download and install Sun Java System Message Queue. The jms.jar file is located in the MessageQueue/lib folder in the base Message Queue directory.


    Note –

    Before you continue, if you plan to use a database, you may need to copy one or more files to the idm/WEB-INF/lib directory. For example, you may need to place into idm/WEB-INF/lib a JAR file containing a JDBC driver (for a DriverManager connection) or a JAR file containing a JNDI InitialContextFactory (for a DataSource connection). To determine the steps you may need to perform before you go on, see Appendix C, Database Reference.

    When finished, click Launch Setup to launch the Setup Wizard and continue with setup steps. If you click Launch Setup before copying your database files, setup will not proceed correctly. If this happens, uninstall Identity Manager and repeat these installation steps.


  7. Click Next on the Setup Wizard panel.

    The product displays the Locate the Repository panel.

  8. Select a database from the list provided. Depending on your selection, setup prompts for additional setup information.

    See Appendix C, Database Reference, for selections and setup instructions.

  9. Click Next.

    The Continue Identity Manager Demo Setup? panel appears.

  10. If this is a non-demo installation, click No, I will configure Identity Manager myself. Go to Step 1: Install the Identity Manager Software.

  11. If appropriate, click Yes, I would like to continue setting up a demonstration environment.

    This allows you to quickly configure users and enter environment and server information.

  12. Enter the following personal information:

    • First name

    • Last name

    • Email address

    This personal information is used to create the Approver user (with configurator privileges.)

  13. Enter the following Approver information:

    • Approver name

    • Approver password

  14. Click Next.

  15. Select the Server Type from the list.

    Select None if your environment has no server to manage. If there is a server you wish to manage, select the appropriate server type. You will be prompted for further server information as appropriate.

  16. If you have an email SMTP server, click SMTP Host and enter the server address. If desired, click Test Server to verify communication to the SMTP server.

  17. If you would like email notifications to be written to a file, click Notification File. Click Browse to select another notification file.

  18. Click Next.

    The installer displays the Import Save Configuration panel.

  19. Click Execute to perform all the listed functions. If desired, click Hide Details.

  20. When all functions complete, click Done in the setup panel.

  21. If the application server is installed on a UNIX machine, change directories to the $WSHOME/bin directory and run the following command to allow the scripts in this directory to be executed.


    chmod -R +x *

Getting More Information

When installation completes, the installer displays the Installation Summary panel. For detailed information about the installation, click Details.

Some messages may not be displayed here. View the log file (identified in details) for more information.

When finished, click Close to exit the installer.

Setting the waveset.serverId System Property

If you are installing multiple instances of Identity Manager on a single application server, change the waveset.serverId system property to a unique name for each Identity Manager instance. You do not need to update the waveset.serverId property otherwise.

By default, the waveset.serverId property is set to the name of the machine the application server is installed on.

ProcedureTo Configure the waveset.serverId Property on Tomcat

  1. Add JAVA_OPTS to catalina.bat


    set JAVA_OPTS=%JAVA_OPTS% -Dwaveset.serverId=node1
  2. Restart Tomcat.

ProcedureTo Verify That the waveset.serverId Property is Correct

  1. Log on to the Administrator user interface. See To Start Identity Manager and Log in to the User Interface for instructions.

  2. In the menu click Configure > Servers.

  3. Verify that the host names that you configured for your instances appear and are listed as active.

Step 2: Install Optional Components

If your IT environment has Windows Active Directory, Novell NetWare, Domino, Remedy, or RSA ACE/Server resources, you should install the Identity Manager Gateway.

If your IT environment has Windows Active Directory domains, you should also install PasswordSync. The Identity Manager PasswordSync feature keeps user password changes made on Windows Active Directory domains synchronized with other resources defined in Identity Manager.

See Part III, Installing Optional Components for installation information.

Chapter 6 Installing Identity Manager on WebLogic

Follow these steps to install Identity Manager on the BEA WebLogic application server.

Step 1: Configure the WebLogic Software

ProcedureTo Configure WebLogic for Identity Manager

  1. Select the domain that will be referenced when installing the software.

  2. Set the environment variables JAVA_HOME and WSHOME:

    set JAVA_HOME=/PathTo/java

    set WSHOME=Path To IDMDirectory


    Note –

    Make sure the value of the WSHOME environment variable does NOT contain the following:

    • Quotation marks (“ ”)

    • A slash or backslash at the end of the path (/ or \)

    Do not use quotation marks, even if the path to the application deployment directory contains spaces.


  3. If using at least WebLogic 9.1, add the Java mail.jar and activation.jar files to the $WSHOME/WEB-INF/lib directory (UNIX), or the %WSHOME%\WEB-INF\lib directory (Windows). These files can be found at:

    http://java.sun.com/products/javamail

    http://java.sun.com/products/beans/glasgow/jaf.html

Step 2: Install the Identity Manager Software

ProcedureTo Install Identity Manager on WebLogic

Before You Begin

If you are installing multiple instances of Identity Manager on a single application server, change the waveset.serverId system property to a unique name for each Identity Manager instance. By default, the waveset.serverId Java system property is the name of the machine the application server is installed on. To set this property to another value, add the following command to the startup script for your application server.

-Dwaveset.serverId=Name

  1. You may install the software using one of two methods:

    • Using the installer Graphic User Interface

      Run the install.bat (for Windows) or install (for UNIX) command to launch the installation process.

      If you copy the files from the installation media to your own location, note that the idm.war and install.class files must be in the same directory.

      The installer displays the Welcome panel.

    • Using the nodisplay option (UNIX only)

      On UNIX systems, change directory to the Identity Manager software location. Enter the following command to activate the installer in nodisplay mode:

      install -nodisplay

      The installer displays the Welcome text. The installer then presents a list of questions to gather installation information in the same order as the Graphic User Interface installer in these procedures.

    If no display is present, the installer defaults to the nodisplay option. The DISPLAY environment variable must be set to a valid X server or the installation may fail.

  2. Click Next. The installer displays the Install or Upgrade? panel.

  3. Leave the New Installation option selected, and then click Next.

    The installer displays the Select Installation Directory panel.

  4. Replace the displayed directory location with the location where you want to install Identity Manager. This could be a staging location or a specific folder. Enter the location (or click Browse to locate it), and then click Next.


    Note –
    • If the directory you enter does not exist, the installer prompts for confirmation, and then creates the directory.

    • The WebLogic Web application home directory is ServerHome/user_projects/domains/DomainName/autodeploy


  5. Click Next to begin installation.

    After installing the files, the installer displays the Launch Setup panel.


    Note –

    Before you continue, if you plan to use a database, you may need to copy one or more files to the idm/WEB-INF/lib directory. For example, you may need to place into idm/WEB-INF/lib a JAR file containing a JDBC driver (for a DriverManager connection) or a JAR file containing a JNDI InitialContextFactory (for a DataSource connection). To determine the steps you may need to perform before you go on, see Appendix C, Database Reference. When finished, click Launch Setup to launch the Setup Wizard and continue with setup steps. If you click Launch Setup before copying your database files, setup will not proceed correctly. If this happens, quit the installation program, and then use the lh setup command to restart the setup portion of the installation process.


  6. Click Next on the Setup Wizard panel.

    The installer displays the Locate the Repository panel.

  7. Select a database from the list provided. Depending on your selection, setup prompts for additional setup information.

    See Appendix C, Database Reference, for selections and setup instructions.

  8. Click Next.

    The Continue Identity Manager Demo Setup? panel appears.

  9. If this is a non-demo installation click No, I will configure Identity Manager myself.

    Otherwise, if appropriate, click Yes, I would like to continue setting up a demonstration environment. This option allows you to quickly configure users and enter environment and server information.

  10. Enter the following personal information:

    • First name

    • Last name

    • Email address

    This personal information is used to create the Approver user (with configurator privileges.)

  11. Enter the following Approver information:

    • Approver name

    • Approver password

  12. Click Next.

  13. Select the Server Type from the list.

    Select None if your environment has no server to manage. If there is a server you wish to manage, select the appropriate server type. You will be prompted for further server information as appropriate.

  14. If you have an email SMTP server, click SMTP Host and enter the server address. If desired, click Test Server to verify communication to the SMTP server.

  15. If you would like email notifications to be written to a file, click Notification File. Click Browse to select another notification file.

  16. Click Next.

    The installer displays the Import Save Configuration panel.

  17. Click Execute to perform all the listed functions. If desired, click Hide Details.

  18. When all functions complete, click Done in the setup panel.

  19. If the application server is installed on a UNIX machine, change directories to the $WSHOME/bin directory and run the following command to allow the scripts in this directory to be executed.


    chmod -R +x *
  20. Remove the Cryptix JAR files (cryptix-jce-api.jar and cryptix-jce-provider.jar) from the $WSHOME/WEB-INF/lib directory (UNIX), or the %WSHOME%\WEB-INF\lib directory (Windows).


    Note –

    The Cryptix JAR files are no longer included and no longer supported. You need to remove them if you haven’t already. If you have customized your Waveset.properties file, please make sure that security.jce.workaround property is set to false or removed. An exception will be thrown if this property is set to true because the intention of this property will not be fulfilled.


Getting More Information

When installation completes, the installer displays the Installation Summary panel. For detailed information about the installation, click Details.

Not all messages may not be displayed here. View the log file (identified in details) for more information.

When finished, click Close to exit the installer.

After successfully completing, the installer installation, continue setup by configuring the WebLogic server.

Step 3: Deploy the Application

By default, WebLogic automatically deploys Identity Manager from the applications or autodeploy directory. Use the WebLogic Console to deploy Identity Manager if automatic deployment is not enabled.

Step 4: Add the Application Main Page to Default Documents for IIS (optional)

If you are using Internet Information Server (IIS) as your Web server, you must add index.html to the list of Default Documents (under Properties) on the Identity Manager virtual directory in IIS. Otherwise, the Identity Manager main page will not resolve correctly when accessing the Identity Manager server.

Step 5: Install Optional Components

If your IT environment has Windows Active Directory, Novell NetWare, Domino, Remedy, or RSA ACE/Server resources, you should install the Identity Manager Gateway.

If your IT environment has Windows Active Directory domains, you should also install PasswordSync. The Identity Manager PasswordSync feature keeps user password changes made on Windows Active Directory domains synchronized with other resources defined in Identity Manager.

See Part III, Installing Optional Components for installation information.

Chapter 7 Installing Identity Manager on WebSphere

Follow these steps to install Identity Manager on the IBM WebSphere Application Server.

Step 1: Configure WebSphere

Use the following procedure to prepare the application server for Identity Manager:

ProcedureTo Configure WebSphere for Identity Manager

Before You Begin

You should have a WebSphere application server and servlet engine installed.

  1. Create a staging directory and name it idm_staging.

  2. Copy the idm.war file from the base directory of the installation media to the idm_staging directory.

  3. Unjar the idm.war file in the idm_staging directory:

    jar -xvf idm.war

  4. Set the environment variables JAVA_HOME and WSHOME. For example, in Windows do the following:

    set JAVA_HOME=c:\Program Files\WebSphere\AppServer\java

    set WSHOME=Path To IDMStaging Directory


    Note –

    Make sure the value of the WSHOME environment variable does NOT contain the following:

    • Quotation marks (" ")

    • A slash or backslash at the end of the path (/ or \)

    Do not use quotation marks, even if the path to the application deployment directory contains spaces.


  5. If you plan to use a database, you may need to copy one or more files to the idm\WEB-INF\lib directory. To determine the steps you may need to perform before you go on, see Appendix C, Database Reference. When finished, launch setup to continue with installation.


    Note –

    If you launch setup before copying your database files, setup will not proceed correctly. Copy the files, and then use the lh setup command to restart the setup portion of the installation process.


  6. If you plan to use the Identity Manager Service Provider feature and you are using the IBM 1.5 JDK (or later), set the following properties:

    1. In the was-install/java/jre/lib directory, rename the jaxb.properties.sample to jax.properties and uncomment these two lines:

      javax.xml.parsers,SAXParserFactory=org.apache.xerces.jaxp.SAXParserFactoryImpl

      javax.xml.parsers.DocumentBuilderFactory=org.apache.xerces.jaxp.DocumentBuilderFactoryImpl

    2. Save the file and restart the application server.

Step 2: Install the Identity Manager Software

ProcedureTo Install Identity Manager on WebSphere

Before You Begin

If you are installing multiple instances of Identity Manager on a single application server, change the waveset.serverId system property to a unique name for each Identity Manager instance. By default, the waveset.serverId Java system property is the name of the machine the application server is installed on. To set this property to another value, add the following command to the startup script for your application server.

-Dwaveset.serverId=Name

  1. You may install the software using one of two methods:

    • Using the installer Graphic User Interface

      Run the install.bat (for Windows) or install (for UNIX) command to launch the installation process.

      If you copy the files from the installation media to your own location, note that the idm.war and install.class files must be in the same directory.

      The installer displays the Welcome panel.

    • Using the nodisplay option (UNIX only)

      Change directory to the Identity Manager software location. Enter the following command to activate the installer in nodisplay mode:

      install -nodisplay

      The installer displays the Welcome text. The installer then presents a list of questions to gather installation information in the same order as the Graphic User Interface installer in these procedures.

    If no display is present, the installer defaults to the nodisplay option. The DISPLAY environment variable must be set to a valid X server or the installation may fail.

  2. Click Next to display the Install or Upgrade? panel.

  3. Leave the New Installation option selected, and then click Next.

    The installer displays the Select Installation Directory panel.

  4. Replace the displayed directory location with the location where you want to install Identity Manager. This could be a staging location or a specific folder. Enter the location (or click Browse to locate it), and then click Next.

  5. Click Next to begin installation.

    After installing files, the installer displays the Launch Setup panel.

  6. Select a database from the list provided. Depending on your selection, setup prompts for additional setup information.


    Note –

    Before you continue, if you plan to use a database, you may need to copy one or more files to the idm/WEB-INF/lib directory. For example, you may need to place a JAR file containing a JDBC driver (for a DriverManager connection) or a JAR file containing a JNDI InitialContextFactory (for a DataSource connection). To determine the steps you may need to perform before you go on, see Appendix C, Database Reference. If you are planning to use a Data Source as your repository location, see the special instructions in Appendix D, Configuring Data Sources for Identity Manager.

    When finished, click Launch Setup to launch the Setup Wizard and continue with setup steps. If you click Launch Setup before copying your database files, setup will not proceed correctly. If this happens, quit the installation program, and then use the lh setup command to restart the setup portion of the installation process.


  7. Click Next on the Setup Wizard panel.

    The product displays the Locate the Repository panel.

  8. Select a database from the list of displayed options.

    Depending on your selection, setup prompts for additional setup information.


    Note –

    See Appendix C, Database Reference, for selections and setup instructions.


  9. Click Next.

    The Continue Identity Manager Demo Setup? panel appears.

  10. If this is a non-demo installation, click No, I will configure Identity Manager myself and go to Step 3: Deploy the Application.

    Otherwise, if appropriate, click Yes, I would like to continue setting up a demonstration environment. This option allows you to quickly configure users and enter environment and server information.

  11. Enter the following personal information:

    • First name

    • Last name

    • Email address

    This personal information is used to create the Approver user (with configurator privileges).

  12. Enter the following Approver information:

    • Approver name

    • Approver password

  13. Click Next.

  14. Select the Server Type from the list.

    Select None if your environment has no server to manage. If there is a server you wish to manage, select the appropriate server type. You will be prompted for further server information as appropriate.

  15. If you have an email SMTP server, click SMTP Host and enter the server address. If desired, click Test Server to verify communication to the SMTP server.

  16. If you would like email notifications to be written to a file, click Notification File. Click Browse to select another notification file.

  17. Click Next.

    The installer displays the Import Save Configuration panel.

  18. Click Execute to perform all the listed functions. If desired, click Hide Details.

  19. When all functions complete, click Done in the setup panel.

  20. If the application server is installed on a UNIX machine, change directories to the $WSHOME/bin directory and run the following command to allow the scripts in this directory to be executed.


    chmod -R +x *

Step 3: Deploy the Application


Note –

The following procedure uses the Integrated Solutions Console, Version 6.1. The configuration procedure may vary for other versions of the Integrated Solutions Console.


ProcedureTo deploy Identity Manager on WebSphere

  1. Delete the following files, if they exist:

    • WEB-INF/lib/log.jar

    • WEB-INF/lib/j2ee.jar

    • WEB-INF/lib/ldap.jar

  2. Create a .war file from WSHOME:

    jar -cvf idm.war *

  3. Start the application server. You must use WebSphere’s script to do this. For example, if WebSphere’s binary files are installed in c:\Program Files\WebSphere\AppServer\bin and the application server is named server1:


    cd c:\Program Files\WebSphere\AppServer\bin
    startServer.bat server1
  4. Start the WebSphere Integrated Solutions Console, and then select Applications—>Install New Application.

    The Preparing for the application installation panel displays.

    1. Add the full path to the idm.war file in the Local or Remote file system field.

    2. Add the path to the Context Root for the Identity Manager installation (for example, /idm).

    3. Select the Show me all installation options and parameters option, then click Next. A new panel is displayed.

  5. Select the Generate Default Bindings option. (Use the default selections for Override and Virtual Host.) Click Next.

  6. Accept the was.policy file that is displayed under the heading Application Security Warnings. Scroll down to the bottom of this file and click the Continue button.

  7. Configure the Step 1: Select installation options page as needed.

    • If you want to install the application to a different location than WebSphere’s default location, enter the path to install the application in the Directory to Install Application field. For example:

      c:\Program Files\WebSphere\AppServer\installedApps\Hostname

    • Make sure the Distribute Application and Use Binary Configuration options are selected.

    • Make sure that the Create Mbeans for Resources and Deploy Enterprise Beans options are not selected.

    • Enter the name of the application in the Application Name field (the default is idm).

    • If desired, select the Enable class reloading option.

      Click Next after configuring this dialog.

  8. Make sure the Step 2: Map modules to servers panel displays a line for the current release of Identity Manager and that it maps to the appropriate server. Click Step 6: Map virtual hosts for Web modules.

  9. Make sure the Step 6: Map virtual hosts for Web modules panel displays a line for the current release of Identity Manager and that it maps to the appropriate virtual host, and then click Step 8: Summary.

  10. Review the summary of options, then click Finish.

  11. After Identity Manager has been installed, click Save to Master Configuration to save the configuration.

  12. Click Save, and then wait for the page to clear.

  13. Stop the Identity Manager application.

  14. Add the following line to your WAS_ROOT/profiles/ProfileName/installedApps/nodename/EnterpriseAppName/idm.war/WEB-INF/ibm-web-ext.xmi file


    <jspAttributes xmi:id="JSPAttribute_1" name="jdkSourceLevel" value="15"/>

    This line causes the application server to compile JSPTM files in Java 5.

  15. Restart Identity Manager.

Step 4: Install Optional Components

If your IT environment has Windows Active Directory, Novell NetWare, Domino, Remedy, or RSA ACE/Server resources, you should install the Identity Manager Gateway.

If your IT environment has Windows Active Directory domains, you should also install PasswordSync. The Identity Manager PasswordSync feature keeps user password changes made on Windows Active Directory domains synchronized with other resources defined in Identity Manager.

See Part III, Installing Optional Components for installation information.

Chapter 8 Installing Identity Manager on JBoss

Follow these steps to install Identity Manager on the JBoss application server:

Step 1: Install the Identity Manager Software

ProcedureTo Install Identity Manager on JBoss

Before You Begin

If you are installing multiple instances of Identity Manager on a single application server, change the waveset.serverId system property to a unique name for each Identity Manager instance. By default, the waveset.serverId Java system property is the name of the machine the application server is installed on. To set this property to another value, add the following command to the startup script for your application server.

-Dwaveset.serverId=Name

  1. Set the environment variables JAVA_HOME and WSHOME:

    set JAVA_HOME=/PathTo/java set WSHOME=Path To IDM Directory


    Note –

    Make sure the value of the WSHOME environment variable does NOT contain the following:

    • Quotation marks (" ")

    • A slash or backslash at the end of the path (/ or \)

    Do not use quotation marks, even if the path to the application deployment directory contains spaces.


  2. You may install the software using one of two methods:

    • Using the installer Graphic User Interface

      Run the install.bat (for Windows) or install (for UNIX) command to launch the installation process.

      The installer displays the Welcome panel.

    • Using the nodisplay option (UNIX only)

      Change directory to the Identity Manager software location. Enter the following command to activate the installer in nodisplay mode:

      install -nodisplay

      The installer displays the Welcome text. The installer then presents a list of questions to gather installation information in the same order as the Graphic User Interface installer in these procedures.

    If no display is present, the installer defaults to the nodisplay option. The DISPLAY environment variable must be set to a valid X server or the installation may fail.

  3. Click Next to display the Install or Upgrade? panel.

  4. Leave the New Installation option selected, and then click Next.

    The installer displays the Select Installation Directory panel.

  5. Replace the displayed directory location with a staging directory. Enter the location (or click Browse to locate it), and then click Next.


    Note –

    If the directory you enter does not exist, the installer prompts for confirmation, and then creates the directory.


  6. Click Next to begin installation.

    After installing files, the installer displays the Launch Setup panel.

  7. Add the Java mail.jar and activation.jar files to the $WSHOME/WEB-INF/lib directory (UNIX), or the %WSHOME%\WEB-INF\lib directory (Windows). These files can be found at:

    http://java.sun.com/products/javamail

    http://java.sun.com/products/beans/glasgow/jaf.html


    Note –

    Before you continue, if you plan to use a database, you may need to copy one or more files to the idm\WEB-INF\lib directory. For example, you may need to place into idm/WEB-INF/lib a JAR file containing a JDBC driver (for a DriverManager connection) or a JAR file containing a JNDI InitialContextFactory (for a DataSource connection). To determine the steps you may need to perform before you go on, see Appendix C, Database Reference. If you are planning to use a Data Source as your repository location, see the special instructions in Appendix D, Configuring Data Sources for Identity Manager.

    When finished, click Launch Setup to launch the Setup Wizard and continue with setup steps. If you click Launch Setup before copying your database files, setup will not proceed correctly. If this happens, quit the installation program, and then use the lh setup command to restart the setup portion of the installation process.


  8. Click Next on the Setup Wizard panel.

    The product displays the Locate the Repository panel.

  9. Select a database from the list provided. Depending on your selection, setup prompts for additional setup information.

    See Appendix C, Database Reference, for selections and setup instructions.

  10. Click Next.

    The Continue Identity Manager Demo Setup? panel appears.

  11. If this is a non-demo installation, click No, I will configure Identity Manager myself. Go to Step 2: Install Optional Components.

    Otherwise, if appropriate, click Yes, I would like to continue setting up a demonstration environment. This option allows you to quickly configure users and enter environment and server information.

  12. Enter the following personal information:

    • First name

    • Last name

    • Email address

    This personal information is used to create the Approver user (with configurator privileges.)

  13. Enter the following Approver information:

    • Approver name

    • Approver password

  14. Click Next.

  15. Select the Server Type from the list.

    Select None if your environment has no server to manage. If there is a server you wish to manage, select the appropriate server type. You will be prompted for further server information as appropriate.

  16. If you have an email SMTP server, click SMTP Host and enter the server address. If desired, click Test Server to verify communication to the SMTP server.

  17. If you would like email notifications to be written to a file, click Notification File. Click Browse to select another notification file.

  18. Click Next.

    The installer displays the Import Save Configuration panel.

  19. Click Execute to perform all the listed functions. If desired, click Hide Details.

  20. When all functions complete, click Done in the setup panel.

    When installation completes, the installer displays the Installation Summary panel. For detailed information about the installation, click Details.

    Not all messages may not be displayed here. View the log file (identified in details) for more information.

    When finished, click Close to exit the installer.

  21. Create a .war file from WSHOME:

    jar -cvf idm.war *

  22. Copy the idm.war file to the JBoss deploy directory. (For example, InstallDir\server\default\deploy)

  23. If the application server is installed on a UNIX machine, change directories to the $WSHOME/bin directory and run the following command to allow the scripts in this directory to be executed.


    chmod -R +x *

Step 2: Install Optional Components

If your IT environment has Windows Active Directory, Novell NetWare, Domino, Remedy, or RSA ACE/Server resources, you should install the Identity Manager Gateway.

If your IT environment has Windows Active Directory domains, you should also install PasswordSync. The Identity Manager PasswordSync feature keeps user password changes made on Windows Active Directory domains synchronized with other resources defined in Identity Manager.

See Part III, Installing Optional Components for installation information.

Chapter 9 Installing Identity Manager on Oracle Application Server 10g

Follow these steps to install Identity Manager on Oracle Application Server 10g Release 3.

Step 1: Install the Identity Manager Software

ProcedureTo Install Identity Manager on Oracle Application Server

Before You Begin

If you are installing multiple instances of Identity Manager on a single application server, change the waveset.serverId system property to a unique name for each Identity Manager instance. By default, the waveset.serverId Java system property is the name of the machine the application server is installed on. To set this property to another value, add the following command to the startup script for your application server.

-Dwaveset.serverId=Name

  1. You may install the software using one of two methods:

    • Using the installer Graphic User Interface

      Run the install.bat (for Windows) or install (for UNIX) command to launch the installation process.

      If you copy the files from the installation media to your own location, note that the idm.war and install.class files must be in the same directory.

      The installer displays the Welcome panel.

    • Using the nodisplay option (UNIX only)

      On UNIX systems, change directory to the software location. Enter the following command to activate the installer in nodisplay mode:

      install -nodisplay

      The installer displays the Welcome text. Click Next. The installer then presents a series of questions to gather installation information in the same order as the Graphic User Interface installer in these procedures.

    If no display is present, the installer defaults to the nodisplay option. The DISPLAY environment variable must be set to a valid X server or the installation may fail.

  2. Click Next. The installer displays the Software License Agreement page. Read the agreement, then if you accept, click the Yes (Accept License) button. The installer displays the Install or Upgrade? panel.

  3. Leave the New Installation option selected, and then click Next.

    The installer displays the Select Installation Directory panel.

  4. Replace the displayed directory location with the location where you want to install Identity Manager. This could be a staging location or a specific folder. Enter the location (or click Browse to locate it), and then click Next.


    Note –

    If the directory you enter does not exist, Identity Manager prompts for confirmation, and then creates the directory.


  5. On the Ready to Install page, click Install Now to begin installation.

    After installing the files, Identity Manager displays the Launch Setup panel.


    Note –

    Before you continue, if you plan to use a database, you may need to copy one or more files to the idm\WEB-INF\lib directory. For example, you may need to place into idm/WEB-INF/lib a JAR file containing a JDBC driver (for a DriverManager connection) or a JAR file containing a JNDI InitialContextFactory (for a DataSource connection). To determine the steps you may need to perform before you go on, see Appendix C, Database Reference. When finished, click Launch Setup to launch the Setup Wizard and continue with setup steps.

    A pop-up window will ask if you have copied all JAR files. If you have, click Yes, Continue.

    If you click Launch Setup before copying your database files, setup will not proceed correctly. If this happens, quit the installation program, and then use the lh setup command to restart the setup portion of the installation process.


  6. Click Next on the Sun Setup Wizard panel.

    The installer displays the Locate the Repository panel.

  7. Select a database from the list provided. Depending on your selection, setup prompts for additional setup information.

    See Appendix C, Database Reference, for selections and setup instructions.

  8. Click Next.

    The Continue Identity Manager Demo Setup? panel appears.

  9. If this is a non-demo installation, click No, I will configure Identity Manager myself.

    Otherwise, if appropriate, click Yes, I would like to continue setting up a demonstration environment. This allows you to quickly configure users and enter environment and server information.

  10. Enter the following personal information:

    • First name

    • Last name

    • Email address

    This personal information is used to create the Approver user (with configurator privileges.)

  11. Enter the following Approver information:

    • Approver name

    • Approver password

  12. Click Next.

  13. Select the Server Type from the list.

    Select None if your environment has no server to manage. If there is a server you wish to manage, select the appropriate server type. You will be prompted for further server information as appropriate.

  14. If you have an email SMTP server, click SMTP Host and enter the server address. If desired, click Test Server to verify communication to the SMTP server.

  15. If you would like email notifications to be written to a file, click Notification File. Click Browse to select another notification file.

  16. Click Next.

    The installer displays the Import Save Configuration panel.

  17. Click Execute to perform all the listed functions. If desired, click Hide Details.

  18. When all functions complete, click Done in the setup panel.

  19. If the application server is installed on a UNIX machine, change directories to the $WSHOME/bin directory and run the following command to allow the scripts in this directory to be executed.


    chmod -R +x *

Getting More Information

When installation completes, the installer displays the Installation Summary panel. For detailed information about the installation, click Details.

Not all messages may not be displayed here. View the log file (identified in details) for more information.

When finished, click Close to exit the installer.

After completing installation, continue by optionally installing the Identity Manager Gateway.

Step 2. Deploy Identity Manager on Oracle Application Server

ProcedureTo Deploy Identity Manager on Oracle Application Server

  1. Open a command prompt, then change to the staging directory where you installed the Identity Manager files. (This is the directory you specified in Step 1: Install the Identity Manager Software in the procedure Step 1: Install the Identity Manager Software)

  2. Create a .war file with the Identity Manager files by using the jar.exe (on Windows) or jar (on UNIX) command:

    c:\java1.5\bin\jar.exe cvf ..\idm.war * /usr/bin/jar cvf ../idm.war *

  3. Launch your application server and log in to the Oracle Application Server Control Console.

  4. Navigate to the Cluster Topology page. Select View by Application Servers. Then select the OC4J name link.

  5. On the OC4J Home page, click the Applications link.

  6. Click the Deploy... button.

  7. In the Archive text box, enter the file path for the idm.war file.

  8. In the Deployment Plan section, select Automatically create a new deployment plan. Then click Next.

  9. When the Deploy: Application Attributes page displays, set the Application Name to idm. Set the Context Root to /idm, and then click Next.

  10. Set any Deployment Settings as necessary for your site.

  11. Click the Deploy button. The console displays a confirmation page when Identity Manager has been deployed.

Step 3. Install Optional Components

If your IT environment has Windows Active Directory, Novell NetWare, Domino, Remedy, or RSA ACE/Server resources, you should install the Identity Manager Gateway.

If your IT environment has Windows Active Directory domains, you should also install PasswordSync. The Identity Manager PasswordSync feature keeps user password changes made on Windows Active Directory domains synchronized with other resources defined in Identity Manager.

See Part III, Installing Optional Components for installation information.