Installation and Deployment

The following issues are related to the installation of Federation Manager and its deployment on the supported web containers.

• Error 404-Not Found When Deploying federation.war on WebLogic 8.1 Application Server Under Windows

• Federation Manager installation error on Linux if Application Server 8 is installed by JES4 (6434059)

• Escape special characters in silent install file and sample XML files (6431990)

• Update the Java Web Services Developer Pack packages before installing on Solaris 9/10. (6334913)

• fmwar does not prompt for a JAVA_HOME value. (6333234)

• SUNWjhrt is not installed when JAVA_HOME is not set. (6324701)

• Installation fails if space is used in INST_ORGANIZATION property value (6324192)

• Stock ticker sample does not work on WebSphere Application Server (6322964)

Error 404-Not Found When Deploying federation.war on WebLogic 8.1 Application Server Under Windows

The root cause is that Federation Manager can not find the right authentication module XML file due to the use of an incorrect file separator. This problem happens with JDK 1.4.x only.

WORKAROUND: Run the following command to add the proper separator before the final start command in the startWeblogic.bat script:

# set JAVA_OPTIONS=%JAVA_OPTIONS% -Dfile.separator=/
# echo %JAVA_OPTIONS%

Federation Manager installation error on Linux if Application Server 8 is installed by JES4 (6434059)

Federation Manager is based on Access Manager 6.3. Thus, the shared components are conflict with those in JES4 (which includes Access Manager 7.0).

WORKAROUND: The following procedure will install Federation Manager correctly.

1. Install Java Enterprise System 4 with Application Server 8 selected.

   ---

   Note –

   This will install the shared components.

   ---

2. Install the Federation Manager Linux rpm only using the command: fmsetup install -s silent_installation_file -p

   ---

   Note –

   Ignore error messages complaining about an rpm file conflict or that the installed rpm is newer than that bundled with Federation Manager.

   ---

3. Force install imq using the following command: rpm -i --force imq-3_5-03.i386.rpm

4. Run fmwar to generate the WAR using the following command: fmwar -n federation -d /var/opt/sun/identity/fm/war_staging -s silent_installation_file -g

5. Deploy the generated WAR on Application Server.

6. Add the follow lines to java.policy:

    // Federation Manager RELATED ADDITIONS
       grant {
          permission java.util.PropertyPermission "user.language", "write";
       };
       grant codeBase "file:${BASEDIR}/${PROD_DIR}/fm/web-src/WEB-INF/lib/am_sdk.jar" {
          permission java.net.SocketPermission "*", "connect,accept,resolve";
       };
       grant codeBase "file:${BASEDIR}/${PROD_DIR}/fm/web-src/WEB-INF/lib/am_services.jar" {
          permission java.net.SocketPermission "*", "connect,accept,resolve";
       };
       grant codeBase   "file:$AS81_VARDIR/domains/$AS81_DOMAIN/applications/j2ee-modules/${DEPLOY_WARPREFIX}/-" {
          permission java.net.SocketPermission "*", "connect,accept,resolve";
       };
       grant {
          permission java.lang.RuntimePermission "modifyThreadGroup";
          permission java.lang.RuntimePermission "setFactory";
          permission java.lang.RuntimePermission "accessClassInPackage.*";
          permission java.util.logging.LoggingPermission "control";
          permission java.lang.RuntimePermission "shutdownHooks";
          permission javax.security.auth.AuthPermission "insertProvider.Mozilla-JSS";
          permission java.security.SecurityPermission "putProviderProperty.Mozilla-JSS";
          permission javax.security.auth.AuthPermission "getLoginConfiguration";
          permission javax.security.auth.AuthPermission "setLoginConfiguration";
          permission javax.security.auth.AuthPermission "modifyPrincipals";
          permission javax.security.auth.AuthPermission "createLoginContext.*";
          permission java.security.SecurityPermission "insertProvider.Mozilla-JSS";
          permission javax.security.auth.AuthPermission "putProviderProperty.Mozilla-JSS";
          permission java.io.FilePermission "ALL FILES", "execute,delete";
          permission java.io.FilePermission "$VAR_SUBDIR/logs/*", "delete,write";
          permission java.util.PropertyPermission "java.util.logging.config.class", "write";
          permission java.security.SecurityPermission "removeProvider.SUN";
          permission java.security.SecurityPermission "insertProvider.SUN";
          permission java.security.SecurityPermission "removeProvider.Mozilla-JSS";
          permission javax.security.auth.AuthPermission "doAs";
          permission java.util.PropertyPermission "java.security.krb5.realm", "write";
          permission java.util.PropertyPermission "java.security.krb5.kdc", "write";
          permission java.util.PropertyPermission "java.security.auth.login.config", "write";
          permission javax.security.auth.kerberos.ServicePermission "*", "accept";
          permission javax.net.ssl.SSLPermission "setHostnameVerifier";
      };

Escape special characters in silent install file and sample XML files (6431990)

Special characters must be escaped (preceded with a back slash) in the silent installation file. Also, after installation, if you want to run the Liberty SSO or SPI samples, you need to edit the metadata XML files and escape the special characters before loading them using the amadmin command line tool.

WORKAROUND: Replace & with \&, or a space with \ . For example, rather than defining the INST_ORGANIZATION parameter in the silent installation file as INST_ORGANIZATION=dc=a b & c, use INST_ORGANIZATION=dc=a\ b\ \&\ c.

Update the Java Web Services Developer Pack packages before installing on Solaris 9/10. (6334913)

A fresh installation of the Solaris Operating System v.9/10 contains older versions of the following packages:

• SUNWjaxb

• SUNWjax

• SUNWwscl

• SUNWxrpcrt

• SUNWxsrt

These older versions are numbered 7.x. The newer versions installed by the Federation Manager installer are numbered 1.2.x. Because of this numbering convention, the newer packages will not be installed. Thus, the Java Web Services Developer Pack (JWSDP) packages need to be manually updated prior to installing Federation Manager. If this is not done, the installation might be successful, but a user will not be able to login to the Console due to a java.lang.NoClassDefFoundError exception.

The package timestamp can be used to verify which package is older.

WORKAROUND: Before installing Federation Manager, use pkginfo -l to check that the shared packages are the supported version as stated in the Sun Java System Federation Manager 7.0 User’s Guide. If an older package is found, remove it manually using pkgrm. The installer will deploy the correct packages.

fmwar does not prompt for a JAVA_HOME value. (6333234)

fmwar checks for the java file in the /usr/bin/ directory. If that file is present, fmwar assumes all Java components are present which is not always the case.

WORKAROUND: Set the JAVA_HOME environment variable to the location of the latest installed release of Java.

SUNWjhrt is not installed when JAVA_HOME is not set. (6324701)

SUNWjhrt is a shared package that performs an internal check for one of the following versions of Java before the package can be installed:

• pkginfo -q SUNWj2rt

• pkginfo -q SUNWj3rt

• pkginfo -q SUNWj5rt

If none of these versions is found, the installation script will abort, causing Federation Manager installation to fail.

WORKAROUND: Install the SUNWj3rt package bundled with the Federation Manager binary. Change to the directory where the Federation Manager binary was unpacked and run the following command from within the common directory:

pkgadd -d . SUNWj3rt

Alternately, you can download the Java Development Kit (JDK) version 1.5 from the Sun Developer Network and install the SUNWj5rt package from that binary. After installing the correct package, rerun fmsetup to install Federation Manager.

Installation fails if space is used in INST_ORGANIZATION property value (6324192)

Installation will fail if a space is used between individual components of the root distinguished name (DN). For example, the DN dc=sun, dc=com would cause the installation to fail. dc=sun,dc=com is acceptable.

WORKAROUND: Remove any typed space(s) between individual components of the root DN.

Stock ticker sample does not work on WebSphere Application Server (6322964)

The web service sample does not work when Federation Manager is deployed on WebSphere Application Server. This sample simulates a stock ticker and is located in the /FederationManager-base/SUNWam/fm/samples/liberty/webservices/stockticker directory.

WORKAROUND: Copy /usr/share/lib/jax-qname.jar to the classpath in websphere_install_root/WebSphere/AppServer/config/cells/cell-name/nodes/node-name/servers/server-instance/server.xml. For example:

<jvmEntries xmi:id="JavaVirtualMachine_1" verboseModeClass="false" 
verboseModeGarbageCollection="false" verboseModeJNI="false" 
initialHeapSize="256" maximumHeapSize="256" runHProf="false" 
hprofArguments="" debugMode="false" debugArgs="-Djava.compiler=NONE 
-Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=7777" 
genericJvmArguments="-Dcom.iplanet.am.serverMode=true">
<classpath>/usr/share/lib/jax-qname.jar</classpath>