Windows Systems: Installation-Related Configuration for Apache HTTP Server

After you have performed the basic installation process, you must create a configuration file for the web site (or web sites) that is to be protected by the agent and then you must configure the agent for that web site (or web sites). These tasks are described in the following subsections:

• Windows Systems: Creating Configuration Files, Agent for Apache HTTP Server

• Windows Systems: Configuring Agent for Apache HTTP Server for a Web Site

Windows Systems: Creating Configuration Files, Agent for Apache HTTP Server

The agent for Apache HTTP Server provides a Visual Basic (VB) script to help you create agent configuration files. When you run it, the VB script prompts for information related to the Web Site Identifier, the agent you are installing, and Access Manager. The script creates an agent configuration file based on the information you provide.

When you are deploying the agent on multiple web sites, you must create a unique agent configuration file for each of the web sites. Use the following steps to create multiple agent configuration files. However, ensure that you give a unique file name to each of the configuration files.

Windows Systems: To Create Configuration Files, Agent for Apache HTTP Server

1. Change to the directory:

   PolicyAgent-base\apache\bin

   This directory stores the VB script required to create the agent configuration file

2. Run the following command:

   cscript.exe ApacheCreateConfig.vbs defaultConfig
   

   ApacheCreateConfig.vbs

   is a VB script that saves your responses to prompts about the Apache HTTP Server host and the Access Manager host in a file. For this example, the file is represented by defaultConfig.

   defaultConfig

   represents the agent configuration file created by this command and for which you provide the actual name. This is a text file to which the output of the commands entered while running the script are written.

   ---

   Note –

   Give a unique name for this agent configuration file since you will need the same file to unconfigure the agent.

   ---

   The script prompts for information as it progresses with the creation of the agent configuration file. All the script prompts are displayed, for example purposes, in this step. However, information about the responses is presented in the subsequent steps.

   Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. Copyright c 2004 Sun Microsystems, Inc. All rights reserved Use is subject to license terms ------------------------------------------------- Apache 2.0.x Server ------------------------------------------------- Enter the Agent Resource File Name [ApacheResource.en] : Fully Qualified Host Name : agentHost.com Apache Binary Directory : c:\program files\apache group\apache2\bin Web Server Protocol [http] : Web Server Port [80] : Agent Deployment URI [/amagent] : ------------------------------------------------ Sun Java (TM) Enterprise System Access Manager ------------------------------------------------ Primary Server Host : amHost.com Primary Server Protocol [http] : Primary Server Port Number [58080] : Primary Server Deployment URI [/amserver] : Primary Server Console URI [/amconsole] : Failover Server Host : Agent-Access Manager Shared Secret : Re-enter Shared Secret : CDSSO Enabled [false] : ----------------------------------------------- Agent Configuration file created ==> agentConfig Execute the below command for Agent Configuration : cscript.exe ApacheAdmin.vbs -config agentConfig -----------------------------------------------

3. When prompted, provide the following information about the Apache HTTP Server instance that this agent will protect:

   Agent Resource File Name: Accept the default for this prompt (ApacheResource.en).

   Host Name: Enter the fully qualified domain name (FQDN) of the system on which Apache HTTP Server is installed.

   For example, if the host is agentHost, the subdomain is eng, and the domain is example.com, then the Host Name in this case is agentHost.eng.example.com.

   Server Protocol: If this instance of Apache HTTP Server has been configured for SSL, then select HTTPS; otherwise select HTTP.

   Server Port: Enter the port number of the Apache HTTP Server instance that will be protected by the agent.

   Agent Deployment URI: Enter a Universal Resource Identifier (URI) that will be used to access Agent for Apache HTTP Server. The default value is /amagent.

   ---

   Note –

   The web agent uses the value of the com.sun.am.policy.agents.config.agenturi.prefix property in the web agent AMAgent.properties configuration file to support some essential functions such as notification. Agent URI prefix is a configurable subset of Agent Deployment URI. It is important to set a valid URL for this property. Its value should be http://host.domain:port/agent-deployment-uri where host, domain and port are FQDN and port number of the Apache HTTP Server instance where the agent is installed and agent-deployment-uri is the URI where the Apache HTTP Server instance will look for web-agent related HTML pages. Its default value is amagent.

   The following is an example of an Agent Deployment URI:

   http://agentHost.example.com:80/amagent

   where the host name is agentHost and the domain name is example.com.

   ---

4. When prompted, provide the following information about the Access Manager host:

   Primary Server Host: Enter the FQDN of the primary Access Manager host.

   For example, if the host is amHost, the subdomain is eng, and the domain is example.com, then the Host Name in this case is amHost.eng.example.com.

   Primary Server Protocol: If the primary Access Manager host is SSL-enabled, select HTTPS. Otherwise select HTTP.

   Primary Server Port: Enter the port number for the primary Access Manager host.

   Primary Server Deployment URI: Enter the location that was specified when Access Manager was installed. The default URI for Access Manager is /amserver.

   Primary Console Deployment URI: Enter the location that was specified when Access Manager Console was installed. The default URI for Access Manager is /amconsole.

   Failover Server Host: Enter the FQDN of the secondary Access Manager host if the primary Access Manager host becomes unavailable. If no failover server host exists, then leave this field blank.

   Failover Server Port: Enter the port number of the secondary Access Manager host. If no failover server host exists, then leave this field blank.

   Failover Server Protocol: If the failover Access Manager host is SSL-enabled, select HTTPS. Otherwise select HTTP. If no failover server host exists, then leave this field blank.

   Failover Server Deployment URI: Enter the location that was specified when Access Manager was installed. The default URI for Access Manager is /amserver. If no failover server host exists, then leave this field blank.

   Failover Console Deployment URI: Enter the location that was specified when Access Manager Console was installed. The default URI for Access Manager is /amconsole. If no failover server host exists, then leave this field blank.

   Agent Access Manager Shared Secret: Enter the password for the Access Manager internal LDAP authentication user. This user is also referred to as amldapuser.

   For more information about the shared secret and its relationship with the Access Manager agent profile, see Chapter 4, The Relationship Between the Agent Profile and Web Agents in Policy Agent 2.2.

   Re-enter Shared Secret: Re-enter the password for the Access Manager internal LDAP authentication user (amldapuser).

   CDSSO Enabled: Check this box if you want to enable CDSSO.

   With the information you provide, the script creates the agent configuration file for you to use to configure this agent as described in the following section.

Windows Systems: Configuring Agent for Apache HTTP Server for a Web Site

Configure Agent for Apache HTTP Server for a web site after you have created an agent configuration file. If you have not already created an agent configuration file, create one as explained in Windows Systems: Creating Configuration Files, Agent for Apache HTTP Server.

To configure the agent for a web site, follow these steps:

Windows Systems: To Configure Agent for Apache HTTP Server for a Web Site

1. Change to the directory:

   PolicyAgent-base\apache\bin

2. Run the following command:

   cscript.exe ApacheAdmin.vbs -config defaultConfig

   ApacheAdmin.vbs

   is a VB script that uses the output of the ApacheCreateConfig.vbs script. The output was saved to a configuration file, which for this example is represented by defaultConfig.

   -config

   is the option that allows the output to be used to configure the web site.

   defaultConfig

   represents the agent configuration file created previously as described in Windows Systems: To Create Configuration Files, Agent for Apache HTTP Server.

   The script displays messages to indicate the progress of the configuration as shown in the following sample.

   Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. Copyright c 2004 Sun Microsystems, Inc. All rights reserved Use is subject to license terms Enter the Agent Resource File Name [ApacheResource.en]: Creating the AMAgent.properties File Modifying httpd.conf Completed Configuring the Agent for Apache 2.0.x. Re-start your server instance

3. Restart the web site.

4. Try accessing the web site (http://fqdn:port/index.html).

   This link should take you to the Access Manager login page. After a successful authentication, if the policy is properly defined, you should be able to view the resource.

   If you want to view the agent log file amAgent, do so at the following location:

   PolicyAgent-base\debug\apache_port

   where port is the port number of Apache HTTP Server.

   ---

   Note –

   If you want to configure the agent for multiple web sites, you must follow the preceding steps for each of the web sites.

   ---

Next Steps

The last step of this task addresses verification of the agent installation. See the section that follows (All Systems: Verifying a Successful Installation on Policy Agent 2.2) for an expanded explanation on verifying the agent installation.

If you want to configure multiple instances of Apache HTTP Server, you must set up multiple Apache HTTP Server Virtual Hosts, as described in All Systems: Configuring Agent for Apache HTTP Server on Multiple Apache HTTP Server Virtual Hosts.