Pre-Installation Tasks for the WebLogic Server/Portal 10 Agent

• Setting Your JAVA_HOME Environment Variable

• Downloading and Unzipping the WebLogic Server/Portal 10 Agent Distribution File

• Creating a Password File

• Creating an Agent Administrator

• Creating an Agent Profile

Setting Your JAVA_HOME Environment Variable

Version 3.0 agents including the agentadmin program require JDK 1.5 or later on the server where you want to install the agent. Before you install the agent, set your JAVA_HOME environment variable to point to the JDK installation directory.

Downloading and Unzipping the WebLogic Server/Portal 10 Agent Distribution File

To Download and Unzip the Agent Distribution File

1. Login to the server where you want to install the agent.

2. Create a directory to unzip the agent distribution file.

3. Download and unzip the weblogic_v10_agent_3.zip distribution file from one of the following sites:

   • Sun Downloads site under View by Category, Identity Management, and Policy Agents: http://www.sun.com/download/index.jsp

   • OpenSSO project: https://opensso.dev.java.net/public/use/index.html

   The following table shows the layout after you unzip the agent distribution file.

   These files are relative to AgentHome/j2ee_agents/weblogic_v10_agent, where AgentHome is where you unzipped the agent distribution file.

   PolicyAgent-base (also used in this guide) is AgentHome/j2ee_agents/weblogic_v10_agent.

   File or Directory	Description
   README.txt and license.txt	Readme and license files
   /bin	agentadmin and agentadmin.bat programs
   /config	Template, properties, and XML files
   /data	license.log file. Do not edit this file.
   /etc	Agent application (agentapp.war) For information, see Deploying the Agent Application.
   /lib	Required JAR files
   /locale	Required properties files
   /install-logs	Log files
   /sampleapp	Policy agent sample application. For information, see Deploying the Policy Agent Sample Application.

Creating a Password File

A password file is an ASCII text file with only one line specifying the password in clear text. By using a password file, you are not forced to expose a password at the command line during the agent installation.

When you install the WebLogic Server/Portal 10 agent using the agentadmin program, you are prompted to specify paths to following password files:

• An agent profile password file is required for both the agentadmin default and custom installation options.

• An agent administrator password file is required only if you use the custom installation option and have the agentadmin program automatically create the agent profile in OpenSSO Enterprise server during the installation.

To Create a Password File

1. Create an ASCII text file for the agent profile. For example: /tmp/wl10agentpw

2. If you want the agentadmin program to automatically create the agent profile in OpenSSO Enterprise server during the installation, create another password file for the agent administrator. For example: /tmp/agentadminpw

3. Using a text editor, enter the appropriate password in clear text on the first line in each file.

4. Secure each password file appropriately, depending on the requirements for your deployment.

Creating an Agent Administrator

An agent administrator can manage agents in OpenSSO Enterprise, including:

• Agent management: Use the agent administrator to manage agents either in the OpenSSO Enterprise Console or by executing the ssoadm utility.

• Agent installation: If you install the agent using the custom installation option (agentadmin --custom-install) and want to have the installation program create the agent profile, specify the agent administrator (and password file) when you are prompted.

To Create a Policy Agent Administrator

1. Login to OpenSSO Enterprise Console as amadmin.

2. Create a new agents administrator group:

   1. Click Access Control, realm-name, Subjects, and then Group.

   2. Click New.

   3. In ID, enter the name of the group. For example: agentadmingroup

   4. Click OK.

3. Create a new agent administrator user and add the agent administrator user to the agents administrator group:

   1. Click Access Control, realm-name, Subjects, and then User.

   2. Click New and provide the following values:

      • ID: Name of the agent administrator. For example: agentadminuser

        This is the name you will use to login to the OpenSSO Enterprise Console .

      • First Name (optional), Last Name, and Full Name.

        For simplicity, use the same name for each of these values that you specified in the previous step for ID.

      • Password (and confirmation)

      • User Status: Active

   3. Click OK.

   4. Click the new agent administrator name.

   5. On the Edit User page, click Group.

   6. Add the agents administrator group from Available to Selected.

   7. Click Save.

4. Assign read and write access to the agents administrator group:

   1. Click Access Control, realm-name, Privileges and then on the new agents administrator group link.

   2. Check Read and write access to all configured Agents.

   3. Click Save.

Next Steps

Login into the OpenSSO Enterprise Console as the new agent administrator. The only available top-level tab is Access Control. Under realm-name, you will see only the Agents tab and sub tabs.

Creating an Agent Profile

The WebLogic Server/Portal 10 agent uses an agent profile and associated password to communicate with OpenSSO Enterprise server. You can create an agent profile using any of these three methods:

• Create the agent profile automatically during installation when you run the agentadmin program with the --custom-install option.

  Note: To create the agent profile automatically during installation, the agentadmin program prompts you for an administrator with agent administrative privileges in OpenSSO Enterprise (and the path to the associated password file). Therefore, this user must exist in OpenSSO Enterprise before you run the agentadmin program. If you prefer, you can specify amadmin as this user.

• Use the OpenSSO Enterprise Administration Console, as described in To Create an Agent Profile in the OpenSSO Enterprise Console.

• Use the ssoadm command-line utility with the create-agent subcommand. For more information about the ssoadm command, see the Sun OpenSSO Enterprise 8.0 Administration Reference.

To Create an Agent Profile in the OpenSSO Enterprise Console

1. Login to the Console as amAdmin.

2. Click Access Control, realm-name, Agents, and J2EE.

3. Under Agent, click New.

4. In the Name field, enter the name for the new agent profile. For example: WLS10Agent

5. Enter and confirm the Password.

   Important: This password must be the same password that you enter in the agent profile password file that you specify when you run the agentadmin program to install the agent.

6. For Configuration, check the location of the agent configuration properties:

   • Local: Properties are stored in the OpenSSOAgentConfiguration.properties file on the server where the agent is deployed.

   • Centralized: Properties are stored in the OpenSSO Enterprise centralized data repository. (This option applies to OpenSSO Enterprise only and not to Access Manager 7.1 or Access Manager 7 2005Q4.)

7. In the Server URL field, enter the OpenSSO Enterprise server URL.

   For example: http://openssohost.example.com:58080/opensso

8. In the Agent URL field, enter the URL for the agent application (agentapp).

   For example: http://agenthost.example.com:8090/agentapp

9. Click Create.

   The console creates the agent profile and displays the J2EE Agent page again with a link to the new agent profile.

   To do additional configuration for the agent, click this link to display the Edit agent page. For information about the agent configuration fields, see the Console online Help.