Sun Java System Access Manager Policy Agent 2.2 Guide for Apache HTTP Server 2.0.54

GUI Installation of Agent for Apache HTTP Server on Solaris Systems

Use the following instructions to install a web agent using the GUI on Solaris systems.

ProcedureTo Install Agent for Apache HTTP Server on Solaris Systems Using the GUI

You must have root permissions when you run the web agent installation program.

  1. Unpack the product binary in the directory of your choice using the following command:

    # gunzip -dc binaryname.tar.gz| tar -xvof -

  2. In the directory in which you unpack the binaries, issue the following command:

    # ./setup

    The Welcome page appears.

  3. In the Welcome page, click Next.

  4. Read the License Agreement. Click Yes to agree to the license terms.

  5. In the Select Installation Directory panel, specify the directory where you would like to install the web agent.

    Install the web agent in this directory: Enter the full path to the directory where you want to install the web agent. The default installation directory is /opt.

    The directory you choose in which to install the web agent is referred to as the Policy Agent base directory, or PolicyAgent-base.

  6. Click Next and provide the following information about the Apache HTTP Server instance the agent will protect:

    Host Name: Enter the fully qualified domain name (FQDN) of the machine where the Apache HTTP Server instance is installed.

    For example, if the host is host1, the subdomain is eng, and the domain is example.com, then the Host Name in this case is host1.eng.example.com.

    Apache Binary Directory: Enter the full path to the directory where the Apache HTTP Server binary, therefore the httpd binary, is installed. An example pathname follows:


    Apache-base/bin

    where Apache-base represents the directory where Apache HTTP Server was installed. Refer to the Apache HTTP Server documentation for the specific path name.

    Web Server Port: Enter the port number for the Apache HTTP Server instance that will be protected by the web agent.

    Web Server Protocol: If the Apache HTTP Server instance has been configured for SSL, choose HTTPS; otherwise choose HTTP.

    Agent Deployment URI: Enter a Universal Resource Identifier (URI) that will be used to access Agent for Apache HTTP Server. The default value is /amagent.


    Note –

    The web agent uses the value of the com.sun.am.policy.agents.config.agenturi.prefix property in the web agent AMAgent.properties configuration file to support some essential functions such as notification. Agent URI prefix is a configurable subset of Agent Deployment URI. It is important to set a valid URL for this property. Its value should be http://host.domain:port/agent-deployment-uri where host, domain and port are FQDN and port number of the Apache HTTP Server instance where the agent is installed and agent-deployment-uri is the URI where the Apache HTTP Server instance will look for web-agent related HTML pages. Its default value is amagent.

    The following is an example of an Agent Deployment URI:

    http://host1.example.com:80/amagent

    Apache Config Directory: Enter the full path to the directory that contains the Apache HTTP Server configuration file httpd.conf. An example pathname follows:

    Apache-base/conf

    where Apache-base represents the directory where Apache HTTP Server was installed.

    SSL Ready: Select this option if the Apache HTTP Server instance you are using has support for SSL. Your Apache HTTP Server instance is considered SSL ready if it has support for mod_ssl and its sources have been compiled using EAPI rule.

    To find out if your Apache HTTP Server instance has been compiled with the EAPI flag, go to the bin directory of the Apache HTTP Server instance and type the following command:

    # ./httpd -V

    You can see various flags that the Apache HTTP Server instance was compiled with. If the flag -D EAPI is displayed in this list, it indicates that your Apache HTTP Server instance is SSL ready. However, if you do not see this flag, it does not necessarily indicate that the Apache HTTP Server instance does not have support for mod_ssl.

    The supported configurations for Apache HTTP Server are:

    • Apache HTTP Server without mod_ssl support

    • Apache HTTP Server with mod_ssl and EAPI flag enabled.


    Note –

    Apache HTTP Server with mod_ssl support and EAPI flag disabled configuration is not supported by Policy Agent 2.2.


  7. When you have entered all the information correctly, click Next.

  8. Enter information about the Access Manager host.

    The web agent will connect to this server.

    Primary Server Host: Enter the FQDN of the primary Access Manager host.

    For example, if the host is host3, the subdomain is eng, and the domain is example.com, then the Host Name in this case is host3.eng.example.com.

    Primary Server Port: Enter the port number for the primary Access Manager host.

    Primary Server Protocol: If the primary Access Manager host is SSL-enabled, select HTTPS. Otherwise select HTTP.

    Primary Server Deployment URI: Enter the location that was specified when Access Manager was installed. The default URI for Access Manager is /amserver.

    Primary Console Deployment URI: Enter the location that was specified when Access Manager Console was installed. The default URI for Access Manager is /amconsole.

    Failover Server Host: Enter the FQDN of the secondary Access Manager host if the primary Access Manager host becomes unavailable. If no failover server host exists, then leave this field blank.

    Failover Server Port: Enter the port number of the secondary Access Manager host. If no failover server host exists, then leave this field blank.

    Failover Server Protocol: If the failover Access Manager host is SSL-enabled, select HTTPS. Otherwise select HTTP. If no failover server host exists, then leave this field blank.

    Failover Server Deployment URI: Enter the location that was specified when Access Manager was installed. The default URI for Access Manager is /amserver. If no failover server host exists, then leave this field blank.

    Failover Console Deployment URI: Enter the location that was specified when Access Manager Console was installed. The default URI for Access Manager is /amconsole. If no failover server host exists, then leave this field blank.

    Agent Access Manager Shared Secret: Enter the password for the Access Manager internal LDAP authentication user. This user is also referred to as amldapuser.

    For more information about the shared secret and its relationship with the Access Manager agent profile, see Chapter 4, The Relationship Between the Agent Profile and Web Agents in Policy Agent 2.2.

    Re-enter Shared Secret: Re-enter the password for the Access Manager internal LDAP authentication user (amldapuser).

    CDSSO Enabled: Check this box if you want to enable CDSSO.

  9. After entering all the information, click Next.

  10. Review the installation summary to ensure that the information you have entered is correct.

    Note that it displays the CDCServlet URL if you have checked the CDSSO Enabled box in the previous panel.

    If you want to make changes, click Back. If all the information is correct, click Next.

  11. In the Ready to Install panel, click Install Now.

  12. When the installation is complete, you can click Details to view details about the installation, or click Exit to end the installation program.

  13. Restart the Apache HTTP Server instance on which you just installed the agent.

Next Steps

To ensure that the installation was successful, see All Systems: Verifying a Successful Installation on Policy Agent 2.2.

If you want to configure multiple instances of Apache HTTP Server, you must set up multiple Apache HTTP Server Virtual Hosts, as described in All Systems: Configuring Agent for Apache HTTP Server on Multiple Apache HTTP Server Virtual Hosts.