Deployment Example: Single Sign-On, Load Balancing and Failover Using Sun OpenSSO Enterprise 8.0

7.1 Installing the Distributed Authentication User Interface Web Containers

In this section, we will create a non-root user on the two machines that will host the Distributed Authentication User Interface and install Sun Java System Web Server using the non-root user. Use the following list of procedures as a checklist for completing the task.

ProcedureTo Create a Non-Root User on the Distributed Authentication User Interface 1 Host Machine

Create the non-root user using the roleadd command in the Solaris Operating Environment on the Distributed Authentication User Interface 1 (da-1) host machine.

  1. As a root user, log in to the da-1 host machine.

  2. Use roleadd to create a new user.


    # roleadd -s /sbin/sh -m -g staff -d /export/da80adm da80adm
    
  3. (Optional) Verify that the user was created.


    # cat /etc/passwd
    
    root:x:0:0:Super-User:/:/sbin/sh
    daemon:x:1:1::/:
    ...
    nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
    da80adm:x:223830:10::/export/da80adm:/sbin/sh
  4. (Optional) Verify that the user's directory was created.


    # cd /export/da80adm
    # ls
    
    local.cshrc    local.profile    local.login
  5. (Optional) Create a password for the non-root user.


    # passwd da80adm 
    New Password: da80a6m
    Re-ener new Pasword: da80a6m
    
    passwd: password successfully changed for da80adm

    Note –

    If you do not perform this step, you will not be able to switch user (su) when logged in as the non-root user.


ProcedureTo Install the Web Server for Distributed Authentication User Interface 1

Before You Begin
  1. On the da-1 host machine, install required patches if necessary.

    In this case, the Release Notes indicate that based on the hardware and operating system being used, patch 117461–08, patch 119963–08, and patch 120011–14 are required.

    1. Run patchadd to see if the patches are already installed.


      # patchadd -p | grep 117461–08
      

      A list of patch numbers is displayed. This machine is already patched with 117461–08.


      # patchadd -p | grep 119963-08
      

      No results are returned which indicates that the patch is not yet installed on the system.


      # patchadd -p | grep 120011-14
      

      No results are returned which indicates that the patch is not yet installed on the system.

    2. Make a directory for downloading the patches you need and change into it.


      # mkdir /export/patches
      # cd /export/patches
      
    3. Download the patches.

      You can search for patches directly at http://sunsolve.sun.com. Navigate to the PatchFinder page, enter the patch number, click Find Patch, and download the appropriate patch.


      Note –

      Signed patches are downloaded as JAR files. Unsigned patches are downloaded as ZIP files.


    4. Unzip the patch files.


      # unzip 119963-08.zip
      # unzip 120011-14.zip
      
    5. Run patchadd to install the patches.


      # patchadd /export/patches/119963-08
      # patchadd /export/patches/120011-14
      

      Tip –

      You can use the -M option to install all patches at once. See the patchadd man page for more information.


    6. After installation is complete, run patchadd to verify that each patch was added successfully.


      # patchadd -p | grep 119963-08
      

      A series of patch numbers is displayed, and the patch 119963-08 is present.


      # patchadd -p | grep 120011-14
      

      A series of patch numbers is displayed, and the patch 120011–14 is present.

  2. Create a directory into which you can download the Web Server bits and change into it.


    # mkdir /export/WS7
    # cd /export/WS7
    
  3. Download the Sun Java System Web Server 7.0 Update 2 software from http://www.sun.com/download/products.xml?id=45ad781d.

    Follow the instructions on the Sun Microsystems Product Downloads web site for downloading the software.

  4. Unpack the software package.


    # gunzip sjsws-7_0u2-solaris-sparc.tar.gz
    # tar xvf sjsws-7_0u2-solaris-sparc.tar
    
  5. Run setup.


    # cd /export/WS7
    # ./setup --console
    
  6. When prompted, provide the following information.


    You will be asked to specify 
    preferences that determine how Sun Java 
    System Web Server 7.0U2 is installed 
    and configured.
    ...
    The installation program pauses as questions 
    are presented so you can read the 
    information and make your choice.  
    When you are ready to continue, press Enter
    (Return on some keyboards).

    Press Enter. 

    Continue to press Enter when prompted. 


    Have you read the Software License 
    Agreement and do you accept all terms [no] 
    {"<" goes back, "!" exits}?

    Enter yes.


    Sun Java System Web Server 7.0 
    Installation Directory [/sun/webserver7] 
    {"<" goes back, "!" exits}

    Enter /opt/SUNWwbsvr


    Specified directory /opt/SUNWwbsvr 
    does not exist. Create Directory? [Yes/No]
    {"<" goes back, "!" exits}

    Enter yes.


    Select Type of Installation
    
    1. Express
    2. Custom
    3. Exit
    
    What would you like to do? [1]
    {"<" goes back, "!" exits}

    Enter 2.


    Component Selection
    
    1. Server Core
    2. Server Core 64-bit Binaries
    3. Administration Command Line Interface
    4. Sample Applications
    5. Language Pack
    
    Enter the comma-separated list [1,2,3,4,5] 
    {"<" goes back, "!" exits}

    Enter 1,3,5.


    Java Configuration
    
    Sun Java System Web Server 7.0 requires 
    Java SE Development Kit (JDK). Provide the 
    path to a JDK 1.5.0_12 or greater. 
    
    1. Install Java SE Development Kit (JDK) 
       1.5.0_12
    2. Reuse existing Java SE Development Kit 
       (JDK) 1.5.0_12 or greater
    3. Exit
    
    What would you like to do? [1] 
    {"<" goes back, "!" exits}

    Enter 1.


    Administrative Options
    
    1. Create an Administration Server and a 
       Web Server Instance
    2. Create an Administration Node
    
    Enter your option. [1] 
    {"<" goes back, "!" exits}

    Enter 1.


    Create SMF services for server 
    instances [yes/no] 
    {"<" goes back, "!" exits}

    Enter no.


    Host Name [da-1.example.com] 
    {"<" goes back, "!" exits}

    Accept the default value. 


    SSL Port [8989] 
    {"<" goes back, "!" exits}

    Accept the default value. 


    Create a non-SSL Port? [yes/no] 
    {"<" goes back, "!" exits}

    Enter no.


    Runtime User ID [root] 
    {"<" goes back, "!" exits}

    Enter da80adm.


    Administrator User Name [admin]
    {"<" goes back, "!" exits}

    Accept the default value. 


    Administrator Password:

    Enter web4dmin.


    Retype Password:

    Enter web4dmin.


    Server Name [da-1.example.com] 
    {"<" goes back, "!" exits}

    Accept the default value. 


    HTTP Port [8080] 
    {"<" goes back, "!" exits}

    Enter 1080.


    Document Root Directory [/opt/SUNWwbsvr/
    https-da-1.example.com/docs] 
    {"<" goes back, "!" exits}

    Accept the default value. 


    Start Administration Server 
    [yes/no] {"<" goes back, "!" exits}

    Enter no.


    Ready To Install 
    
    1. Install Now
    2. Start Over
    3. Exit Installation 
    
    What would you like to do?

    Enter 1.

    When installation is complete, the following message is displayed:


    Installation Successful.
  7. (Optional) To verify that Web Server was installed with the non-root user, examine the file permissions.


    # cd /opt/SUNWwbsvr/admin-server
    # ls -al
    
    total 16
    drwxr-xr-x   8 root     root         512 Jul 19 10:36 .
    drwxr-xr-x  11 da80adm  staff        512 Jul 19 10:36 ..
    drwxr-xr-x   2 root     root         512 Jul 19 10:36 bin
    drwx------   2 da80adm  staff        512 Jul 19 10:36 config
    drwx------   3 da80adm  staff        512 Jul 19 11:09 config-store
    drwx------   3 da80adm  staff        512 Jul 19 10:40 generated
    drwxr-xr-x   2 da80adm  staff        512 Jul 19 10:40 logs
    drwx------   2 da80adm  staff        512 Jul 19 10:36 sessions

    The appropriate files and directories are owned by da80adm.

  8. Start the Web Server administration server.


    # su da80adm
    # cd /opt/SUNWwbsvr/admin-server/bin
    # ./startserv
    
  9. (Optional) Verify that the non-root user was able to start Web Server.

    1. Access https://da-1.example.com:8989 from a web browser.

    2. Log in to the Web Server console as the administrator.

      User Name:

      admin

      Password:

      web4dmin

      The Web Server administration console opens.

    3. Log out of the console and close the browser.

  10. Log out of the da–1 host machine.

ProcedureTo Create a Non-Root User on the Distributed Authentication User Interface 2 Host Machine

Create the non-root user using the roleadd command in the Solaris Operating Environment on the Distributed Authentication User Interface 2 (da-2) host machine.

  1. As a root user, log in to the da-2 host machine.

  2. Use roleadd to create a new user.


    # roleadd -s /sbin/sh -m -g staff -d /export/da80adm da80adm
    
  3. (Optional) Verify that the user was created.


    # cat /etc/passwd
    
    root:x:0:0:Super-User:/:/sbin/sh
    daemon:x:1:1::/:
    ...
    nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
    da80adm:x:227627:10::/export/da80adm:/sbin/sh
  4. (Optional) Verify that the user's directory was created.


    # cd /export/da80adm
    # ls
    
    local.cshrc    local.profile    local.login
  5. (Optional) Create a password for the non-root user.


    # passwd da80adm 
    New Password: da80a6m
    Re-ener new Pasword: da80a6m
    
    passwd: password successfully changed for da80adm

    Note –

    If you do not perform this step, you will not be able to switch user (su) when logged in as the non-root user.


ProcedureTo Install Sun Java System Web Server for Distributed Authentication User Interface 2

Before You Begin
  1. On the da-2 host machine, install required patches if necessary.

    In this case, the Release Notes indicate that based on the hardware and operating system being used, patch 117461–08, patch 119963–08, and patch 120011–14 are required.

    1. Run patchadd to see if the patches are already installed.


      # patchadd -p | grep 117461–08
      

      A list of patch numbers is displayed. This machine is already patched with 117461–08.


      # patchadd -p | grep 119963-08
      

      No results are returned which indicates that the patch is not yet installed on the system.


      # patchadd -p | grep 120011-14
      

      No results are returned which indicates that the patch is not yet installed on the system.

    2. Make a directory for downloading the patches you need and change into it.


      # mkdir /export/patches
      # cd /export/patches
      
    3. Download the patches.

      You can search for patches directly at http://sunsolve.sun.com. Navigate to the PatchFinder page, enter the patch number, click Find Patch, and download the appropriate patch.


      Note –

      Signed patches are downloaded as JAR files. Unsigned patches are downloaded as ZIP files.


    4. Unzip the patch files.


      # unzip 119963-08.zip
      # unzip 120011-14.zip
      
    5. Run patchadd to install the patches.


      # patchadd /export/patches/119963-08
      # patchadd /export/patches/120011-14
      

      Tip –

      You can use the -M option to install all patches at once. See the patchadd man page for more information.


    6. After installation is complete, run patchadd to verify that each patch was added successfully.


      # patchadd -p | grep 119963-08
      

      A series of patch numbers is displayed, and the patch 119963-08 is present.


      # patchadd -p | grep 120011-14
      

      A series of patch numbers is displayed, and the patch 120011–14 is present.

  2. Create a directory into which you can download the Web Server bits and change into it.


    # mkdir /export/WS7
    # cd /export/WS7
    
  3. Download the Sun Java System Web Server 7.0 Update 2 software from http://www.sun.com/download/products.xml?id=45ad781d.

    Follow the instructions on the Sun Microsystems Product Downloads web site for downloading the software.

  4. Unpack the software package.


    # gunzip sjsws-7_0u2-solaris-sparc.tar.gz
    # tar xvf sjsws-7_0u2-solaris-sparc.tar
    
  5. Run setup.


    # cd /export/WS7
    # ./setup --console
    
  6. When prompted, provide the following information.


    You will be asked to specify 
    preferences that determine how Sun Java 
    System Web Server 7.0U2 is installed 
    and configured.
    ...
    The installation program pauses as questions 
    are presented so you can read the 
    information and make your choice.  
    When you are ready to continue, press Enter
    (Return on some keyboards).

    Press Enter. 

    Continue to press Enter when prompted. 


    Have you read the Software License 
    Agreement and do you accept all terms [no] 
    {"<" goes back, "!" exits}?

    Enter yes.


    Sun Java System Web Server 7.0 
    Installation Directory [/sun/webserver7] 
    {"<" goes back, "!" exits}

    Enter /opt/SUNWwbsvr


    Specified directory /opt/SUNWwbsvr 
    does not exist. Create Directory? [Yes/No]
    {"<" goes back, "!" exits}

    Enter yes.


    Select Type of Installation
    
    1. Express
    2. Custom
    3. Exit
    
    What would you like to do? [1]
    {"<" goes back, "!" exits}

    Enter 2.


    Component Selection
    
    1. Server Core
    2. Server Core 64-bit Binaries
    3. Administration Command Line Interface
    4. Sample Applications
    5. Language Pack
    
    Enter the comma-separated list [1,2,3,4,5] 
    {"<" goes back, "!" exits}

    Enter 1,3,5.


    Java Configuration
    
    Sun Java System Web Server 7.0 requires 
    Java SE Development Kit (JDK). Provide the 
    path to a JDK 1.5.0_12 or greater. 
    
    1. Install Java SE Development Kit (JDK) 
       1.5.0_12
    2. Reuse existing Java SE Development Kit 
       (JDK) 1.5.0_12 or greater
    3. Exit
    
    What would you like to do? [1] 
    {"<" goes back, "!" exits}

    Enter 1.


    Administrative Options
    
    1. Create an Administration Server and a 
       Web Server Instance
    2. Create an Administration Node
    
    Enter your option. [1] 
    {"<" goes back, "!" exits}

    Enter 1.


    Create SMF services for server 
    instances [yes/no] 
    {"<" goes back, "!" exits}

    Enter no.


    Host Name [da-2.example.com] 
    {"<" goes back, "!" exits}

    Accept the default value. 


    SSL Port [8989] 
    {"<" goes back, "!" exits}

    Accept the default value. 


    Create a non-SSL Port? [yes/no] 
    {"<" goes back, "!" exits}

    Enter no.


    Runtime User ID [root] 
    {"<" goes back, "!" exits}

    Enter da80adm.


    Administrator User Name [admin]
    {"<" goes back, "!" exits}

    Accept the default value. 


    Administrator Password:

    Enter web4dmin.


    Retype Password:

    Enter web4dmin.


    Server Name [da-2.example.com] 
    {"<" goes back, "!" exits}

    Accept the default value. 


    HTTP Port [8080] 
    {"<" goes back, "!" exits}

    Enter 1080.


    Document Root Directory [/opt/SUNWwbsvr/
    https-da-2.example.com/docs] 
    {"<" goes back, "!" exits}

    Accept the default value. 


    Start Administration Server 
    [yes/no] {"<" goes back, "!" exits}

    Enter no.


    Ready To Install 
    
    1. Install Now
    2. Start Over
    3. Exit Installation 
    
    What would you like to do?

    Enter 1.

    When installation is complete, the following message is displayed:


    Installation Successful.
  7. (Optional) To verify that Web Server was installed with the non-root user, examine the file permissions.


    # cd /opt/SUNWwbsvr/admin-server
    # ls -al
    
    total 16
    drwxr-xr-x   8 root     root         512 Jul 19 10:36 .
    drwxr-xr-x  11 da80adm  staff        512 Jul 19 10:36 ..
    drwxr-xr-x   2 root     root         512 Jul 19 10:36 bin
    drwx------   2 da80adm  staff        512 Jul 19 10:36 config
    drwx------   3 da80adm  staff        512 Jul 19 11:09 config-store
    drwx------   3 da80adm  staff        512 Jul 19 10:40 generated
    drwxr-xr-x   2 da80adm  staff        512 Jul 19 10:40 logs
    drwx------   2 da80adm  staff        512 Jul 19 10:36 sessions

    The appropriate files and directories are owned by da80adm.

  8. Start the Web Server administration server.


    # su da80adm
    # cd /opt/SUNWwbsvr/admin-server/bin
    # ./startserv
    
  9. (Optional) Verify that the non-root user was able to start Web Server.

    1. Access https://da-2.example.com:8989 from a web browser.

    2. Log in to the Web Server console as the administrator.

      User Name:

      admin

      Password:

      web4dmin

      The Web Server administration console opens.

    3. Log out of the console and close the browser.

  10. Log out of the da–2 host machine.